Privacy Policy

Racked (“Racked”) is operated by Lili Janine Ong, trading as Songer Technologies(“Songer Technologies”, “we”, “us”). This policy explains exactly what Racked does and does not do with your data. It is written to be accurate to the app’s real behavior, not to a template.

Contact: hello@songertech.com

1. Accounts and identity

• Anonymous by default. On first launch Racked creates an anonymous account — a random identifier with no personal information. You can use the entire app this way.
• Optional Sign in with Apple or Google. If you choose to sign in (to back up and restore your data, or to restore a subscription), we receive from Apple or Google your email address (with Sign in with Apple this may be an Apple private-relay address) and, if you choose to share it, your name. We use this only to operate your account and sync your data across your devices. We do not email you marketing.

2. What you import, and how it is processed

When you import a workout from a TikTok, Instagram, or YouTube link:

• Our backend temporarily downloads the public video at that link, extracts still keyframes, and transcribes the audio on our own server (the audio itself is not sent to any third party).
• The extracted keyframes and the text transcript are sent to Anthropic (Claude) to produce the structured workout (exercises, sets, reps). Anthropic processes this to return the result and does not use it to train models on our behalf.
• The downloaded video, audio, and frames are deleted immediately after processing — they are not retained.
• We keep a de-identified cache of the parsed result, keyed by the video link (or a content hash), so the same public video isn’t re-processed. This cache contains only the workout data and no information about you.
• The original videos belong to their creators and platforms; their use is governed by those platforms’ own terms and privacy policies.

3. What we store

Tied to your account (anonymous or signed-in):

• Your content:saved routines, completed workout history, folders, notes, the source link you imported from, and any text you submit when you “report a bad import”.
• A cover thumbnail derived from the video. Thumbnails are stored in cloud object storage and served from a publicly accessible URL (not listed or indexed by us, but not access-controlled). Do not import videos whose first frames you would not want viewable by someone with that URL.
• Subscription status (whether you have Racked Pro), via Apple and RevenueCat. We never receive or store your payment-card details — Apple handles all payment.
• Abuse-prevention identifiers: a randomly generated device identifier (resets when you reinstall), your account identifier, and an Apple App Attest key. These exist solely to stop automated abuse of our paid AI processing and are not used for advertising or tracking.
• A processing-cost ledger: a record that a parse occurred and its cost, used to enforce usage limits and detect abuse.
• Anonymous analytics & crash reports. We use PostHog (product analytics) and Sentry (crash/error reporting), on the device and our backend, to understand which features are used and to fix crashes. These are configured to be privacy-light: identified only by an anonymous identifier— never your email or name (on the app a random analytics id; on our backend your anonymous account id, a random UUID, so related events can be correlated) — coarse events only (e.g. “import succeeded”, screen opened), crash diagnostics with IP and personal fields stripped. No content (no video links, routine names or notes), no advertising, and no tracking across other apps or websites. You can turn this off entirely in Settings → Privacy → Help improve Racked — opting out stops it immediately.

Our hosting providers keep standard server logs (including IP address and timestamps) for security and abuse prevention, retained for a limited period.

4. Who processes data for us (sub-processors)

These providers are primarily based in the United States; using Racked may involve transferring data to the U.S.

5. What we do NOT do

• No advertising, ad SDKs, or ad identifiers.
• No tracking across other apps or websites, and no use of advertising identifiers — so there is no App Tracking Transparency prompt. Our analytics are first-party and anonymous, never shared for cross-app tracking or with data brokers.
• No behavioral profiling tied to a real-world identity; analytics are keyed only to an anonymous identifier (never your email or name) and you can opt out.
• No selling or renting of personal data.
• Not directed to children; we do not knowingly collect data from children under 13 (or the equivalent age in your region).

6. Retention and deletion

• Imported video/audio/frames: deleted right after processing.
• Your routines and history: kept until you delete them or your account is deleted.
• In the app you can clear your workout history at any time (Settings → Your data → Clear workout history).
• Account & data deletion: you can permanently delete your account and all associated data at any time in the app at Settings → Delete account & all data. You can also request deletion by emailing hello@songertech.com.

7. Security

Data in transit is encrypted with TLS. Database access is restricted with row-level security. Paid processing is gated by Apple App Attest to ensure requests come from the genuine app. No system is perfectly secure, but we design to minimize what we hold.

8. Your rights

Depending on where you live (e.g. EEA/UK GDPR, California CCPA), you may have rights to access, correct, export, or delete your data, and to object to certain processing. Because anonymous accounts hold no personal data, these rights mainly apply once you have signed in. Contact us at hello@songertech.com to exercise them.

9. Changes

We will update this policy as the app changes and revise the effective date above. Material changes will be surfaced in the app.

10. Contact