Privacy Policy
Effective July 3, 2026
Notch ("the app") is a personal fitness planner. This policy explains what the app does with your data and what we, the developer, can and cannot see.
The short version
- Your fitness data stays yours. Your plan, profile, workouts, and the health data the app reads live on your device and — if you have iCloud enabled — in your own private iCloud database, which Apple end-to-end encrypts. We have no ability to read it, and we do not copy it to any server.
- Notch is currently invite-only, so we do store one piece of personal data: the email address you enter to request access, plus a timestamped record that you accepted our Terms. This is kept on a small server we operate — see "Invite-only access" below.
- The app reads health and calendar data, and connects to third-party services like Whoop, Oura, intervals.icu, and Google Health, only after you grant explicit permission. Data from those services flows directly between your device and the provider.
- We collect anonymous crash and product usage data to fix bugs and prioritize improvements. No personal information, health data, or content from your connected services is included. You can turn this off in Settings → Diagnostics.
- There are no advertising or cross-app tracking SDKs in the app.
- The servers we operate handle the invite-only access gate and an optional webhook relay for connected services. Neither stores your fitness, health, or calendar data.
Invite-only access
Notch is currently invite-only. To request access, you enter your email address on the opening screen. We use it only to grant and recognize your access — we don't email you, and we never use it for marketing.
- What we collect. Your email address only. No IP address, no password, no name, no payment details.
- Consent record. Before using the app, you tap to accept the health disclaimer and Terms of Use; we keep a timestamped record that you did.
- Where it's held. This information is stored on our servers and with the service providers that host our infrastructure and deliver our email. It is not shared with anyone else, and your fitness, health, and calendar data are never part of it.
- Retention and deletion. Unapproved requests expire automatically after 30 days; approved and consent records are kept while Notch remains invite-only. You can delete your access record and consent history at any time from Settings → Delete account in the app, or through our contact form.
What the app reads (with your permission)
Apple Health. With your permission, Notch reads — but does not write — workouts, calories burned, sleep, heart-rate variability, and resting heart rate to compute your weekly progress, your training load, and your Freshness score. Health data is read on-device and is not transmitted to anyone other than Apple's own iCloud (if you have Health iCloud sync enabled).
Apple Calendar. With your permission, Notch reads your calendars to find open time for workouts, and writes the workouts you schedule as events to a calendar you choose. The app respects your "Check for conflicts" selection in Settings — it only reads calendars you've opted in to.
Notifications. If you enable notifications, Notch schedules local reminders for upcoming workouts. These are delivered by your device; nothing leaves the device.
Connected services
Notch can connect to third-party fitness platforms to read your training and recovery data, and to write your planned workouts back to their calendars. Connections are opt-in per provider, authorized over OAuth in a system-managed browser sheet, and revocable at any time from Notch's Settings → Connections or from the provider's own "Connected apps" page.
Whoop. With your authorization, Notch reads your recovery score, heart-rate variability, resting heart rate, sleep stages, and recorded workouts. Read frequency is on app launch and on manual refresh. Notch does not write data to Whoop.
intervals.icu. With your authorization, Notch reads your activities, wellness data (HRV, resting heart rate, sleep, fitness/fatigue/form scores), and athlete profile. Notch may also write planned workouts to your intervals.icu calendar as calendar events so the two stay in sync. Authorization uses OAuth 2.0 with granular scopes — you see and approve each scope at connect time.
Oura. With your authorization, Notch reads your readiness and sleep data — sleep stages, heart-rate variability, resting heart rate — and recent activity. Authorization uses OAuth 2.0; data is read on app launch and on manual refresh. Notch does not write data to Oura.
Google Health. With your authorization, Notch reads exercise sessions, sleep, body weight, heart rate, calories, and steps from Google Health. Because Google requires it, the OAuth sign-in and token exchange pass through a small function on our Vercel server, which relays Google's response back to your device; your Google health data itself flows directly to your device and is not stored on that server. Data is read on app launch and on manual refresh. Notch does not write data to Google Health.
How connection credentials are stored. OAuth access and refresh tokens for connected services are stored in the iOS Keychain on your device, protected by your device passcode. They never leave the device except as bearer tokens in API requests to the issuing provider.
Diagnostics and product analytics
To find bugs and understand which features actually get used, Notch sends anonymous diagnostic and usage data to a small number of third-party providers:
- Sentry (sentry.io) — receives crash reports, error stack traces, and breadcrumbs leading up to a crash, from the iOS app. Hosted in the United States.
- PostHog (us.posthog.com) — receives product event names ("onboarding finished," "workout scheduled," etc.) and lightweight properties (workout type, intensity tier, counts), from the iOS app. Hosted in the United States.
- Vercel Web Analytics (vercel.com) — receives anonymous page-view counts and referrer information for the public website at notchfitness.app. No cookies, no cross-site tracking. Visitor identifiers are hashed and rotate daily.
Each install gets one anonymous UUID, stored on your device, that both providers use to group events from the same install. This identifier is not tied to your Apple ID, email, name, IP-based location, or anything from your connected services. No health data, calendar contents, workout notes, or content from Whoop / intervals.icu is ever sent to either provider.
You can disable analytics entirely in Settings → Diagnostics. Both providers honor the opt-out at runtime, no app restart needed.
What we do not do with analytics
- We do not link the install identifier to any identity-bearing field.
- We do not track you across other apps or websites (no IDFA, no App Tracking Transparency prompt).
- We do not sell or share the analytics data with third parties beyond the providers above.
Our webhook relay
If you have intervals.icu connected and webhooks are enabled, intervals.icu will send "new data available" pings to a small server we operate. That server (a stateless function hosted on Vercel) forwards each ping to your device via Apple Push Notification service, then discards it. The relay does not store the underlying fitness data; it only passes a small notification through. Standard operational logs (HTTP status codes, error messages, timestamps) are retained briefly by Vercel for debugging and are not associated with your identity or health data.
You can disable this by disconnecting intervals.icu from Notch or by turning off "Background updates" in Settings → Connections.
What the app stores
Your plan, profile, goal, weekly composition, completed workouts, time windows, and similar information are stored in SwiftData on your device. If you have iCloud Drive / iCloud sign-in enabled, this data is also kept in your private iCloud database, which is encrypted and accessible only to you across your Apple devices. We do not have a copy of this data and cannot see it.
What we do not do
- We do not have passwords or paid accounts for Notch. While the app is invite-only, requesting access does involve giving us an email address, as described in "Invite-only access."
- We do not store your fitness, health, or calendar data on any server we operate. The only personal data on our servers is the invite-access email and consent record described above.
- We do not use any advertising or cross-app tracking SDKs.
- We do not sell or rent your data. Beyond the analytics providers named above, it is handled only by the service providers that host our infrastructure and deliver our email, each solely for the purpose described in this policy.
- We do not profile you for targeted advertising.
Your choices and rights
- Disable a permission. You can revoke Health or Calendar access at any time from iOS Settings → Privacy.
- Disconnect a connected service. Settings → Connections lets you sign out of Whoop or intervals.icu at any time. You can also revoke Notch from the provider's own "Connected apps" page.
- Turn off analytics. Settings → Diagnostics → "Share anonymous usage data" stops all event reporting to Sentry and PostHog immediately.
- Delete your data. Settings → "Reset all data" removes everything the app has stored locally. Uninstalling the app deletes the local store; iCloud-synced data is removed when you delete the app from all your signed-in devices, or by signing out of iCloud. To delete your invite-access email and consent record from our server, use our contact form.
- Withdraw notifications. Disable in iOS Settings → Notifications.
Children
The app is not directed at children under 13 and we do not knowingly collect data from them.
Changes
If this policy ever changes, we'll update this document and note the effective date above. Material changes will be surfaced in-app.
Contact
Questions or concerns? Reach us through our contact form.