EVOX
โ† Back to home

Privacy Policy

Last updated: April 2, 2026

Data Controller

The data controller is MARECHAL OLIVIER EURL (SIREN: 991 984 477), operating under the trade name EVOX.

1. Data Collection

Evox is designed with privacy in mind. We collect minimal data necessary for app functionality:

  • Workout data: Timer settings, workout durations, exercises, and personal records (stored locally on your device, synced to our servers only if you create an account)
  • Account data (optional): Email address if you sign in (for backup and sync purposes only)
  • App preferences: Theme, language, accent color, and other settings you choose
  • Analytics (PostHog): Anonymous usage events (screens visited, features used, timer types) to improve the app. No personal data is included. Data is processed by PostHog (EU servers).
  • Advertising (AdMob): Google AdMob may collect device identifiers and usage data to serve ads. On iOS 14.5+, you will be asked for permission before any tracking occurs (App Tracking Transparency).
  • Subscription (RevenueCat): Purchase history and subscription status are managed by RevenueCat. No payment details are stored by Evox.
  • No location data: We do not access or store your location

2. Data Storage

All your data is stored locally on your device using AsyncStorage:

  • No cloud storage or external servers
  • No data synchronization across devices
  • Data remains private and under your control
  • Uninstalling the app removes all data

3. Data Usage

Your data is used exclusively for:

  • Providing timer functionality
  • Storing your workout preferences
  • Improving app performance (anonymous usage analytics only)

4. Data Sharing

We use the following third-party services:

  • PostHog (analytics): Anonymous usage statistics to understand how the app is used and improve features. EU-hosted. No personal data shared.
  • Google AdMob (advertising): Serves ads to free users. May use device identifiers for ad personalization if you grant permission via the iOS App Tracking Transparency prompt. You can opt out at any time in your device settings.
  • RevenueCat (subscriptions): Manages in-app purchases and subscription status. Processes purchase receipts from Apple/Google.
  • Resend (email): Sends verification emails when you sign in with email. Your email is not shared for marketing purposes.

5. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access: View all data stored on your device
  • Rectification: Modify your workout data and preferences
  • Erasure: Delete all data by uninstalling the app
  • Portability: Export your workout data (contact us for assistance)
  • Restriction: Limit data processing (not applicable as we don't process personal data)

6. Data Security

Since all data is stored locally on your device, your information is protected by your device's security measures. We implement appropriate technical measures to ensure data integrity within the app.

7. Connected apps (MCP)

You may connect external AI assistants (Claude, ChatGPT, ...) to your Evox account via the Model Context Protocol (MCP). When you do so, the following applies:

Data accessible by the AI assistant:

  • Read your training data: your profile, personal records, recent sessions, training aggregates, and active program. Only data tied to your account, never anyone else's.
  • Create workouts in your library: the AI can add new workouts to your Evox library on your behalf. You can edit or delete them from the app at any time.
  • Schedule sessions in your calendar: the AI can place workouts on future dates in your Evox calendar. You stay in control: you can remove or reschedule them from the app.

Your consent and control:

  • You explicitly grant access via an OAuth login screen when connecting each AI assistant. You can grant only a subset of permissions if the assistant supports it.
  • You can revoke any connection at any time from the Evox app: Athlete > Connected apps > Disconnect. Revocation is immediate and the AI loses access on its next call.
  • Each AI assistant is a separate connection. Disconnecting one does not affect the others.

Third-party AI providers:

Once you connect an assistant, the data accessed by that assistant is sent to its provider (Anthropic for Claude, OpenAI for ChatGPT, etc.) for processing. We are not responsible for how each provider handles your data on their side โ€” please refer to their privacy policy.

MCP-specific data retention:

  • OAuth access tokens: 1 hour TTL, automatically rotated.
  • OAuth refresh tokens: 30 days TTL, deleted when you disconnect.
  • Connection records (OAuth client metadata): deleted when no active token remains.
  • Workouts and sessions created via MCP are stored like any other workout in your library โ€” they follow the general Evox data retention (deleted when you delete your account).

8. Contact

For any questions about this privacy policy or to exercise your rights, contact us at: contact@getevox.fit