Privacy Policy

Last updated: February 2026

1. Introduction

This Privacy Policy explains how Rocket Endurance Pty Ltd ("we", "us", or "our") collects, uses, discloses, and protects your personal information, including health information, in accordance with applicable privacy laws including:

• The Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs) for Australian users
• The General Data Protection Regulation (GDPR) (EU) 2016/679 for European Economic Area (EEA) users
• Other applicable data protection laws worldwide

By using Rocket, you acknowledge that you have read and understood this Privacy Policy.

Business Name	Rocket Endurance Pty Ltd
Website	joinrocket.app
Contact Email	admin@joinrocket.app
Address	Sydney, NSW, Australia

2. Information We Collect

We collect the following types of information:

Account Information

• Name, email address, date of birth, gender
• Username and password
• Profile photo (optional)
• Country/region and language preferences

Health and Fitness Data

• Physical activity data (steps, distance, workouts, exercise duration)
• Biometric data (heart rate, weight, height, BMI)
• Sleep patterns and quality
• Calorie intake and nutritional information
• Health goals and fitness objectives
• Training plans, race goals, and performance metrics

Device and Usage Information

• Device type, operating system, unique device identifiers
• IP address and approximate location data (with your consent)
• App usage patterns, features accessed, and performance data
• Crash reports and diagnostic information

Third-Party Integration Data

• Data from connected devices (fitness trackers, smartwatches)
• Data from Garmin Connect, Strava, Apple HealthKit, and Google Fit (with your permission)
• Social media profile information (if you choose to connect)

3. How We Collect Information

We collect information:

• Directly from you when you create an account and use the app
• Automatically through your device sensors and app usage
• From connected third-party devices and applications (with your consent)
• Through cookies and similar tracking technologies

4. Garmin Connect Integration — Data Usage

Rocket integrates with the Garmin Connect API (via the Garmin Connect Developer Program) to provide a seamless training experience for users who own Garmin devices. This section describes how we access, use, store, and protect data obtained through the Garmin Connect API.

4.1 Data We Access via the Garmin Connect API

With your explicit consent, Rocket may access the following data from your Garmin Connect account:

• Activity data: Completed workouts and activities including type, duration, distance, pace, speed, cadence, and elevation
• Heart rate data: Real-time and summary heart rate information, resting heart rate, and heart rate zones
• Training status: Training load, training effect, VO2 Max estimates, and recovery time
• Body composition: Weight, body fat percentage (if recorded on a Garmin device)
• Sleep data: Sleep duration and quality metrics
• Daily summaries: Steps, calories, active minutes, and stress levels
• Device information: Connected Garmin device model and firmware version

4.2 How We Use Garmin Connect Data

Data obtained through the Garmin Connect API is used exclusively to:

• Personalise your training plan: We use your activity history, fitness metrics, and training load data to generate and adapt your periodised training programme
• Auto-populate completed workouts: Completed activities are automatically synced to reduce manual data entry and ensure accurate progress tracking
• Push scheduled workouts to your device: Planned workouts from your Rocket training plan are sent to your Garmin device so you can execute them directly from your wrist
• Calculate fitness scoring: Heart rate, VO2 Max, and training load data inform your Rocket fitness level calculation and training zone assignments
• Monitor compliance and recovery: We track workout completion rates and recovery metrics to adjust plan volume and intensity appropriately
• Provide progress insights: Historical data is used to display trends, personal records, and performance improvements over time

4.3 Data We Do Not Collect or Use

We do not access or use Garmin Connect data for:

• Advertising or marketing profiling
• Sale or transfer to third parties for their own purposes
• Any purpose unrelated to the delivery of the Rocket training platform

4.4 Storage and Security of Garmin Data

All data received from the Garmin Connect API is:

• Encrypted in transit using TLS 1.2 or higher
• Encrypted at rest using AES-256 encryption
• Stored in secure cloud infrastructure with access controls
• Accessible only to authorised Rocket systems and personnel on a need-to-know basis
• Retained only for as long as your account is active, or as required by law

4.5 Revoking Garmin Connect Access

You may disconnect your Garmin Connect account at any time through:

• Within Rocket: Settings → Integrations → Garmin Connect → Disconnect
• Within Garmin Connect: Manage third-party app permissions at connect.garmin.com

Upon disconnection, Rocket will cease pulling new data from Garmin Connect. Previously synced data will be retained in your Rocket account unless you request its deletion (see Section 13: Managing Your Information).

4.6 Compliance with Garmin Developer Program Policies

Rocket's use of the Garmin Connect API complies with the Garmin Connect Developer Program terms, including restrictions on data usage, storage, and disclosure. We do not cache, store, or replicate Garmin data beyond what is necessary to provide the Rocket training platform services described in this policy.

5. Strava Integration — Data Usage

Rocket integrates with the Strava API (via Strava's Developer Program) to sync your activities and enhance your training experience. This section describes how we access, use, and protect data obtained through the Strava API.

5.1 Data We Access via the Strava API

With your explicit consent via OAuth 2.0 authorisation, Rocket may access the following data from your Strava account:

• Activity data: Completed activities including type, duration, distance, pace, speed, elevation, and route data
• Athlete profile: Name, profile photo, measurement preferences, and athlete statistics
• Performance metrics: Heart rate data, power data, and segment efforts (where available)

5.2 How We Use Strava Data

Data obtained through the Strava API is used exclusively to:

• Automatically sync completed activities to your Rocket training log
• Match completed activities against planned workouts for compliance tracking
• Inform training plan adaptations based on actual training load
• Display activity history and progress trends within the Rocket app

5.3 Revoking Strava Access

You may disconnect your Strava account at any time through Rocket's Settings → Integrations, or by managing third-party apps at strava.com/settings/apps.

5.4 Compliance with Strava API Agreement

Rocket's use of the Strava API complies with the Strava API Agreement and Strava's brand guidelines. We do not replicate Strava's core functionality, and all Strava data displayed within Rocket is attributed to Strava in accordance with their requirements.

6. Legal Basis for Processing (GDPR)

For EEA users, we process your personal data based on the following legal grounds:

• Consent: You have given explicit consent for processing your health data and other personal information for specific purposes (GDPR Article 9(2)(a)).
• Contract Performance: Processing is necessary to provide the app services you've requested (GDPR Article 6(1)(b)).
• Legitimate Interests: Processing is necessary for our legitimate interests in improving our services, preventing fraud, and ensuring security (GDPR Article 6(1)(f)).
• Legal Obligation: Processing is necessary to comply with legal obligations (GDPR Article 6(1)(c)).

7. How We Use Your Information

We use your personal information, including health data, for the following purposes:

• To provide and personalise the fitness and health tracking services
• To analyse your activity patterns and provide insights and recommendations
• To monitor your progress toward health and fitness goals
• To send you notifications, reminders, and motivational messages (with your consent)
• To improve our app features and user experience
• To provide customer support and respond to your enquiries
• To conduct research and analytics (in aggregated, de-identified form)
• To ensure security and prevent fraud
• To comply with legal obligations
• To send marketing communications (only with your consent)

8. Disclosure of Your Information

Service Providers

Third-party service providers who assist us with cloud storage and hosting, data analytics, customer support services, payment processing, and email and notification services. These providers are contractually obligated to protect your information.

Healthcare Professionals

If you choose to share your data with your doctor, personal trainer, nutritionist, or other healthcare providers (only with your explicit consent).

Legal Requirements

Where required or permitted by law, including to law enforcement agencies, courts and regulatory authorities, and in response to lawful requests and legal processes.

Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of assets, your information may be transferred to the acquiring entity (you will be notified in advance).

We do NOT sell your personal information to third parties for marketing purposes.

9. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence.

For Australian Users

• Overseas recipients may include the United States and European Union
• We take reasonable steps to ensure overseas recipients comply with the APPs or are subject to similar privacy protections

For EEA Users

Transfers outside the EEA are protected by:

• EU Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Your explicit consent
• Other appropriate safeguards under GDPR Article 46

10. Data Security

We implement appropriate technical and organisational security measures to protect your personal information, including:

• Encryption of data in transit (TLS/SSL) and at rest (AES-256)
• Secure authentication and multi-factor authentication options
• Regular security audits and vulnerability assessments
• Access controls limiting employee access on a need-to-know basis
• Incident response and breach notification procedures

However, no method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

11. Data Retention

We retain your personal information for as long as:

• Account Active: While your account remains active and for a reasonable period afterwards
• Service Provision: As necessary to provide you with our services
• Legal Requirements: As required to comply with legal, accounting, or regulatory obligations (typically 7 years for financial records)
• Legitimate Interests: As necessary for legitimate business purposes such as fraud prevention and security

When data is no longer needed, we securely delete or anonymise it. You may request deletion of your account and associated data at any time.

12. Your Rights

For Australian Users (Privacy Act 1988)

• Access: Request access to personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your account and personal information
• Complaints: Lodge a complaint about our handling of your information

For EEA Users (GDPR)

• Right of Access: Obtain confirmation of whether we process your data and access to that data (Article 15)
• Right to Rectification: Correct inaccurate or incomplete personal data (Article 16)
• Right to Erasure: Request deletion of your personal data in certain circumstances (Article 17)
• Right to Restriction: Request we limit processing of your data in certain situations (Article 18)
• Right to Data Portability: Receive your data in a structured, machine-readable format (Article 20)
• Right to Object: Object to processing based on legitimate interests or for direct marketing (Article 21)
• Right to Withdraw Consent: Withdraw your consent at any time (Article 7(3))

Response Time: 30 days for Australian users; 1 month for EEA users. To exercise these rights, contact us at admin@joinrocket.app.

13. Managing Your Information

You can manage your information through the app:

• Update your profile and health information in Settings
• Control permissions for device sensors and third-party integrations
• Export your data in a portable format (Settings → Data Export)
• Adjust notification and marketing preferences
• Delete your account and request data deletion (Settings → Account → Delete Account)

14. Children's Privacy

Our app is not intended for children under 16 years of age (or 13 in countries where that is the digital age of consent). We do not knowingly collect personal information from children without parental consent.

If you believe we have collected information from a child without appropriate consent, please contact us immediately and we will take steps to delete such information.

15. Third-Party Services and Links

Our app may integrate with or contain links to third-party services:

• Garmin Connect
• Strava
• Apple HealthKit / Google Fit
• Wahoo
• COROS
• Payment processors

These third parties have their own privacy policies. We are not responsible for their privacy practices. We encourage you to review their policies.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable laws, or new features. We will notify you of material changes by:

• Email notification to your registered email address
• In-app notification
• Posting the updated policy with a new "Last updated" date

Your continued use of the app after changes indicates your acceptance of the updated policy.

17. Complaints and Supervisory Authority

For Australian Users

If you have a complaint about how we handle your personal information, please contact us at admin@joinrocket.app. We will investigate and respond within 30 days.

If you are not satisfied, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au

For EEA Users

You have the right to lodge a complaint with your supervisory authority in your country of residence, place of work, or where the alleged infringement occurred.

18. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us:

Company	Rocket Endurance Pty Ltd
Email	admin@joinrocket.app
Website	joinrocket.app
Address	Sydney, NSW, Australia

19. Consent for Sensitive Information

For Australian Users

By using Rocket and providing your health and fitness data, you expressly consent to our collection, use, and disclosure of your sensitive health information as described in this Privacy Policy.

For EEA Users

By using Rocket and providing your health data (special category data under GDPR), you provide your explicit consent for the processing of this data as described in this Privacy Policy. You may withdraw your consent at any time through Settings, though this may limit app functionality.

For All Users

You can manage your consent preferences at any time through the app Settings.