Privacy Policy

Aria ("Aria," "the App," "we," or "us") is an AI-assisted performance coaching app. This Privacy Policy explains how Aria collects, uses, stores, and protects personal information, health and fitness data, media, AI coaching content, and account data.

Aria is designed for performance coaching and training support. It is not a medical, diagnostic, treatment, emergency, or therapy service.

1. Information We Collect

Account And Profile Information

• Email address, display name, profile photo, authentication identifiers, and account status.
• Password hashes for password-based accounts; OAuth identifiers for Apple or Google sign-in accounts.
• Sport, experience level, goals, training phase, race targets, preferences, date of birth, sex or gender fields when provided, height, weight, dietary preferences, and injury-history fields you choose to provide.
• Subscription, entitlement, interaction-usage, support, and audit records needed to operate paid or limited app features.

Training, Fitness, And Health Information

• Workouts, training plans, programs, exercises, session history, races, personal bests, training conditions, readiness signals, nutrition logs, meal-photo estimates, fueling targets, rehab-plan content, mental-readiness check-ins, journal entries, and related coaching data.
• Heart rate, resting heart rate, heart rate variability, sleep sessions and sleep stages, steps, calories burned, weight, body fat percentage, VO2 max, and exercise-session data when you grant permission through Android Health Connect, Apple Health, or another connected service.
• Additional biometric and recovery signals such as blood oxygen (SpO2), respiratory rate, skin-temperature variation, and blood pressure when those values are available from a connected device or wearable, from Apple Health, or when you enter them manually. Availability of each signal depends on your device and platform.
• Subjective wellbeing and meal-response inputs you choose to log, such as energy, stomach comfort, hunger, and how you felt after eating.
• Workout routes, location-derived training conditions, track-measurement context, and other location information when you use features that request location access.
• Manually entered metabolic or glucose-related values if you choose to enter them. The current Android release configuration does not request Health Connect blood-glucose permission.

Device, Media, And Communications Data

• Device identifiers, app version, feature usage, logs, diagnostics, error reports, push-notification tokens, and security events.
• Photos and camera captures, videos including sprint videos and sprint analysis videos, microphone audio, documents, uploaded program files, meal photos, chat attachments, extracted attachment text, thumbnails, and profile images when you upload or record them in the app.
• Chat messages, voice prompts, AI-generated responses, AI-generated plans, structured review outputs, AI artifact metadata, generated-content reports, moderation queue records, user comments on reports, and operator resolution notes.

Connected Services

Depending on the integrations you enable, Aria may receive data from:

• Apple Health / HealthKit.
• Android Health Connect.
• Strava.
• Garmin data made available through Apple Health or another connected path.
• Apple, Google, App Store, and Google Play services used for sign-in, subscriptions, purchase validation, or app distribution.

You can change device-level health permissions in the operating system settings for Apple Health or Health Connect. You can disconnect app integrations where the app provides a connection setting.

Crash And Diagnostic Data

To keep the app stable and reliable, Aria collects a limited set of crash and diagnostic data when the app encounters a problem. This is a first-party reliability pipeline, separate from any product or usage analytics, and it is used only for app stability, crash diagnostics, and reliability — never for advertising or cross-app tracking.

• Crash reports and error stacks, unhandled errors, and unhandled promise rejections, with message content and stack traces redacted before they leave your device.
• API failure and malformed-response diagnostics, such as the failure kind, HTTP status, sanitized route or endpoint templates (for example /programs/[id], never concrete identifiers or query strings), and the affected app flow or parser.
• Coarse device model, operating-system version, app or build version, platform, and a random per-launch session identifier that rotates on each app launch and is not a user identifier.

This diagnostic data is sent to a first-party Aria backend, which forwards it to Microsoft Azure Application Insights acting as a processor on our behalf. It does not include emails, names, messages or other free text, health, fitness, or cycle data, photos or videos, location, or authentication tokens. The app never sends a raw user identifier with diagnostics; when you are signed in, the backend attaches only a salted, pseudonymous hash derived server-side so that related reports can be grouped without exposing your identity.

Crash and error reporting is on by default but optional. You can turn it off at any time in Settings (crash and error reporting). Product and usage analytics, where offered, is a separate, opt-in feature.

2. How We Use Information

We use information to:

• Create and authenticate accounts.
• Provide training, readiness, rehab, nutrition, sprint, metabolic, mental-readiness, and AI coaching features.
• Personalize coaching context based on your training history, health and fitness signals, goals, preferences, and user-provided content.
• Generate, review, and improve AI coaching outputs and safety filters.
• Process user reports of AI-generated content and operate internal moderation workflows.
• Sync data across devices and connected services.
• Send service messages, push notifications, reminders, support responses, and security notices.
• Operate subscriptions, entitlements, billing-related access, fraud prevention, abuse prevention, and audit logs.
• Debug, secure, monitor, and improve the app and backend services.
• Comply with legal, tax, accounting, security, app-store, and policy obligations.

3. AI Processing And Generated Content

Aria uses AI systems to generate coaching text, plans, summaries, insights, and other performance-support outputs. To provide those features, Aria may send relevant account, training, health, media-derived, and conversation context to AI processing services such as Azure OpenAI or OpenAI-compatible model routes.

AI outputs can be inaccurate or incomplete. Aria applies safety filters and allows generated-content reports so unsafe, inaccurate, offensive, or out-of-scope AI output can be reviewed. Reported excerpts, report reasons, user comments, moderation status, reviewer notes, and safety decision metadata may be stored for moderation, safety improvement, audit, and support.

4. How We Share Information

We do not sell personal information. We share information only as needed to operate Aria, provide user-requested integrations, satisfy legal obligations, or protect users and the service.

Service providers and processors may include:

• Microsoft Azure infrastructure, Azure Blob Storage, Azure Application Insights, Azure Communication Services, and Azure OpenAI.
• OpenAI-compatible AI processing routes where configured.
• WeatherAPI.com or other weather services for local training conditions when location-based weather is enabled.
• Expo push notification services, email, authentication, support, analytics, security, and monitoring providers.
• Apple, Google, App Store, and Google Play services for sign-in, subscriptions, purchase validation, app distribution, and platform compliance.
• Strava, Apple Health, Android Health Connect, or other integrations only when you enable those integrations or grant permission.

Coaches And Aria For Coaches

If you choose to connect with a coach through Aria for Coaches, Aria shares selected information with that coach so they can support your training. You must be 18 or older and provide consent to start coach sharing, you can connect one active coach at a time, and you can disconnect at any time.

• When you connect, your coach can see profile and training information such as your name, age, goals, injury history, training programs, sessions, and workouts (including heart-rate data recorded with a workout).
• Additional health and readiness sharing is off by default and controlled by you on a per-category basis. When you turn on a category, your coach can see summarized signals — for example readiness and sleep summaries, heart-rate-variability trends, and nutrition-plan and logging summaries — generally as bands or trends rather than raw values.
• You can turn any sharing category on or off at any time, and we keep an audit record of coach access. Some information is never shared with coaches, including your Ask Aria chat messages, raw connected-device data, manually entered metabolic or glucose values, and account settings.

We may disclose information if required by law, to enforce our terms, to prevent fraud or abuse, to protect the safety of users or others, or as part of a business transfer such as a merger, acquisition, or sale of assets.

5. Storage, Security, And Retention

• Aria stores app data on Microsoft Azure cloud infrastructure and related managed services.
• Data is encrypted in transit using HTTPS/TLS and protected at rest using database, storage, and cloud-provider controls.
• Passwords are hashed. Access tokens, refresh tokens, and integration tokens are protected using server-side security controls.
• We keep account and app data while your account is active or as needed to provide the app, comply with legal obligations, resolve disputes, prevent fraud or abuse, maintain security, support subscriptions, and preserve limited audit records.
• Some generated artifacts, retry objects, logs, and diagnostic records may have shorter retention periods or be removed after processing. Some legal, security, tax, accounting, subscription, fraud-prevention, moderation, or anonymized analytics records may be retained after account deletion when required or permitted.

6. Account Deletion, Export, And Controls

You can request export or deletion from inside the app under Settings → Privacy, or by emailing privacy@ariacoach.app from the email address associated with your Aria account so we can verify ownership. If you cannot email from that address, include enough information for us to verify the account safely.

After we verify ownership, we aim to acknowledge deletion requests within 7 business days and complete deletion within 30 days unless a legal, security, fraud-prevention, subscription, tax/accounting, moderation, or similar retention exception applies. Deletion can affect your shared Aria account, Aria XII soccer data, app access, subscription-linked entitlements, and stored coaching history.

You can also:

• Change Health Connect and Apple Health permissions in your device settings.
• Disconnect supported integrations in the app where available.
• Delete or edit certain user-provided content through app features where available.
• Request access or export of account data where available and legally permitted.

7. Children's Privacy

Aria is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to Aria, contact privacy@ariacoach.app.

8. Changes To This Policy

We may update this Privacy Policy from time to time. When changes are material, we may notify you in the app, by email, or by requiring acceptance of the updated policy before continued use.

9. Contact Us

For privacy questions, access requests, export requests, or deletion requests, contact:

Email: privacy@ariacoach.app

Version 2 — Effective June 2, 2026. Last Updated: June 20, 2026.