PRIVACY POLICY
Last updated: April 28, 2026
Overview
Tonnage is a fitness tracking app developed by a solo independent developer. Your privacy is taken
seriously. This policy explains what data the app accesses, how it's used, and how it's stored.
Data Collection and Storage
Tonnage stores your workout data, routines, settings, history, and body composition logs locally on
your device. There are no Tonnage-operated servers, no analytics services, and no advertising
trackers.
iPhone / iPad: Tonnage uses Apple's CloudKit service to automatically sync your data to your personal
iCloud account so it can restore on a new device. This data is encrypted by Apple, stored in your
private iCloud database, and is not accessible to Tonnage or any third party.
Android: Because Android does not have a free per-user private cloud database equivalent to iCloud,
Tonnage uses Google Firebase (Authentication and Cloud Firestore) to provide cross-device sign-in and
cloud sync. Your email address is collected to identify your account, and your workout data, routines,
history, settings, and body composition logs are stored in a Tonnage-owned Firestore database. Access
is restricted by Firebase security rules so that only you, signed in with your account, can read or
write your records. Google acts as a data processor; Tonnage is the data controller. Google's Firebase
data handling is governed by the https://firebase.google.com/terms/data-processing-terms. Data is
encrypted in transit (TLS) and at rest by Google.
HealthKit (iPhone / iPad)
Tonnage integrates with Apple HealthKit to:
- Read body weight and body fat percentage data (e.g., from smart scales like Withings)
- Read heart rate data during workouts (e.g., from Apple Watch or AirPods Pro 2)
- Read daily activity metrics — active calories, steps, walking heart rate, heart rate recovery, VO₂
Max, and blood oxygen — populated by Apple Watch, Garmin, Oura, WHOOP, iPhone, and similar devices.
These are displayed on the Stats page so you can see day-over-day health context alongside your
training.
- Read overnight recovery metrics — sleep analysis, heart rate variability (HRV), resting heart rate,
and respiratory rate — populated by any device that syncs to Apple Health (Eight Sleep, Apple Watch,
Oura, WHOOP, Garmin, Withings, and similar trackers). These are displayed on the Stats page so you can
see recovery context alongside your training.
- Write completed workouts, active energy burned, and workout distance back to Apple Health so they
appear in your Activity rings and workout history.
HealthKit data is used solely to display and save metrics within the app. Health data obtained through
HealthKit is processed entirely on your device, is not shared with third parties, is not sold, is not
used for advertising, and is not transferred to any external service. Access to HealthKit requires
your explicit permission and can be revoked at any time in your device's Settings under Privacy &
Security → Health.
Health Connect (Android)
Tonnage integrates with Google Health Connect to:
- Read body weight and body fat percentage data (e.g., from smart scales that sync to Health Connect
like Withings, Garmin, or Fitbit)
- Read heart rate data during workouts (from Bluetooth heart rate monitors and other devices that
write to Health Connect)
- Read daily activity metrics — active calories, steps, oxygen saturation — populated by Wear OS
watches, Garmin, Oura, WHOOP, and similar devices. These are displayed on the Stats page so you can
see day-over-day health context alongside your training.
- Read overnight recovery metrics — sleep stages, heart rate variability, resting heart rate, and
respiratory rate — populated by any device that syncs to Health Connect (Oura, WHOOP, Garmin,
Withings, and similar trackers). These are displayed on the Stats page so you can see recovery context
alongside your training.
- Write completed workouts, active calories, and heart rate samples back to Health Connect so they
appear in your activity history and other connected apps.
Health data obtained through Health Connect is processed on your device for display, and the same data
is also written to your Tonnage account in Cloud Firestore (see Data Collection and Storage above) so
it can sync across devices. Health data is not sold, is not used for advertising, and is not shared
with any third party other than Google as the operator of Cloud Firestore. Access to Health Connect is
per-category and requires your explicit permission. You can revoke access at any time in Health
Connect under Tonnage's app permissions.
Bluetooth
Tonnage uses Bluetooth to connect to external heart rate monitors during workouts. Bluetooth data is
processed locally and is not transmitted or stored beyond the active workout session's heart rate
readings, which are saved to your on-device workout history (and, on Android, synced to your Tonnage
account in Cloud Firestore alongside your other workout data).
On Android 12 and later, this requires the "Nearby devices" permission. Tonnage does not use Bluetooth
scanning to derive your physical location.
Notifications
Tonnage uses local notifications to alert you when rest and warm-up timers complete and to keep a
workout-active notification visible while you train. These notifications are generated entirely on
your device and do not involve any external push notification service.
On Android, Tonnage may request to be exempt from Battery Optimization so that timer alerts fire
reliably while the screen is locked. This permission is requested with your consent during the
first-run setup, and you can revoke it at any time in Android Settings → Battery.
Over-the-Air Updates
Tonnage delivers in-app updates (bug fixes and small feature changes) through Capgo, a third-party
over-the-air update service. To check for updates, your device sends a minimal request containing the
app version, a randomly-generated device identifier created by Capgo, and your platform (iOS or
Android). Capgo does not receive any of your workout data, health data, account email, or any other
personal information. See https://capgo.app/privacy for details.
Third-Party Services
Tonnage uses the following third-party services. None of them are used for analytics, advertising, or
behavioural tracking:
- Apple iCloud / CloudKit (iPhone / iPad only) — for syncing your data to your private iCloud database.
- Google Firebase Authentication (Android only) — for email/password sign-in.
- Google Cloud Firestore (Android only) — for storing your workout data so it can sync across devices.
- Google Health Connect (Android only) — for reading and writing health data on your device.
- Apple HealthKit (iPhone / iPad only) — for reading and writing health data on your device.
- Capgo (both platforms) — for delivering over-the-air app updates.
No data is shared with or sold to advertisers or third-party data brokers.
Children's Privacy
Tonnage does not knowingly collect information from children under the age of 13.
Changes to This Policy
This privacy policy may be updated from time to time. Any changes will be reflected on this page with
an updated revision date.
Contact
If you have questions about this privacy policy, please contact: support@tonnageapp.com