Privacy Policy

Last updated: 15 June 2026

Mruk is a personal fitness and health coaching companion — an iOS app backed by a small serverless service. This policy explains what we collect, why, who processes it on our behalf, and the controls you have. We do not sell your data, we do not use it for advertising, and we run no third-party tracking or analytics SDKs.

Mruk provides wellness and coaching guidance. It is not a medical device and does not provide medical advice, diagnosis, or treatment. Always consult a qualified professional for medical decisions.

Who we are (data controller)

Mruk is the controller of the personal data described here. You can reach us about anything in this policy — including to exercise your rights — at hello@mruk.app.

What we collect, and why

Everything below is collected to operate the app and the coaching features you use. We do not collect data for advertising or profiling for third parties.

Account data

Your email address (or, if you use Sign in with Apple, the Apple private-relay address you choose to share).
An Apple identifier (apple_sub) so Sign in with Apple can recognise your account on return.

Health & fitness data you log

Weight and weigh-ins, food and macros, water intake.
Workouts and training checklists.
A daily readiness check-in.
Optional blood-test photos and the markers parsed from them.

Apple Health (HealthKit) — optional

Only if you grant access, Mruk reads steps, heart-rate variability (HRV), sleep, and resting heart rate from Apple Health. These are used solely in the app to compute your readiness signal. In line with Apple's requirements, HealthKit data is never used for advertising and is never sold, and we do not write to Apple Health without an explicit action from you.

Coach content

Your chat with the Mruk coach, and any meal or bloodwork photos you send, so the coach can answer in context.

How your data is processed (and by whom)

We use a small set of service providers as data processors. They process your data only to provide their service to us, under our instructions — not for their own purposes.

Processor	What it does
Google Cloud — Vertex AI (Anthropic Claude & Google Gemini models)	Processes your coach queries and the relevant context to generate the coach's replies. Acts as a processor on our behalf; your content is not used to train their models for their own purposes.
Turso (libSQL)	Stores your account and the data you log.
Vercel	Hosts the serverless API and stores your meal and bloodwork photos (Vercel Blob, private).
Apple	Sign in with Apple (authentication) and Apple Push Notification service (APNs) for notifications.

Our privacy model: adherence is shareable, measurement is sacred

Mruk treats your effort signals differently from your body measurements.

Adherence signals — things like completed workouts and streaks — can be shared with a household or crew that you choose, so people can encourage each other.
Measurement is sacred. Your weight, food, and bloodwork are never shared with anyone except by your explicit, per-person opt-in. These figures are decoupled for each person; sharing effort never exposes the numbers.

Sign in with Apple

If you use Sign in with Apple, we verify Apple's signed token and link it to your account by your verified email or your stored Apple identifier (apple_sub). We read nothing else from your Apple ID.

Lawful basis for processing

Consent — collected on first run via the in-app consent screen (and, for Apple Health, via the system permission prompt). You can withdraw consent at any time (see your rights, below).
Performance of a contract — processing necessary to provide the app and coaching service you signed up for.

Your rights

Under the GDPR (Articles 15–20) you have the rights below. We have built tools to exercise the main ones directly in the app:

Right	How to exercise it
Access & portability (Arts. 15, 20)	Settings → Export my data — produces a machine-readable JSON copy of your data.
Erasure (Art. 17)	Settings → Delete account — wipes your account and your data (see Retention).
Rectification (Art. 16)	Edit your profile and logged entries directly in the app.
Restriction & objection (Arts. 18, 21)	Contact us at hello@mruk.app.
Withdraw consent	Revoke Apple Health access in iOS Settings, and/or delete your account to withdraw consent entirely.

You can always reach us at hello@mruk.app to exercise any of these rights, and you have the right to lodge a complaint with your local data-protection authority.

Retention

We keep your data for as long as your account exists. When you delete your account, your account and the data associated with it are deleted. Operational backups and snapshots are purged on a rolling basis after that.

Children

Mruk is not directed at people under 18. Our onboarding screening blocks under-18 users from calorie-deficit targeting.

Where your data is stored (residency)

To be straightforward: your data is currently stored and processed on US / global infrastructure — our Turso database region and Vertex AI's global/US endpoints. EU data residency is something we are actively considering for the future, but we do not claim EU-only residency today. If you sign up from the EU/EEA, your data may be transferred to and processed in the United States under appropriate safeguards.

Changes to this policy

If we make material changes we will update this page and the "last updated" date above.