Privacy Policy
Last updated June 2, 2026.
Aplodex (“we,” “us,” or “the service”) operates aplodex.com and a private, access-gated workspace. This policy explains what data we collect, how we use it, how we store it, and the choices you have. It covers data you give us directly and data we access on your behalf from connected services such as WHOOP.
What we collect
Account and contact data. When you sign in or contact us, we process your name, email address, and the contents of messages you send. Sign-in uses a one-time emailed code; we do not store your password in readable form.
Usage data. Standard server logs (IP address, browser type, timestamps) generated when you load a page. We use Cloudflare Turnstile on the contact form to block automated abuse.
Health data from connected services.If you connect a third-party health account such as WHOOP, we access only the data categories you authorize. For WHOOP this may include recovery (including heart-rate variability and resting heart rate), sleep (duration and timing), daily cycle and strain, workouts, and basic profile and body-measurement details. We request these through WHOOP’s OAuth flow and you approve the exact scopes before any data is shared.
How we use it
Health data is used solely to power a personal dashboard for the individual who connected the account: computing a daily readiness score, showing trends, and generating a short written summary of the day. We do not use your health data for advertising. We do not sell it, rent it, or share it with data brokers. We do not use it to build profiles for anyone other than you.
Account and contact data is used to operate the service, respond to you, and keep the platform secure.
Third parties and AI processing
We rely on a small set of processors that handle data only on our instructions: Supabase (database hosting), Vercel (application hosting), Google (transactional email delivery), and Cloudflare (bot protection). To generate the written daily summary, a limited set of derived metrics (for example, the readiness score and sleep hours) may be sent to Anthropic’s API. We do not send this data to any other third party and we do not authorize these processors to use it for their own purposes.
Storage and security
Data is stored in a managed Postgres database (Supabase), encrypted in transit. Access tokens for connected services are encrypted before they are stored. The dashboard and its data are restricted to the authenticated owner of the account; the application reads from our own database rather than calling connected services on page load.
Retention and your choices
You can disconnect a connected service such as WHOOP at any time, which revokes our access going forward. You can revoke Aplodex’s access directly from your WHOOP account settings as well. You may request deletion of the data we hold about you, including any imported health data, by emailing us. We delete data when it is no longer needed for the purpose it was collected, or on request, unless we are required to retain it by law.
Contact
Questions about this policy or a request to access or delete your data can go to privacy@aplodex.com. You can also reach us through the contact page.
We may update this policy as the service changes. The “last updated” date at the top reflects the most recent revision.