Privacy Policy
Effective Date: Launch Date · Last Updated: March 2026
What does all this mean?
Here is the short version. Read the full details below.
No Ads or Tracking
We never sell your data. No targeted ads. No tracking pixels.
Encrypted and Secure
All data encrypted in transit and at rest. Passwords hashed with bcrypt.
Delete Anytime
Delete your account and all data permanently from Settings.
1.Introduction
Rizanah ("we," "us," or "our") operates the Rizanah web application at app.rizanah.com and the marketing website at rizanah.com (collectively, the "Service"). This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and your rights regarding your data.
Rizanah LLC is based in Columbus, Ohio, United States.
By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.
2.Information We Collect
2.1 Information You Provide Directly
We collect the following personal information when you create an account and use the Service:
| Data Category | Specific Data | Why We Collect It |
|---|---|---|
| Account Info | Name, email, password | Create and manage your account, send emails, provide support. |
| Body Metrics | Height, weight, age, DOB, gender | Calculate TDEE, generate workout plans, set nutrition targets. |
| Fitness Data | Goals, level, training preferences, health conditions, 1RM | Personalize workout plans using the NASM OPT-based algorithm. |
| Workout Logs | Exercises, sets, reps, RPE, duration, completion | Track progress, adapt future workouts, calculate achievements. |
| Nutrition Logs | Foods, calories, macros, meal slots, saved meals | Track daily intake against calorie and macro targets. |
| Community | Posts, comments, bookmarks, challenges, reports | Operate the community feature within your gender community. |
| Payment Info | Processed by Stripe. We never store card numbers. | Process subscription payments via Stripe. |
| Support | Contact form submissions (subject, message) | Respond to questions, bugs, and feature requests. |
2.2 Information Collected Automatically
When you use the Service, we automatically collect:
- Device and browser information (browser type, OS, screen resolution) for ensuring the app works across devices.
- IP address for security, fraud prevention, and approximate geographic location.
- Usage data (pages visited, features used, session duration) for improving the product.
- Cookies and similar technologies for maintaining your login session, theme preference, and unit preference.
2.3 Information from Third-Party Services
If you sign up or log in using Google, Apple, or Yahoo, we receive your name and email address from those services. We do not receive your password from those providers.
We do not purchase personal information from data brokers or other third parties.
3.How We Use Your Information
We use your personal information for the following purposes:
- To provide the Service: generate personalized workout plans, calculate nutrition targets, operate the community, track your progress.
- To process payments: manage your subscription through Stripe.
- To communicate with you: send transactional emails (payment confirmations, trial reminders, renewal notices, password resets), respond to support requests.
- To improve the Service: analyze usage patterns to fix bugs, improve features, and inform product decisions.
- To ensure safety: enforce our Terms of Service and Community Guidelines, detect fraud, protect your account.
We do NOT use your data for:
- Selling to third parties.
- Targeted or behavioral advertising.
- Building advertising profiles.
- Training AI models using your personal data.
4.How We Share Your Information
We do not sell, rent, or share your personal information for advertising purposes. We share data only in these limited circumstances:
| Recipient | What We Share | Why |
|---|---|---|
| Stripe | Email, plan, payment events | Process payments. PCI-DSS compliant. |
| USDA FoodData Central | Food search queries | Food and nutrition data. Public U.S. government API. |
| Vercel | Server logs (IP, user agent) | Host and serve the application. |
| Supabase | All Service data (encrypted) | Store account, workout, nutrition, and community data. |
| Other users | Display name, avatar, posts, comments | Visible within your gender community only. |
| Law enforcement | As required by law | Valid legal process only. We notify you unless prohibited. |
5.Cookies and Tracking
Rizanah uses only essential cookies required for the Service to function. We do not use advertising cookies, tracking pixels, or analytics cookies that share data with third parties.
| Cookie | Purpose | Duration |
|---|---|---|
| Session | Keeps you signed in | Logout or 7 days inactive |
| Theme | Dark/light mode preference | Persistent until changed |
| Units | Imperial/metric preference | Persistent until changed |
Because we do not use advertising or analytics cookies that track you across websites, we do not display a cookie consent banner. If we add analytics in the future, we will update this policy and implement appropriate consent mechanisms.
6.Data Retention
We retain your personal information for as long as your account is active. If you cancel your subscription:
- Your data is preserved for 12 months after your last login, in case you resubscribe.
- After 12 months of inactivity with no active subscription, your data may be permanently deleted.
- Community posts remain visible after cancellation. Delete them individually before cancelling, or contact support.
If you delete your account (Settings > Danger Zone):
- All personal data permanently deleted within 30 days.
- Community posts removed immediately.
- Workout and nutrition logs permanently erased.
- This action is irreversible.
7.Data Security
We implement the following security measures to protect your data:
Encryption in transit
TLS 1.2+ (HTTPS) for all connections
Encryption at rest
AES-256 encryption via Supabase
Password hashing
bcrypt via Supabase Auth, never plain-text
Row Level Security
Users can only access their own data
Payment security
Stripe handles all card data (PCI-DSS Level 1)
Admin access
Multi-factor authentication required
No system is 100% secure. If we discover a data breach that affects your personal information, we will notify you by email within 72 hours and provide details about what was affected and what steps we are taking.
8.Your Privacy Rights
8.1 All Users
Regardless of where you live, you have the right to:
- Access your data: View all personal information we hold about you.
- Correct your data: Update inaccurate information via your Profile or Settings.
- Delete your data: Delete your account and all associated data (Settings > Danger Zone > Delete Account).
- Export your data: Request a copy by emailing [email protected].
- Cancel your subscription: At any time via Settings > Subscription > Cancel.
8.2 California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights:
- Right to Know: Request the specific data we collected, its sources, purpose, and who we share it with.
- Right to Delete: Request deletion of your personal information, subject to certain exceptions.
- Right to Opt-Out: Rizanah does NOT sell or share your data for advertising. There is nothing to opt out of.
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights.
Do Not Sell or Share My Personal Information
Rizanah does not sell, share, or use personal information for cross-context behavioral advertising. We have never sold personal information and have no plans to do so. There is no need to submit an opt-out request because we do not engage in these practices.
To exercise your rights, email [email protected] with the subject "Privacy Request." We will verify your identity and respond within 45 days.
8.3 European Residents (GDPR)
If you are in the EEA or UK, you have additional rights under GDPR:
- Legal basis: We process your data based on consent, contractual necessity, and legitimate interests.
- Right to Portability: Request your data in a structured, machine-readable format.
- Right to Restrict Processing: Limit how we use your data while a complaint is being resolved.
- Right to Lodge a Complaint: File a complaint with your local Data Protection Authority.
Rizanah stores data on servers in the United States via Supabase and Vercel. International data transfers from the EU/UK to the US are protected by Standard Contractual Clauses (SCCs) incorporated into our Data Processing Agreements with Supabase, Vercel, and Stripe. You may request copies of these agreements by emailing [email protected].
Lawful Basis for Processing
| Data | Legal Basis |
|---|---|
| Account, fitness, nutrition | Contract (Art. 6(1)(b)): needed to deliver the service you signed up for. |
| Body metrics (height, weight, age) | Contract (Art. 6(1)(b)): standard profile data needed to calculate your plans. Not special category health data. |
| Health data (injuries, conditions) | Explicit Consent (Art. 9(2)(a)): you provide this voluntarily during onboarding. You can withdraw consent anytime via Settings. |
| Community posts | Legitimate Interest (Art. 6(1)(f)): operating the community feature. |
| Device/usage data | Legitimate Interest (Art. 6(1)(f)): security and product improvement. |
| Payment | Contract (Art. 6(1)(b)): processing your subscription. |
Withdrawing Consent
You can withdraw consent for health data processing at any time through Settings. Withdrawing consent does not affect the lawfulness of processing before withdrawal. You can also delete your entire account through Settings > Danger Zone.
9.Age Requirement
Rizanah is not intended for anyone under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe someone under 18 has created an account, contact us at [email protected] and we will delete the information immediately.
10.Health Data Disclaimer
Rizanah is a consumer wellness application, not a healthcare provider. The fitness and nutrition data you enter (workout logs, food logs, body metrics) is NOT protected health information (PHI) under HIPAA. Rizanah is not a HIPAA-covered entity.
We treat your health and fitness data with the same care as all personal information described in this policy. We do not sell it, share it for advertising, or disclose it to third parties except as described in Section 4.
11.Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email at least 30 days before the changes take effect, and post the updated policy at rizanah.com/privacy. The "Last Updated" date at the top will reflect the most recent revision.
Your continued use of the Service after the effective date constitutes acceptance of the changes.
12.Contact Us
If you have questions about this Privacy Policy or want to exercise your privacy rights:
[email protected]
In-App Support
Settings > Support > Contact Us
We respond to privacy requests within 30 days (45 days for CCPA requests).
Rizanah LLC, 1747 Olentangy River Rd #1067, Columbus, OH 43212