← Back to home

Privacy Policy

Last updated: April 9, 2026

Who We Are

Ratz is operated by We6 Oy. This policy explains what data we collect, why we collect it, and how we handle it. When we say "Ratz", "we", "us", or "our", we mean We6 Oy.

Data We Collect

We collect the following information:

• Account info: email address, handle (username), and password (stored securely hashed). We do not collect your real name or physical address. You are identified within the app by your handle only.
• Profile data: your selected gym (chosen from a list, no location tracking)
• Workout data: check-in times, muscle groups trained, workout duration, workout notes, and streak history
• Social data: who you follow and who follows you, follow requests
• Push notification tokens: device tokens used to deliver push notifications
• Device info: device type and operating system (for app compatibility)
• Spotify data: if you connect your Spotify account, we temporarily store your currently-playing track information to display during workouts. This data is not retained long-term.

Third-Party Authentication

We currently support email/password authentication. We plan to add Apple Sign In and Google Sign In in the future. When using third-party sign-in, we receive only your email address and a unique identifier — we do not receive or store your third-party account password.

Analytics

• App analytics: we use PostHog to collect anonymized usage data such as feature usage, screen views, and app performance. This data helps us improve the app experience and is processed by PostHog in accordance with their privacy policy.
• Website analytics: we use Google Analytics on our website (ratz.app) to collect anonymized usage data such as pages visited, time on site, referral source, and general location (country/city level). This data is collected via cookies and is processed by Google in accordance with their privacy policy.

Data We Do Not Collect

• We do not collect your real name, physical address, or phone number
• We do not collect GPS or precise location data — your gym is selected manually from a list
• We do not collect payment information directly (future payments will be processed by Stripe)

How Your Data Is Used

Your data is used to:

• Provide core app features: workout tracking, streaks, history, and check-ins
• Power social features: showing gym members, the leaderboard, and follow relationships
• Display your profile (handle, gym, workout activity) to other users at your gym and your followers
• Send push notifications (workout reminders, social activity)
• Send account-related emails (password reset, confirmation)
• Analyze app usage to improve the experience (via PostHog)
• Analyze website traffic (via Google Analytics)

Data Sharing

We do not sell your personal data. Your data is shared only in these ways:

• With other users: your handle, gym, workout activity, and streak are visible to members at your gym and your followers. You can hide your live gym status from your profile settings.
• Service providers: we use the following third-party services to operate Ratz:
  • Supabase — authentication and data storage
  • PostHog — app analytics
  • Google Analytics — website analytics
  • Spotify — music integration (only if you connect your account)
  • Apple/Google — push notification delivery
  Each provider processes data in accordance with their own privacy policies.
• Legal requirements: we may disclose data if required by law.

Data Storage & Security

Your data is stored securely on Supabase-managed infrastructure hosted in the European Union, with encryption at rest and in transit. Passwords are hashed and never stored in plain text. Row-Level Security (RLS) ensures users can only modify their own data.

Cookies

The Ratz app does not use cookies. Our website (ratz.app) uses cookies for Google Analytics. You can manage cookie preferences through your browser settings or via the cookie banner on our website.

Your Rights

You have the right to:

• Access your personal data (visible in your profile and workout history)
• Correct inaccurate data by updating your profile
• Delete your account and all associated data directly from the app
• Withdraw consent for data processing at any time by deleting your account
• Opt out of push notifications via your device settings

For additional requests, contact us at support@ratz.app.

Data Retention

We retain your data for as long as your account is active. If you delete your account, your personal data will be removed within 30 days. Anonymized, aggregated data (e.g., total workout counts) may be retained for analytics. Spotify track data is stored temporarily and not retained after your workout session.

Children's Privacy

Ratz is not intended for children under 16. We do not knowingly collect data from children. If you believe a child has created an account, please contact us and we will delete it.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via the app or email. Continued use after changes constitutes acceptance.

Contact Us

For privacy-related questions, contact us at support@ratz.app.

We6 Oy
Finland