Last updated: April 2026
RYVVA ("we", "us", "our") operates ryvva.run, a fitness tracking and training application. We take your privacy seriously. This policy explains what data we collect, why we collect it, how we store it, and what rights you have. We have written this in plain English so you can actually understand it.
When you use RYVVA, we collect the following personal data:
Every piece of data we collect serves a clear purpose:
We do not collect data for the sake of it. If a data point does not serve you, we do not ask for it.
Your data is stored in a PostgreSQL database hosted by Supabase, a trusted infrastructure provider. All data is encrypted at rest using AES-256 encryption. Data in transit is protected using TLS 1.2+ encryption. Supabase infrastructure is hosted in AWS data centres and is SOC 2 Type II certified. Access to your data is managed through Supabase's authenticated dashboard with role-based access controls. We do not have direct access to the underlying servers — all administration goes through Supabase's secure management layer.
We use a small number of trusted third-party services to operate RYVVA:
We do not sell your data to anyone. Ever. No exceptions.
Under UK and EU GDPR, you have the following rights over your personal data:
To exercise any of these rights, email us at [email protected]. We will respond within 30 days.
We retain your personal data for as long as your account is active. When you delete your account, all your personal data is permanently deleted from our systems within 30 days. We do not keep shadow copies or hidden backups of deleted accounts. Aggregated, anonymised data that cannot be linked back to you may be retained for analytical purposes.
RYVVA uses session cookies only. These are essential for keeping you logged in and maintaining your session. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies. No cookie consent banner needed because we only use strictly necessary cookies.
RYVVA is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will delete that data immediately. If you believe a child under 16 has provided us with personal data, please contact us at [email protected].
Under UK and EU GDPR, we process your data on the following legal bases:
Some of our third-party service providers operate outside the UK/EEA. Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and UK addendums where required.
We may update this privacy policy from time to time. If we make significant changes, we will notify you via email or an in-app notification. Your continued use of RYVVA after changes are posted constitutes your acceptance of the updated policy.
If you have any questions about this privacy policy or how we handle your data, contact us at: [email protected]
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.