LEGALPrivacy

Privacy Policy

Effective date: April 28, 2026 · Last updated: May 5, 2026

1. Introduction

STARK ("we", "us", or "our") is a fitness tracking application made in Sweden. This Privacy Policy explains what information STARK collects, how it is used, where it is stored, and your rights regarding your personal data. It applies to the STARK iOS and Android mobile applications (collectively, the "App").

We are committed to keeping your data minimal, transparent, and under your control. By using the App, you agree to the practices described in this policy.

2. Data We Collect and How

STARK collects two broad categories of data: data you actively provide, and data collected automatically to help improve the App.

2a. Data You Provide Directly

All of the following is stored exclusively in a local SQLite database and device SharedPreferences on your device. It is never uploaded to our servers and is not accessible to us.

• Display name (optional) — to personalise the profile header
• Workout sessions — start/finish times, duration — for history, weekly reports, and streaks
• Exercise logs — exercise name, sets, weight (kg or lbs), reps, timestamps — for progress tracking and personal records
• Workout templates and routines — for programme planning
• Workout notes (free text) — for session annotations
• Energy rating (1–5 per session, optional) — for self-reported performance tracking
• One-rep max per exercise (optional) — for the plate calculator and PR comparisons
• App preferences (theme, units, rest timer, notification toggle, weekly goal) — for personalisation

2b. Data Collected Automatically

• Anonymous usage events (see §3) — sent to Firebase (Google) — to understand feature adoption and improve the App
• Device/app diagnostics automatically collected by Firebase Analytics (device type, OS version, app version, language, country, session duration) — sent to Firebase (Google) — for crash analysis and usage metrics
• Last-app-open timestamp — stored locally only — to schedule inactivity reminder notifications

3. Firebase Analytics Events

STARK uses Firebase Analytics (provided by Google LLC) to collect anonymous, aggregated usage data. The following events are logged:

• onboarding_completed — user finishes first-run setup
• workout_created — user creates a new workout template
• workout_started — user begins a workout session
• workout_finished — user completes a session (includes: session duration in seconds, number of sets logged, total volume in kg — all aggregate numbers, not individual exercise details)
• routine_created — user creates a training routine
• weekly_report_viewed — user opens the weekly report screen
• exercise_added_to_workout — user adds an exercise during a session

These events contain no names, free-text notes, or individually identifiable fitness data. Firebase Analytics may associate events with a random analytics ID generated by the Firebase SDK; this ID is not linked to any account and cannot identify you directly.

Google's privacy practices for Firebase Analytics are described at firebase.google.com/support/privacy.

4. Local Notifications

STARK may send local push notifications to your device. These are generated and scheduled entirely on-device — no notification content is sent through a server, and we do not have access to whether or when you open a notification. Types include:

• Rest timer — alerts you when your rest period ends
• Workout reminder — reminds you of an in-progress session left open
• Weekly report — notifies you that your weekly summary is available (every Monday at 08:00 local time)
• Streak protection — reminds you to train when your streak may be broken
• Inactivity reminders — sent at 3, 7, and 14 days after your last app open

You can enable or disable all notifications at any time in the App under Settings → Notifications, or through your device's system notification settings.

5. Data We Do Not Collect

STARK does not collect or process the following:

• Your name, email address, phone number, or any account credentials
• Location data or GPS
• Photos, camera, or microphone access
• Contacts or address book
• Health data from Apple Health, Google Fit, or any third-party health platform
• Payment or financial information
• Biometric data
• Browsing history or cross-app tracking

There is no user account system. You are not required to sign up or provide any personal information to use any feature of STARK.

6. Data Storage and Security

On-device storage: All your fitness data (workouts, exercises, templates, notes) is stored in an encrypted SQLite database on your device, managed by the operating system's standard app sandboxing. We never transmit this data externally.

Firebase Analytics data: Anonymous analytics data is transmitted to Google's servers and stored in accordance with Google's data retention policies. Firebase Analytics data is retained for a maximum of 14 months by default, after which it is automatically deleted. For more information, see Google's data retention documentation at support.google.com/firebase/answer/7667196.

Data export: The App provides an Export Data feature (Settings → Data → Export Data) that lets you export your workouts, templates, exercises, and routines as a JSON or CSV file to any destination you choose. When you export, the file is created locally on your device and shared via the operating system's standard share sheet. STARK does not receive or retain a copy of your exported file.

7. Third-Party Services

STARK uses the following third-party services:

• Firebase Analytics (Google LLC) — anonymous usage events, device/OS metadata — for app analytics
• Firebase Core SDK (Google LLC) — anonymous installation ID — required to initialise Firebase
• Google Fonts (Google LLC) — your IP address may be sent to Google's font CDN — to display the Inter typeface in the App

No data is shared with advertising networks, data brokers, or any other third parties. We do not sell, rent, or trade your data.

8. Children's Privacy

STARK is not directed at children under the age of 13 (or the relevant minimum age in your jurisdiction). We do not knowingly collect personal data from children. Because STARK does not require any account creation and stores all fitness data locally on-device, no personal information is collected by us directly.

If you believe a child under the applicable age has provided personal information through any channel related to STARK, please contact us at the address below and we will take appropriate action.

9. Your Rights and Choices

Access and deletion (on-device data): All your fitness data lives on your device and is fully under your control. You can delete all data at any time via Settings → Data → Delete All Data. Uninstalling the App will permanently remove all locally stored data.

Opt out of analytics: Firebase Analytics respects the device-level "Limit Ad Tracking" or "Opt out of ads personalisation" setting on iOS and Android respectively. You may also reset your advertising identifier at any time in your device's privacy settings. Opting out does not affect core App functionality.

Notifications: You can disable all notifications in Settings → Notifications inside the App, or through System Settings → Notifications → STARK on your device at any time.

GDPR / EEA users: If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and applicable local laws, including the right to access, rectify, erase, restrict, and port your personal data, and to object to processing. Because STARK does not store any personal data on its own servers, these rights are exercised directly on your device. For Firebase Analytics data, Google acts as a data processor on our behalf. Contact us at the address below for any GDPR-related enquiries.

California / CCPA users: If you are a California resident, you have the right to know what personal information is collected, to request deletion, and to opt out of the sale of personal information. STARK does not sell personal information. The anonymous analytics data sent to Firebase does not constitute a "sale" under CCPA.

10. Data Retention

On-device data is retained indefinitely until you delete it manually (Settings → Data → Delete All Data) or uninstall the App.

Firebase Analytics data is retained for up to 14 months in accordance with Google's standard Analytics data retention period, after which it is automatically purged.

We do not retain any personal data on our own servers because we do not collect or transmit it.

11. Feedback Board

The Stark website offers a public feedback board at getstark.se/feedback.html where visitors can submit feature requests and bug reports, vote on submissions, and comment.

Cookie-based anonymous identity

To enforce one-vote-per-person and prevent duplicate submissions without requiring an account, we store a randomly generated anonymous identifier ("voter ID") in a cookie called stark_vid. This cookie is set when you first interact with the feedback board (submit, vote, or comment). It contains a random 128-bit value signed with an HMAC to prevent forgery. The cookie expires after one year and is marked HttpOnly and SameSite=Lax. No personal information is encoded in the cookie.

IP address handling

When you submit, vote, or comment, your IP address is hashed with a server-side secret using SHA-256 before storage. The raw IP address is never written to our database. The hashed value is used solely for rate-limiting (e.g. preventing more than 5 submissions per hour from the same source) and cannot be reversed to recover your IP address.

Optional email on submissions

When submitting a feature request or bug report, you may optionally provide your email address. This is used only to follow up on your submission (e.g. to request more detail or notify you when the status changes). Your email is never shared with third parties and is not used for marketing. You can submit without providing an email address at any time.

Comment content

Comments are stored as plain text. Do not include sensitive personal information in submissions or comments. Comments are publicly visible to all visitors of the feedback board.

Moderation and deletion

We may remove submissions or comments that contain spam, harassment, or inappropriate content. If you wish to have a submission or comment removed, contact us at info@getstark.se with the title of the post.

Clearing the cookie

You can clear the stark_vid cookie at any time through your browser settings. Doing so will result in a new anonymous identity being assigned on your next interaction with the feedback board. Your previous submissions and votes will remain but will no longer be associated with your new identity.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. If changes are material, we will notify you within the App or through the App Store update notes. Your continued use of STARK after any changes constitutes your acceptance of the updated policy.

We encourage you to review this page periodically to stay informed about how we protect your information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the data practices of STARK, please contact us:

STARK — Fitness Tracker
Made in Sweden
Email: info@getstark.se

We will respond to all privacy enquiries within 30 days.

© 2026 STARK. Made in Sweden. All rights reserved.