Privacy Policy

Effective Date: March 10, 2026

Next Frame Innovations LLC ("we," "us," or "our") operates the Arcus mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Arcus.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email address and display name for account identification
• Authentication credentials managed securely through Firebase Authentication (Google Sign-In, Apple Sign-In, or email/password)

1.2 Profile and Fitness Data

During onboarding and app usage, you may provide:

• Body measurements: height, weight, age, biological sex
• Fitness information: experience level, training goals, training days per week, session duration preferences, equipment access
• Health information: pain areas, movement restrictions, injuries
• Workout data: exercise logs, sets, reps, weights, personal records, workout completion history

1.3 Health Data (Apple HealthKit)

With your explicit permission, Arcus may read and write data from Apple HealthKit, including:

• Heart rate, heart rate variability (HRV), and resting heart rate
• Sleep analysis data
• Active energy burned and activity data
• Workout sessions

We never sell, share with advertisers, or use HealthKit data for any purpose other than providing health and fitness features within Arcus. HealthKit data is not stored on external servers or shared with third parties.

1.4 Wearable Device Data

If you connect third-party wearable devices (WHOOP, Garmin, Polar, Oura, Fitbit), we receive fitness and recovery data through their official APIs. This data is used solely to enhance your training experience within Arcus.

1.5 Automatically Collected Information

We may collect device information (device model, operating system version) and app usage analytics to improve performance and fix bugs. We do not track you across other apps or websites.

2. How We Use Your Information

We use your information to:

• Create and manage your account
• Generate personalized workout programs using AI (see Section 3)
• Track your workout progress, personal records, and training history
• Provide periodized training recommendations
• Integrate with Apple Health and wearable devices for recovery insights
• Improve app functionality and fix technical issues
• Send service-related notifications (e.g., workout reminders)

3. AI-Powered Workout Generation

Arcus uses Anthropic's Claude AI service to generate personalized workout programs. When you request a workout program, the following data is sent to Anthropic's servers for processing:

• Training goals and experience level
• Training days per week and session duration
• Equipment access
• Pain areas and movement restrictions
• Variety preferences

What is NOT sent to Anthropic:

• Your name, email address, or any personally identifiable information
• HealthKit data
• Wearable device data
• Workout logs or personal records

Anthropic processes this data solely to generate your workout program and does not retain it for training AI models. For more information, see Anthropic's Privacy Policy.

You will be asked to consent to AI-powered workout generation before any data is sent to Anthropic. You may decline, though this will limit the app's ability to generate personalized programs.

4. Data Storage and Security

Your data is stored securely using Google Firebase (Firestore database, Firebase Authentication). Firebase provides:

• Encryption in transit (TLS) and at rest
• SOC 1, SOC 2, and SOC 3 compliance
• ISO 27001 certification

We implement Firestore Security Rules to ensure users can only access their own data. No one, including our team, can access another user's workout data without authorization.

5. Data Sharing

We do not sell your personal information. We share data only with:

• Anthropic (Claude AI): De-identified fitness preferences for workout generation (see Section 3)
• Google Firebase: Infrastructure provider for data storage and authentication
• Wearable providers: Only the OAuth tokens necessary to sync your data, and only when you explicitly connect a device

We may disclose information if required by law, court order, or to protect the safety of our users.

6. Your Rights and Choices

You have the right to:

• Access your data: View all your information within the app
• Correct your data: Update your profile and preferences at any time
• Delete your account: Request account deletion by contacting us at support@arcus.training. This permanently removes all your data from our servers
• Revoke HealthKit access: Manage permissions in iOS Settings > Health > Data Access & Devices
• Disconnect wearable devices: Remove integrations through the app's settings
• Opt out of AI generation: Decline the AI consent prompt during onboarding

7. Data Retention

We retain your data for as long as your account is active. Upon account deletion:

• All personal data is permanently deleted from our servers within 30 days
• Anonymized, aggregated data (e.g., total user count) may be retained for analytics

8. Children's Privacy

Arcus is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it promptly.

9. International Users

Your data is processed in the United States. By using Arcus, you consent to the transfer of your information to the United States and processing in accordance with this Privacy Policy.

For EU/EEA users: We process your data based on your consent (for AI generation and health data) and legitimate interest (for providing the service). You have the right to withdraw consent, access, rectify, erase, restrict processing, and port your data under GDPR.

For California residents: Under CCPA, you have the right to know what personal information we collect, request deletion, and opt out of data sales. We do not sell personal information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or by email. Continued use of Arcus after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Next Frame Innovations LLC
Email: support@arcus.training