Rung ("we," "our," or "us") is operated by Rung Health. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Rung iOS app ("the App") and related services.
By using Rung, you agree to the practices described in this policy. If you do not agree, please do not use the App.
Account Information
When you create an account, we collect:
Email address and display name — provided directly or via Sign in with Apple or Google Sign-In
Firebase User ID — an internal identifier used to associate your data with your account
Health & Fitness Data (Apple HealthKit)
With your explicit permission, we read the following data from Apple HealthKit:
- Steps, exercise minutes, and active energy burned
- Sleep analysis (duration and sleep stages)
- Resting heart rate and heart rate variability (HRV)
- Weight and blood pressure (systolic/diastolic)
We access HealthKit data in read-only mode. We do not write data to HealthKit. HealthKit data is never sold, shared for advertising, or used for purposes other than providing you with personalised health coaching and insights.
User-Generated Content
- Chat messages with your AI health coach
- Daily check-ins (mood, energy, stress, and sleep quality ratings on a 1–10 scale, plus optional notes)
- Health goals and preferences you set within the App
- Coach tone preference
- Message feedback (thumbs up/down on AI responses)
Device & Usage Data
- Crash logs and diagnostics — collected via Firebase Crashlytics to help us fix bugs and improve stability
- App interaction events — collected via Firebase Analytics only if you opt in
- Push notification token — used by Firebase Cloud Messaging to deliver reminders and notifications
- Device and OS information — included in crash reports to help us diagnose issues
Optional Data (with separate permission)
- Calendar events — if you grant calendar access, we read upcoming events via Apple EventKit. Events are processed on your device; only summary flags (e.g., "busy morning") are included in AI coaching context. Raw calendar data is not stored on our servers.
- Approximate location — if you grant location access, we use it solely to provide weather context for your coaching. Your location is not stored on our servers.
We use your information to:
- Provide personalised AI health coaching — including health insights, performance scores, and contextual recommendations
- Generate check-in reminders and streak notifications — to help you build consistent health habits
- Improve app stability — crash reports help us identify and fix issues
- Improve the app experience — if you opt in to analytics, we use aggregated interaction data to improve features
We do not use your data for advertising, and we do not sell your data to anyone.
Rung uses AI to provide personalised health coaching. Here is how that works:
- AI consent is explicit. During onboarding, we ask whether you consent to sharing your health data with our AI coaching service. You can change this at any time in Settings.
- When AI health data consent is enabled: summarised health data (not raw HealthKit records) is sent to our AI provider (Anthropic) via a secure server-side proxy. No data is sent directly from your device to Anthropic.
- When AI health data consent is disabled: you still receive general coaching, but no health data is included in AI requests.
- PII redaction is applied before any data is logged for analytics purposes.
Our AI provider (Anthropic) processes data on our behalf to generate coaching responses. We do not permit Anthropic to use your data for training their models. Refer to Anthropic's privacy policy (https://anthropic.com/legal/privacy) for further details on their data handling.
We take the security of your data seriously:
- Encryption at rest: Sensitive health fields stored in Google Cloud Firestore are encrypted using AES-256-GCM on a per-field basis. The encryption key is stored in your device's Keychain and is not synced to iCloud.
- Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS/HTTPS.
- On-device protection: Exported data files are protected using iOS file protection (Complete Protection level), meaning they are only accessible when your device is unlocked.
- No plain-text health data in logs: We apply redaction to prevent sensitive data from appearing in diagnostic logs.
While we implement strong safeguards, no system is 100% secure. We continuously review and improve our security practices.
We use the following third-party services to operate the App:
| Service | Provider | Purpose |
|---|---|---|
| Firebase Authentication | Google | Account creation and sign-in |
| Cloud Firestore | Google | Secure data storage |
| Firebase Crashlytics | Google | Crash reporting and diagnostics |
| Firebase Analytics | Google | App usage analytics (opt-in only) |
| Firebase Cloud Messaging | Google | Push notifications |
| Firebase Remote Config | Google | Feature configuration |
| Anthropic API| Anthropic | AI coaching responses (via server-side proxy) |
| HealthKit | Apple | Reading health and fitness data |
| StoreKit | Apple | Subscription payment processing |
| Sign in with Apple | Apple | Authentication |
| Google Sign-In | Google | Authentication |
Each third-party service has its own privacy policy governing how it handles data. We encourage you to review them:
- Google Privacy Policy
- Anthropic Privacy Policy
- Apple Privacy Policy
We do not:
- Sell your personal data or health data to anyone
- Share your data for advertising or marketing purposes
- Use Apple's App Tracking Transparency framework, the Identifier for Advertisers (IDFA), or any cross-app tracking
We share data only in these limited circumstances:
- With our AI provider (Anthropic) — summarised health data, only when you have enabled AI health data consent, sent via a secure server-side proxy. Anthropic is bound by a data processing agreement and provides protections for your data that meet or exceed the standards described in this policy. Anthropic does not use your conversations or health data to train its AI models.
- With Firebase/Google — as necessary to provide authentication, data storage, crash reporting, and (if you opt in) analytics
- As required by law — if we are legally compelled to disclose information, we will do so in compliance with applicable law
You have the following rights and controls:
- Export your data — You can export all your data in JSON format from the App's Settings at any time.
- Delete your account — You can delete your account from within the App. This permanently removes all your data (see Section 8 below).
- Revoke AI health data consent — You can turn off AI health data sharing at any time in Settings. When disabled, no health data is sent to our AI provider.
- Opt out of analytics — You can disable analytics at any time in Settings.
- Manage HealthKit permissions — You can grant or revoke HealthKit access at any time via your device's Settings > Health > Data Access.
- Manage notification permissions*— You can enable or disable push notifications via your device's Settings.
For users in the UK and European Economic Area (GDPR)
Under the UK GDPR and EU GDPR, you have additional rights including:
- Right of access — request a copy of your personal data
- Right to rectification — request correction of inaccurate data
- Right to erasure — request deletion of your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to restrict processing — request that we limit how we use your data
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — withdraw consent at any time where processing is based on consent
Lawful bases for processing:
- Consent — for HealthKit data access, AI health data processing, analytics, calendar access, and location access
- Contract performance — for providing the core App service, including account management and AI coaching
- Legitimate interests — for crash reporting and improving app stability
To exercise any of these rights, contact us using the details in Section 12 below.
For users in California (CCPA/CPRA)
California residents have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To exercise your rights, contact us using the details in Section 12 below.
We retain your data for as long as your account is active or as needed to provide the App's services.
When you delete your account, we permanently delete:
- All conversations and chat messages
- All daily check-ins and performance data
- Your knowledge profile and health summaries
- Your user record from Cloud Firestore
- Your Firebase Authentication account
- Your push notification token from our servers
On your device, account deletion also clears:
- All locally stored preferences (UserDefaults)
- Encryption keys stored in your device's Keychain
- All local caches
On sign-out, your push notification token is removed from our servers.
Rung is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete that information. If you believe a child under 13 has provided us with personal data, please contact us.
Rung offers subscription plans processed entirely by Apple through the App Store. We do not collect, process, or store any payment card information. Subscription management, billing, and refunds are handled by Apple. Please refer to [Apple's terms and privacy policy](https://www.apple.com/legal/privacy/) for details on payment processing.
We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the App or by other appropriate means. The "Last Updated" date at the top of this policy indicates when it was last revised.
We encourage you to review this policy periodically to stay informed about how we protect your data.
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Corey Hearne
Rung Health
Email: corey@runghealth.com
Website: runghealth.com
This privacy policy applies to the Rung iOS app, version 1.0 and later.
.png){kind=logo}
