Privacy Policy
This Privacy Policy explains what personal data the Plates app collects, why we collect it, who processes it on our behalf, and the choices you have. We designed Plates to collect as little as possible: we do not track you across other apps or websites, we serve no third-party advertising, and we do not sell your data.
1. Summary
| What | Detail |
|---|---|
| Cross-app/site tracking | None. No IDFA, no App Tracking Transparency prompt. |
| Advertising | None. |
| Sale of personal data | Never. |
| Account required | Yes — sign-in is handled by Clerk (email + optional name). |
| Delete your data | Self-serve, in-app — Settings → Account → Delete Account erases everything. |
2. Data we collect
We collect only what the App needs to function and to stay reliable.
Account & identity (provided by you, via Clerk)
- Email address — to create and sign in to your account.
- Name — optional first / display name, if you provide one.
- User ID — a stable identifier for your account, used to associate your workout data with you and to identify you in our analytics and crash tooling.
Your fitness content (created by you)
- Workouts, exercises, programs, plate/equipment settings, units, rest-timer preferences, and similar data you enter while using the App. This is stored on your device and synced to our backend so it is available across your devices.
Usage analytics (PostHog)
- Product-interaction events — explicit actions such as “workout logged” or “program activated,” used to understand how the App is used and improve it.
- Autocapture and session replay are disabled; we do not record your screen or capture every tap. Events may include non-personal context (e.g. an exercise or program name) but never your email or display name.
Diagnostics (Sentry)
- Crash reports and performance/diagnostic data, used to find and fix bugs and keep the App stable. These are scrubbed of personal information before transmission.
We do not collect precise location, contacts, photos, health-kit data, advertising identifiers, or financial information.
3. How we use your data
- Provide the App — authenticate you, store and sync your fitness content.
- Improve the App — understand feature usage through aggregate analytics.
- Keep it reliable — diagnose crashes and performance problems.
- Communicate with you — respond to support requests you send us.
We process this data to perform our contract with you (providing the App) and on the basis of our legitimate interest in keeping the App secure and functional.
4. Service providers (sub-processors)
We use the following processors. Each handles data only on our instructions and under its own security and privacy commitments:
| Provider | Role | Data it processes |
|---|---|---|
| Clerk | Authentication & identity | Email, name, user ID |
| PostHog | Product analytics | Product-interaction events, user ID |
| Sentry | Crash & performance monitoring | Crash/diagnostic data, user ID |
| Railway | Application hosting | Your synced fitness content (in transit/at rest) |
| Neon | Managed PostgreSQL database | Your synced fitness content |
5. Where your data is stored
Your account and fitness content are stored in a managed PostgreSQL database (Neon) accessed by our backend hosted on Railway. Data may be processed in the United States and/or other regions where our providers operate.
6. Data retention
- Account & fitness content — kept while your account exists.
- Analytics & diagnostics — retained per our providers’ default retention windows.
- When you delete your account (see below), we erase your account and fitness content as described.
7. Your rights and choices
- Delete your account and data — In the App, go to Settings → Account → Delete Account. On confirmation, we hard-delete all of your rows from our database and delete your authentication record at Clerk. This is irreversible.
- Access, correction, or a copy of your data — email us at logan@clearcontracts.io and we will respond as required by applicable law.
- Marketing — we do not send marketing email; the only messages you receive are transactional or in response to your requests.
Depending on where you live (e.g. the EEA/UK under GDPR, or California under the CCPA/CPRA), you may have additional rights, including the right to lodge a complaint with your data-protection authority. We do not sell or “share” personal information as those terms are defined under California law.
8. Children’s privacy
Plates is not directed to children under 13 (or the minimum age in your jurisdiction), and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact us and we will delete it.
9. Security
We use industry-standard measures — encrypted transport (HTTPS), authenticated APIs, and reputable infrastructure providers — to protect your data. No method of transmission or storage is perfectly secure, but we work to protect your information and respond to incidents.
10. Changes to this policy
We may update this policy from time to time. We will post the updated version at https://clearcontracts.github.io/plates/privacy/ and revise the “Effective date” above. Material changes will be communicated as required by law.
11. Contact
Questions or requests about this policy or your data: logan@clearcontracts.io — Clear Contracts, Inc.