Privacy Policy

Overview

OpenBook is built with a privacy-first philosophy.

Your training data lives on your device by default, remains under your control, and is never sold or shared for advertising.

This Privacy Policy explains what data we collect, why we collect it, how it is handled, and your rights.

OpenArcX is the data controller for personal data collected through OpenBook.

Data You Create

When you use OpenBook, you may create:

• Workout data - exercises, sets, reps, weight, duration, and other metrics
• Session notes - free-text notes attached to entries
• Routines and plans - custom routines and workout structures
• App preferences - settings such as dark mode, preferred units, and display options

All data you create remains under your control.

Where Your Data Is Stored

On Your Device (Default)

By default, all data is stored locally on your device in an SQLite database.

It does not leave your device unless you explicitly choose to sync or export it.

No account is required to use the app in this mode.

Cloud Sync (Optional)

If you create an account and subscribe to a paid plan, you may enable Cloud Sync.

When enabled:

• Data is encrypted in transit using HTTPS/TLS
• Data is stored securely on our backend powered by Supabase
• Cloud infrastructure may be located outside your country of residence

Disabling Cloud Sync stops future syncing between your device and our servers.

Previously synced cloud data remains stored until you request account deletion.

Account Information

If you create an account, we collect:

• Email address - used for authentication and one-time passcodes
• User ID - an internal identifier generated upon account creation

We do not collect your name, phone number, date of birth, or other direct personal identifiers.

Subscriptions and Payments

OpenBook offers optional monthly and yearly subscriptions.

Payments are processed entirely by:

• Apple App Store (iOS)
• Google Play Store (Android)

We do not receive or store your payment card details.

We use RevenueCat to manage subscription status and feature access.

RevenueCat receives a pseudonymous app user identifier and subscription-related metadata required to manage entitlements.

RevenueCat's Privacy Policy: https://www.revenuecat.com/privacy

Data Export

You may export your workout data at any time (Settings -> Export Data).

Exports are generated on your device and shared using your device's native share options.

We do not receive a copy.

Third-Party Services

We use a limited number of service providers:

Supabase - authentication and optional Cloud Sync storage

(Data shared: email address, user ID, workout data for Cloud Sync users)

RevenueCat - subscription management

(Data shared: pseudonymous user ID, subscription metadata)

Apple App Store / Google Play - payment processing

(We do not receive payment details)

We do not use advertising networks, behavioural analytics platforms, tracking SDKs, or data brokers.

We do not sell personal information.

Device Permissions

OpenBook may request:

Haptics - provides tactile feedback when logging sets and interacting with controls.

We do not request access to camera, microphone, location, contacts, photos, calendar, Health/HealthKit, or other sensitive device capabilities.

Children's Privacy

OpenBook is not directed at children under 13 (or 16 in the EU).

We do not knowingly collect personal data from children.

If you believe a child has provided personal information, please contact us and we will delete it promptly.

Data Retention and Deletion

• On-device data remains on your device until you delete the app or clear its data.
• Cloud data remains stored while your account exists.
• You may request deletion of your account and associated cloud data by contacting us at the email above. We may verify account ownership before processing deletion.
• Deletion requests are processed within 30 days.

Security

We implement reasonable safeguards, including:

• Encryption in transit (HTTPS/TLS)
• Secure, access-controlled cloud storage
• Separation of authentication and subscription systems

No system is completely secure. We comply with applicable laws regarding breach notification.

Legal Basis (Where Applicable)

Where required by law (such as the GDPR), we process personal data:

• To provide account authentication and Cloud Sync (performance of contract), and
• Based on your consent when enabling Cloud Sync.

Your Rights

Depending on your location, you may have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and associated data
• Export your data (available in-app)
• Withdraw consent for Cloud Sync by disabling it

To exercise these rights, contact us at the email above.

Changes to This Policy

We may update this Privacy Policy from time to time.

If material changes are made, we will update the Effective Date and notify users where appropriate.

Continued use of OpenBook after changes constitutes acceptance of the revised policy.

Contact

If you have questions about this Privacy Policy:

Email: your-support-email@openarcx.com

Developer / Data Controller: OpenArcX