Legal
Privacy, Terms & Policies
How Reficio handles your data, third-party integrations, AI features, and wellness (non-medical) guidance across the iOS app, web dashboard, and this website.
Privacy Policy
Effective date: May 30, 2026 · Last updated: May 30, 2026
1. Who we are
This Privacy Policy describes how Reficio("Reficio," "we," "us") collects, uses, stores, and shares information when you use the Reficio iOS mobile app, the web dashboard at reficio-web.vercel.app, and related services (collectively, the "Service").
Contact for privacy requests: reficioapp@gmail.com or our contact page.
This policy is linked from the iOS app (Profile → Legal & support) and should match the Privacy Policy URL you provide in App Store Connect.
2. What Reficio is (scope)
Reficio provides educational running-injury and return-to-run guidance, journaling, training-load views, and optional activity sync. It is not medical diagnosis, treatment, emergency care, or clearance to run. You should consult a qualified clinician before making medical or training decisions. Reficio is not a regulated medical device.
Reficio provides educational running-injury and return-to-run guidance only—not medical advice, diagnosis, treatment, emergency care, or clearance to run. Always consult a qualified healthcare professional before medical or training decisions. Reficio is not a regulated medical device.
3. Data we collect
We collect information you provide, data generated by the Service, and data from integrations you choose to connect.
Account & identity
- Email address and password (authentication via Supabase Auth)
- User ID and session tokens
- Optional profile fields: display name, age, sex, height, weight, and runner/athlete type
Health-adjacent & fitness data (user-provided)
- Injury intake: pain location, severity, timing, symptoms, onset, aggravating/relieving factors, body map selections
- Clinician-provided injury name, if you choose that intake path
- Journal entries: daily walking pain, hop-test pain, and free-text notes
- Rehab and prehab checklist completion
- Recovery habits you log (e.g. sleep, hydration), when available in the app
- Activity feedback: pain level and notes tied to runs or workouts
- Manually logged activities (distance, duration, sport type, and related fields)
Injury, pain, and symptom details you enter are optional and self-reported—not verified by Reficio. They personalize educational content and plans; they are not used to diagnose or treat you.
Derived & computed data
- Assessment results and return-to-run plans from our rule-based engine
- Recovery scores, training-load metrics, timeline estimates, and related dashboard values
- Dashboard display snapshots synced to the cloud for continuity across devices
Optional third-party integrations
- Strava (if you connect): OAuth access and refresh tokens, athlete ID and display name, recent run activities (distance, pace, dates, elevation, and related fields returned by Strava), and derived training-load snapshots stored in Supabase
- Oura Ring (if you connect): OAuth tokens, connection status, and athlete/profile identifiers. Oura sleep, readiness, and workout data are not merged into training-load algorithms or readiness UI until we enable that feature; connection is stored so you can link your account
- WHOOP (if you connect): OAuth tokens, connection status, and profile identifiers. WHOOP recovery, sleep, and workout data are not merged into training-load algorithms or readiness UI until we enable that feature
AI-related data
- Chat messages you send to Atlas Coach and related coach features
- Intake, assessment, and activity context sent to our backend to power AI features
- Cached AI outputs (e.g. exercise suggestions, educational narratives) stored per account
Technical & local device data
- Session tokens and preferences on your device (e.g. unit system, dark mode)
- Guest-mode intake may be stored locally on your device until you sign in and migrate it to your account
- Essential cookies on the web dashboard for authentication and security (see Cookies Policy)
4. What we do not collect
- Apple Health / HealthKit: Reficio does not read from or write to HealthKit unless we add that integration in a future version and update this policy
- Precise location tracking by Reficio: we do not operate continuous GPS tracking. Strava or other providers may include location in activity data they return when you connect them
- Advertising identifiers or cross-app tracking for ad targeting
- Sale of personal or health-related data to data brokers
5. How we use data
We use your information only to operate and improve the Service, including to:
- Personalize assessments, return-to-run plans, journal insights, and recovery scores
- Sync your data across devices when you are signed in
- Operate optional integrations (Strava, Oura, WHOOP) that you authorize
- Power AI-assisted explanations and chat when those features are enabled
- Maintain security, prevent abuse, and improve reliability
We do not use health-related data for advertising, marketing to third parties, or sale to data brokers.
6. Legal bases & consent
United States: by creating an account you receive clear notice of this policy and consent to processing as described. Health-adjacent data you enter is voluntary and used to personalize educational content.
EEA / UK (if applicable): we rely on performance of our contract with you to provide the Service, legitimate interests in securing and improving the Service, and consent where required (e.g. optional integrations and certain health-related inputs). See Section 10 for your rights.
At sign-up you agree to our Terms of Service and this Privacy Policy, consistent with in-app copy.
7. Third-party service providers (subprocessors)
We use vendors that process data on our behalf:
- Supabase — authentication, database, row-level security, and edge functions. Stores account, intake, journal, integration tokens, load snapshots, and AI conversation data in cloud infrastructure (typically including United States regions, depending on project configuration)
- Google (Gemini API) — generates AI text when you use Atlas Coach or related features. Receives your messages and relevant context (e.g. intake summary, activity context) to produce responses
- Strava — when you connect Strava, OAuth and activity sync are also governed by Strava's privacy policy
- Vercel — hosts the Reficio web app and OAuth callback routes (e.g. Strava, Oura, WHOOP connect flows)
- Oura / WHOOP— only when you connect those services; governed by each provider's policies. Data use in Reficio algorithms is limited as described in Section 3 until we enable full sync
8. AI-specific disclosures
AI features (including Atlas Coach) use third-party models such as Google Gemini. Outputs are educational and informational only—not medical advice—and may be incomplete or inaccurate. Do not use AI for emergencies.
- AI outputs are informational, may be incomplete or wrong, and are not medical advice or emergency triage
- Your messages and relevant account context are sent to Google's Gemini API through our backend to generate responses
- We store conversation history and cached AI outputs in your Supabase account so you can continue conversations across sessions. Google processes API requests under its Gemini API terms; review those terms for provider-side retention and use
- We apply rate limits and safeguards (e.g. message length limits, cooldowns, and blocking of off-topic or abusive prompts) to protect the Service
9. Data storage, security & retention
- Data is stored in the cloud (Supabase) and transmitted over encrypted connections (HTTPS/TLS)
- Row-level security limits database access so users can read and write only their own rows
- We retain data while your account is active and as needed for security, backup, and legal compliance
- Account deletion: in the iOS app, go to Profile → Account → Delete account. Deletion is permanent and removes your cloud data within a reasonable period, subject to limited backup or legal retention requirements
- Local device caches and guest-mode data are cleared on sign-out or account deletion where applicable
10. Your rights & choices
- Access and update profile and intake data in the app
- Disconnect Strava, Oura, WHOOP, and other integrations in Profile or web Settings
- Sign out at any time
- Delete your account in-app (permanent) or contact us for help
- Email reficioapp@gmail.com or use our contact page for questions or requests not available in-app
EEA / UK: you may have rights to access, rectification, erasure, restriction, portability, and objection, and to lodge a complaint with your local supervisory authority.
California: you may have rights under CCPA/CPRA, including knowing what we collect and requesting deletion, subject to legal exceptions.
11. Children
Reficio is intended for users 18 and older. It is not directed to children under 13, and we do not knowingly collect personal information from children under 13 (COPPA). If you believe a child has provided us data, contact us and we will delete it.
12. International transfers
If you use Reficio from outside the United States, your data may be processed in the United States and other countries where our service providers operate. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for transfers from the EEA/UK.
13. Apple App Privacy (nutrition label alignment)
When you complete App Store Connect privacy declarations, they should be consistent with this policy. As of the date above, Reficio generally collects:
- Contact info: email address
- Health & fitness: symptoms, pain, training data, workouts (including from integrations you connect)
- Identifiers: user ID linked to your account
- User content: journal notes, chat messages, intake responses
Data is linked to your identity when signed in. We do notuse your data for tracking across other companies' apps or websites for advertising. Purposes are app functionality, not third-party advertising. Update App Store Connect if we add analytics or new data types.
14. Changes to this policy
We may update this Privacy Policy. We will post the revised policy on this page with an updated "Last updated" date and, for material changes, provide notice in the app or by email where appropriate. Continued use after the effective date constitutes acceptance where permitted by law.
Terms of Service
Effective date: May 30, 2026 · Last updated: May 30, 2026
1. Agreement & acceptance
By downloading, accessing, or using Reficio, you agree to these Terms of Service and our Privacy Policy. If you do not agree, do not use the Service. You must be at least 18 years old (or the minimum age in your jurisdiction if higher). You agree to provide accurate registration information and keep your account credentials secure.
2. Description of the service
Reficio provides educational running-injury guidance, pattern-based assessments (not clinical diagnosis), return-to-run planning, journaling, rehab checklists, training-load views, and optional activity sync from third-party services. Features, integrations, and availability may change over time, including beta or preview features that may be modified or withdrawn.
3. Medical disclaimer
Reficio is not a substitute for professional medical care, physical therapy, or emergency services. It does not provide diagnosis, prescription, or medical clearance to run. Seek immediate in-person care for emergencies, severe pain, numbness, inability to bear weight, or other urgent symptoms. Red-flag or safety messaging in the app does not replace professional evaluation. You assume responsibility for training and health decisions you make using the Service.
Reficio provides educational running-injury and return-to-run guidance only—not medical advice, diagnosis, treatment, emergency care, or clearance to run. Always consult a qualified healthcare professional before medical or training decisions. Reficio is not a regulated medical device.
4. AI disclaimer
AI-generated content (Atlas Coach, exercise suggestions, educational narratives) may be inaccurate or incomplete. Do not rely on AI for medical decisions or emergencies. AI features (including Atlas Coach) use third-party models such as Google Gemini. Outputs are educational and informational only—not medical advice—and may be incomplete or inaccurate. Do not use AI for emergencies.
5. User responsibilities
- Provide information that is accurate to the best of your knowledge
- Use the Service lawfully and only for personal, non-commercial purposes unless we agree otherwise
- Do not abuse, scrape, reverse engineer, or circumvent security or rate limits except as permitted by law
- Keep your login credentials confidential
- Comply with third-party terms when connecting Strava, Oura, WHOOP, or other integrations
6. Accounts
We may require email verification. You may sign out or delete your account at any time. Account deletion in the iOS app (Profile → Account → Delete account) is permanent. We may suspend or terminate accounts that violate these Terms or pose a security or abuse risk.
7. Third-party services
Strava, Oura, WHOOP, and other integrations are optional and governed by their own terms and privacy policies. Reficio is not responsible for third-party outages, data accuracy, API changes, or policy updates. Disconnecting an integration stops new data from that provider; data already stored in your Reficio account remains until you delete it or delete your account, as described in the Privacy Policy.
8. Intellectual property
Reficio owns the app, website, branding, software, and content we provide (excluding your user content). You receive a limited, personal, non-exclusive, non-transferable license to use the Service. You retain ownership of content you submit and grant Reficio a license to host, process, and display that content solely to operate the Service.
9. No warranty
THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE." TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. WE DO NOT GUARANTEE THE ACCURACY OF ASSESSMENTS, PLANS, LOAD METRICS, RECOVERY SCORES, OR AI OUTPUTS, OR ANY PARTICULAR INJURY PREVENTION OR RETURN-TO-RUN OUTCOME.
10. Limitation of liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW, REFICIO AND ITS AFFILIATES, OFFICERS, AND SUPPLIERS WILL NOT BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS ARISING FROM TRAINING OR HEALTH DECISIONS YOU MAKE BASED ON THE SERVICE. OUR AGGREGATE LIABILITY FOR ANY CLAIM WILL NOT EXCEED THE GREATER OF (A) AMOUNTS YOU PAID REFICIO IN THE TWELVE MONTHS BEFORE THE CLAIM OR (B) ONE HUNDRED U.S. DOLLARS ($100). SOME JURISDICTIONS DO NOT ALLOW CERTAIN LIMITATIONS; IN THOSE CASES, OUR LIABILITY IS LIMITED TO THE FULLEST EXTENT PERMITTED BY LAW.
11. Indemnification
You agree to indemnify and hold harmless Reficio from claims, damages, and expenses (including reasonable legal fees) arising from your misuse of the Service, your violation of these Terms, or your violation of third-party rights.
12. Payments
The Reficio app is currently offered without in-app purchase requirements for core features described at launch. If we introduce paid plans or subscriptions, separate pricing and billing terms will be shown in-app or on our website. Apple App Store subscriptions, if offered, are subject to Apple's payment, renewal, and refund rules.
13. Dispute resolution & governing law
These Terms are governed by the laws of the State of Delaware, USA, without regard to conflict-of-law principles, except where mandatory consumer protections in your country of residence apply. Any dispute will be brought in the courts located in Delaware, unless applicable law requires otherwise. We do not require arbitration or class-action waiver unless separately agreed in writing.
14. Changes to these Terms
We may update these Terms. Material changes will be posted on this page with an updated date and, where appropriate, notified in the app or by email. Continued use after the effective date constitutes acceptance where permitted by law.
15. Contact
Legal and account questions: reficioapp@gmail.com or our contact page.
Health & Safety Notice
Last updated: May 30, 2026
Reficio provides educational running-injury and return-to-run guidance only—not medical advice, diagnosis, treatment, emergency care, or clearance to run. Always consult a qualified healthcare professional before medical or training decisions. Reficio is not a regulated medical device.
Wellness tool, not healthcare
Reficio is designed for fitness and recovery education. Labels such as "assessment," "working hypothesis," or "injury assist" describe algorithmic interpretations of your inputs and activity data. They are not clinical diagnoses, lab results, or prescriptions. Reficio is not a regulated medical device.
When to see a professional
Seek immediate medical attention for severe pain, swelling, numbness, fever, inability to bear weight, or any emergency symptoms. Reficio does not monitor emergencies and must not be used for emergency triage.
Training risk
Return-to-run and training-load guidance is informational. You are responsible for decisions about training volume, intensity, and when to seek medical care.
Integrations
Data from Strava reflects that provider's records. Oura and WHOOP may be connectable for account linking; their health metrics are not yet used in Reficio algorithms unless we announce otherwise. Reficio does not read or write Apple Health / HealthKit at this time.
Apple App Store
If you download Reficio from the Apple App Store, Apple is not responsible for the app or its content. Subscription management and refunds follow Apple's App Store rules where applicable.
Third-party AI
AI features (including Atlas Coach) use third-party models such as Google Gemini. Outputs are educational and informational only—not medical advice—and may be incomplete or inaccurate. Do not use AI for emergencies.