Legal
Privacy Policy
Effective date: March 19, 2026
The short version: Spinify collects only what is needed to run your ride. Your health and fitness data stays on your device and in your private iCloud container. We do not sell your data. We do not serve third-party ads. We use anonymous usage analytics to improve the app.
1. Who we are
Spinify (“Spinify,” “we,” “our,” or “us”) is an iOS indoor cycling application. For privacy inquiries, contact us at support@spinify.fit.
2. Data we collect and why
Spinify collects the minimum data necessary to deliver the cycling experience. Here is what we access and why:
Account identity and CloudKit sync. Required for Sign in with Apple.
Stored: CloudKit private container, until account deletion
Profile display and leaderboards. Sourced from Sign in with Apple or entered by you.
Stored: CloudKit public database (visible to other users), until account deletion
Account recovery. You may choose to hide your email through Sign in with Apple.
Stored: Not shared with third parties, until account deletion
Display live heart rate during rides when an HR monitor is connected via HealthKit or Bluetooth.
Stored: Session only — not persisted by Spinify. Workout summaries written to Apple Health with your permission.
Workout summary display. Exported to Apple Health via HealthKit.
Stored: Saved to HealthKit via workout export
Heart rate zone calculation and calorie estimation. Entered by you in your profile.
Stored: CloudKit private container, until account deletion. Never shared with third parties.
Real-time ride metrics from your paired BLE spin bike sensor.
Stored: Session metrics in CloudKit private container. Aggregate stats sent to PostHog (no PII).
Progress tracking, personal stats, and community stats (e.g. creator ride completion counts).
Stored: CloudKit private container (your history) and public container (anonymized completion counts), until account deletion
Ride analytics to understand how music affects workouts. No song IDs, titles, or artist names are collected.
Stored: PostHog (US-hosted, anonymized). Retained per PostHog policy (90 days).
Read your playlists and track metadata (BPM/tempo) to set cadence targets. Control playback during a ride session.
Stored: Not stored by Spinify — streamed directly from Apple Music
Understand which features are used, how the app performs, and where users encounter problems. Helps us prioritize improvements.
Stored: PostHog (US-hosted, anonymized). No personal identifiers attached.
Bug fixing and stability monitoring. Includes stack traces, device model, and OS version.
Stored: Sentry (US-hosted, anonymized). Retained for 90 days.
Entitlement management for subscriptions and one-time purchases.
Stored: Managed entirely by Apple via StoreKit. Spinify never receives payment details.
3. How we use your data
- •Deliver the core cycling experience — ride tracking, cadence targets, and music sync
- •Calculate heart rate zones and calorie estimates based on your profile
- •Sync your ride programs and results across your devices via iCloud
- •Display community features like leaderboards and shared ride programs
- •Analyze anonymous usage patterns to improve the app
- •Monitor crashes and fix bugs to improve stability
- •Process in-app purchases and manage your subscription
4. Who we share data with
We do not sell, rent, or trade your personal data. We share data only with the following service providers, strictly for the purposes described:
Anonymous usage events — which screens are visited, how often features are used, and aggregate ride metrics. Events do not include personal identifiers, HealthKit data, or music library information. US-hosted.
Crash reports including stack traces, device model, and OS version. No personal identifiers are attached. Reports are automatically deleted after 90 days. US-hosted.
Apple provides the infrastructure for data storage (CloudKit), health data (HealthKit), music playback (MusicKit), and payments (StoreKit). Apple's privacy policies govern how they handle this data.
5. HealthKit data
Health data from HealthKit (heart rate, active calories) is displayed during rides and saved to Apple Health when you export a workout. It is never sent to our servers, shared with third parties, or used for advertising. HealthKit data stays entirely on your device and within Apple's ecosystem.
6. CloudKit and iCloud
Ride programs you create, ride results, and share codes you generate are stored in CloudKit — Apple's cloud database tied to your Apple ID. Your private ride data is stored in a private CloudKit container that only you can access. Shared programs (those you publish with a SPIN-XXXX code) are written to a public CloudKit container so other riders can import them.
Spinify does not operate its own servers. We have no access to your private iCloud data. Apple's iCloud privacy policy governs how Apple handles CloudKit data.
7. Your rights
View your data in the app — your profile, ride history, and programs are all visible within Spinify.
Delete your account and all associated data via Settings → Delete Account & Data. This removes your data from both private and public CloudKit containers.
Disable anonymous usage analytics via Settings → Privacy → Share Analytics. This stops all PostHog event collection.
Export your ride data via Settings → Export Ride Data.
Revoke HealthKit, MusicKit, or Bluetooth permissions at any time in iOS Settings.
8. Data retention
- •Account data — retained until you delete your account
- •Ride data — retained in CloudKit until you delete individual rides or your account
- •Heart rate — session only, not persisted by Spinify
- •Analytics events — PostHog retains for 90 days
- •Crash reports — Sentry retains for 90 days
- •Purchase records — managed by Apple
9. Children's privacy
Spinify is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information through Spinify, please contact us at support@spinify.fit and we will delete it promptly.
10. Cross-border data transfers
Your ride data and account information are processed by Apple via CloudKit — see Apple's Data Processing Addendum for details on where and how Apple processes CloudKit data.
PostHog and Sentry are US-hosted services. If you are located outside the United States, your anonymous analytics and crash data may be transferred to the US. These transfers rely on Standard Contractual Clauses (SCCs) per each provider's respective Data Processing Agreements.
11. GDPR (European Economic Area)
If you are in the EEA, the following applies:
- •Lawful basis: Legitimate interest for anonymous analytics; contract performance for core app functionality; consent for optional features (HealthKit, MusicKit).
- •Your rights: Access, rectification, erasure, data portability, restriction of processing, and objection. Exercise these via Settings → Delete Account & Data or by contacting us.
- •A Data Protection Officer is not required given our small-scale processing.
12. CCPA (California)
If you are a California resident, the following applies under the California Consumer Privacy Act:
- •Right to know: You can request what personal information we collect (see Section 2).
- •Right to delete: Delete your data via Settings → Delete Account & Data.
- •Do Not Sell: We do not sell your personal information. We have never sold personal information and have no plans to do so.
13. Security
Spinify relies on Apple's platform security for all data storage and transmission. Data in transit uses TLS encryption. Authentication credentials are stored in the iOS Keychain. CloudKit provides encryption at rest for all stored data. We do not operate custom servers and therefore do not maintain server-side encryption infrastructure.
14. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top. Material changes will be announced in the app. Continued use of Spinify after changes are posted constitutes your acceptance of the updated policy.
15. Contact
Questions about this Privacy Policy or how your data is handled? Contact us at support@spinify.fit.