Privacy Policy
Last updated: 10 June 2026
This Privacy Policy explains how the Strathlon mobile application (the "App") handles your information. We have designed Strathlon to keep your data on your device wherever possible. The App has no account and no login, and we do not run any advertising or third-party analytics SDKs.
1. Who we are (Data Controller)
The data controller is Chanaka Ekanayake trading as Strathlon, developer of Strathlon. You can contact us about privacy at support@strathlon.com.
2. No account, no login
Strathlon does not require you to create an account, and we do not ask for your name purely to identify you (the name you optionally enter during setup is used only to personalise the App on your device). There is no email/password sign-up and no social login. The only identity associated with you on our servers is the anonymous transaction identifier Apple assigns to your subscription (see section 6).
3. What we collect, and why
The following is created and stored on your device and is not transmitted to us, except where this policy explicitly says otherwise:
| Data | Why | Where it lives |
|---|---|---|
| Profile & setup (name, accent colour, age, gender, height, weight, goals, experience, training setup, food preferences, sports and schedules) | To build and personalise your training plan and nutrition targets | On device |
| Food logs, training history, weight and progress entries | To power your tracker, charts and plan progression | On device |
| In-app workout & body analytics (e.g. session and rest data, body-metric and sleep samples) | To improve plan personalisation; you can opt out in the App | On device (Apple SwiftData store, no iCloud sync) |
| Chat messages, food descriptions and food photos you send to the AI Coach | To generate coaching answers, meal plans and calorie/macro analysis | Sent to our AI processors (section 5); see retention in section 9 |
| Apple subscription transaction identifier & anonymised usage/cost figures | To verify your subscription and meter AI usage fairly | On our Cloudflare Worker (section 6) |
4. Apple Health (HealthKit) — read-only
With your permission, Strathlon reads data from Apple Health to personalise your plan and nutrition targets and to auto-fill your stats. Access is read-only: the App uses Health data on your device and does not transmit it to us. Specifically, the App requests read access to:
- Active and resting (basal) energy burned
- Heart rate and resting heart rate
- VO₂ max
- Body weight (mass), height, BMI and body-fat percentage
- Biological sex and date of birth (for accurate metabolic calculations)
- Workouts
- Sleep analysis (used for analytics where you grant it)
You can grant or revoke Health access at any time in iPhone Settings → Privacy & Security → Health → Strathlon. Declining only means you'll enter some values manually.
5. AI processing (Anthropic & Cloudflare)
The AI Coach features — chat answers, AI meal plans, "describe-to-log", and photo calorie/macro analysis — are powered by a large language model. When you use these features, the App sends the relevant content to a Cloudflare Worker that we operate, which forwards it to Anthropic's Claude models to generate the response. What is sent depends on the feature and may include:
- The chat message or food description you type;
- A food photo you choose to analyse;
- Relevant profile context (such as your goals, targets and preferences) so the answer is tailored to you.
We use the following processors for this feature:
- Cloudflare, Inc. — hosts the proxy ("Worker") that authenticates your subscription, applies fair-use limits, and routes the request. It does not store the content of your messages or photos.
- Anthropic PBC — operates the Claude AI models that generate the response from the content sent.
These providers process your content to deliver the feature you requested. Your AI requests are not used to train models under our API arrangement, and we do not attach your name or contact details to them.
6. Subscriptions (Apple)
Strathlon's premium AI features require an auto-renewing subscription, purchased through Apple's App Store using Apple's StoreKit. Apple processes the payment — we never see or store your card or payment details.
To confirm you're entitled to the AI features, the App sends the Apple-signed subscription transaction (a cryptographic token) to our Cloudflare Worker, which verifies it directly with Apple's App Store Server API. The Worker keeps a record keyed to the anonymous Apple original transaction identifier in order to apply daily fair-use limits and to log anonymised AI usage and cost (token counts and estimated cost). This identifier is not your name, email or Apple ID, and is not combined with any directly identifying information by us.
7. Where your data is stored
The large majority of your data — profile, food and training logs, progress, and in-app analytics — is stored on your device and is included in your normal device and iCloud device backups (which are controlled by Apple, not us). The only data on our servers is the subscription/usage record described in section 6, plus the transient AI request content described in section 5.
8. No advertising, no third-party trackers
Strathlon contains no advertising and no third-party advertising or analytics SDKs (for example, no Facebook SDK, Google Analytics, or similar). We do not track you across apps or websites, and we do not sell or share your personal data for advertising.
9. Retention
On-device data remains until you delete it, reset the App, or delete the App. The AI request content sent to our processors is used to generate your response and is subject to those providers' own limited operational retention (for example, short-term abuse-prevention retention); we do not maintain our own long-term store of your messages or photos. The anonymised subscription/usage records are retained for fair-use enforcement, accounting and fraud prevention.
10. Legal basis (UK GDPR)
For users in the UK and EEA, we rely on the following legal bases under the UK GDPR / GDPR:
- Performance of a contract — to provide the App's features you request, including AI responses and subscription verification.
- Consent — for access to Apple Health data and your camera/photos, which you grant through the iOS permission prompts and can withdraw at any time.
- Legitimate interests — to keep the service secure, prevent abuse, and understand anonymised, aggregate AI usage and cost.
11. Your rights
Because Strathlon has no account, most of your data is in your own hands: you can view, edit, or delete it directly in the App, and deleting the App removes the on-device data. Where we hold data (the anonymised subscription/usage record), you have the right to request access, correction, or deletion, and to object to or restrict processing. Note that we may be unable to link a request to a specific record without the relevant Apple transaction identifier. To exercise your rights, contact support@strathlon.com. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) or your local supervisory authority.
12. Children
Strathlon is not directed at children and is not intended for anyone under 16. We do not knowingly collect data from children under 16. If you believe a child has used the App, please contact us so we can help.
13. Camera & photos
Strathlon requests access to your camera and photo library only so you can take or choose a food photo to analyse. A photo you select for analysis is sent to our AI processors (section 5) to estimate calories and macros. We do not access your photo library for any other purpose.
14. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected by the "Last updated" date above and, where appropriate, highlighted in the App.
15. Contact
Questions about this policy or your data? Email support@strathlon.com.
Terms of Use · Support · Home