Privacy Policy

1. Introduction

This Privacy Policy explains how Rocket Endurance Pty Ltd (“we”, “us”, or “our”) collects, uses, discloses, and protects your personal information, including health information, in accordance with applicable privacy laws including the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs) for Australian users, the General Data Protection Regulation (GDPR) (EU) 2016/679 for European Economic Area (EEA) users, and other applicable data protection laws worldwide.

By using Rocket, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

Account Information: Name, email address, date of birth, gender, username and password, profile photo (optional), country/region and language preferences.

Health and Fitness Data: Physical activity data (steps, distance, workouts, exercise duration), biometric data (heart rate, weight, height, BMI), sleep patterns and quality, calorie intake and nutritional information, health goals and fitness objectives, training plans, race goals, and performance metrics.

Device and Usage Information: Device type, operating system, unique device identifiers, IP address and approximate location data (with your consent), app usage patterns, features accessed, and performance data, crash reports and diagnostic information.

Third-Party Integration Data: Data from connected devices (fitness trackers, smartwatches), data from Garmin Connect, Strava, Apple HealthKit, and Google Fit (with your permission), social media profile information (if you choose to connect).

3. How We Collect Information

We collect information directly from you when you create an account and use the app, automatically through your device sensors and app usage, from connected third-party devices and applications (with your consent), and through cookies and similar tracking technologies.

4. Garmin Connect Integration

With your explicit consent, Rocket may access activity data, heart rate data, training status, body composition, sleep data, daily summaries, and device information from your Garmin Connect account.

This data is used exclusively to personalise your training plan, auto-populate completed workouts, push scheduled workouts to your device, calculate fitness scoring, monitor compliance and recovery, and provide progress insights.

We do not access or use Garmin Connect data for advertising, marketing profiling, or sale to third parties. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

You may disconnect your Garmin Connect account at any time through Settings → Integrations → Garmin Connect → Disconnect, or within Garmin Connect at connect.garmin.com.

5. Strava Integration

With your explicit consent via OAuth 2.0, Rocket may access activity data, athlete profile, and performance metrics from your Strava account. This data is used exclusively to sync completed activities, match against planned workouts, inform plan adaptations, and display progress trends.

You may disconnect your Strava account at any time through Settings → Integrations, or at strava.com/settings/apps.

6. Legal Basis for Processing (GDPR)

For EEA users, we process your personal data based on: Consent (GDPR Article 9(2)(a)), Contract Performance (Article 6(1)(b)), Legitimate Interests (Article 6(1)(f)), and Legal Obligation (Article 6(1)(c)).

7. How We Use Your Information

We use your personal information to provide and personalise fitness and health tracking services, analyse activity patterns and provide insights, monitor your progress toward goals, send notifications and reminders (with consent), improve app features and user experience, provide customer support, conduct research and analytics (in aggregated, de-identified form), ensure security and prevent fraud, comply with legal obligations, and send marketing communications (only with consent).

8. Disclosure of Your Information

We may share information with service providers (cloud storage, analytics, customer support, payment processing, email services), healthcare professionals (only with your explicit consent), legal requirements (law enforcement, courts, regulatory authorities), and in business transfers (merger, acquisition, sale of assets).

We do NOT sell your personal information to third parties for marketing purposes.

9. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence. For EEA users, transfers are protected by EU Standard Contractual Clauses (SCCs), adequacy decisions, your explicit consent, or other appropriate safeguards under GDPR Article 46.

10. Data Security

We implement encryption of data in transit (TLS/SSL) and at rest (AES-256), secure authentication and multi-factor authentication options, regular security audits, access controls, and incident response procedures. No method of transmission or storage is 100% secure.

11. Data Retention

We retain your personal information while your account is active, as necessary to provide services, as required by legal obligations (typically 7 years for financial records), and as necessary for legitimate business purposes. When data is no longer needed, we securely delete or anonymise it.

12. Your Rights

Australian Users: Right of access, correction, deletion, and complaints.

EEA Users: Right of access (Article 15), rectification (Article 16), erasure (Article 17), restriction (Article 18), data portability (Article 20), objection (Article 21), and withdrawal of consent (Article 7(3)).

Response time: 30 days for Australian users; 1 month for EEA users. Contact us at admin@joinrocket.app.

13. Managing Your Information

You can update your profile in Settings, control permissions for sensors and integrations, export your data (Settings → Data Export), adjust notification preferences, and delete your account (Settings → Account → Delete Account).

14. Children's Privacy

Our app is not intended for children under 16 years of age. We do not knowingly collect personal information from children without parental consent.

15. Third-Party Services

Our app may integrate with Garmin Connect, Strava, Apple HealthKit / Google Fit, Wahoo, COROS, and payment processors. These third parties have their own privacy policies.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email, in-app notification, and posting the updated policy. Your continued use indicates acceptance.

17. Complaints

Australian Users: Contact us at admin@joinrocket.app. We will respond within 30 days. You may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

EEA Users: You have the right to lodge a complaint with your supervisory authority.

18. Contact Us

Rocket Endurance Pty Ltd · admin@joinrocket.app · joinrocket.app · Sydney, NSW, Australia

19. Consent for Sensitive Information

By using Rocket and providing your health and fitness data, you expressly consent to our collection, use, and disclosure of your sensitive health information as described in this Privacy Policy. You may withdraw your consent at any time through Settings, though this may limit app functionality.