Privacy Policy

Takat is an iOS workout tracker published by Six Pak Labs LLC, a California limited liability company ("we", "us"). This policy explains what data Takat collects and what happens to it. It also covers the takat.app marketing site, including the pre-launch email waitlist.

Summary

  • Takat has no account system. You do not sign up, log in, or give us your email to use the app. (If you join our pre-launch waitlist on the marketing site, that's the one place where we hold an email — see "Marketing site and waitlist" below.)
  • Your workout data lives on your iPhone. If you subscribe to Takat Plus and enable iCloud backup, a copy is saved to your iCloud Drive — we never receive or store it on our servers.
  • We use a small number of service providers in narrow categories: subscription processing, anonymous product analytics, AI model hosting, and cloud infrastructure. These providers are contractually committed to processing your data only for the services we contract them for, and not training their models on your data.
  • We do not sell your data. We do not use advertising networks. We do not track your location.

Data on your device

Everything you enter in Takat — routines, programs, logged sets, session notes, preferences, onboarding answers, and coach conversations — stays in device-local storage on your iPhone. Uninstalling the app removes all of it. You can also wipe it from inside the app via Settings → Profile → Delete all Takat data.

iCloud backup (Takat Plus)

If you enable cloud backup at Settings → Subscription → Cloud backup, Takat writes a backup file to your personal iCloud storage. Apple stores the file under your Apple ID; we never receive or access it. You can delete it anytime from the Files app under iCloud Drive → Takat, or in iOS Settings → [your Apple ID] → iCloud → Manage Storage.

Apple Health (optional)

If you grant Takat access to Apple Health, the app reads recent body-weight samples and recent workout summaries so the AI coach can calibrate plans. Health data stays on your device except as a short summary included in a coach prompt you explicitly initiate. Takat does not write to Apple Health. You can revoke access any time in iOS Settings → Privacy & Security → Health → Takat.

Microphone and voice logging

Voice logging transcribes audio on-device using Apple's Speech Recognition framework. The microphone is only active during a voice-logging session you initiate. Depending on your device and language, Apple may transmit audio to its own services for transcription under Apple's terms; we never receive the audio. The resulting text transcript is sent through our AI coach proxy to an AI service provider so it can be parsed into a set (exercise, weight, reps), then discarded.

AI coach

The Takat AI coach uses a large language model hosted by an AI service provider. Coach requests pass through a proxy we operate on cloud infrastructure, which verifies the request using Apple App Attest, then forwards it on.

Sent to the proxy and AI service provider: your prompt or voice transcript, relevant context from your device (active routine, recent workouts, training goals from onboarding, and — if you granted Health access — a short summary of recent body weight and activity), and App Attest headers that verify a real Takat install.

Not sent: any identifier that links your requests across sessions to you personally, your payment details, your email, or your Apple ID.

What the coach proxy retains

Our coach proxy is a pass-through forwarder. It does not store, log, or retain your prompts, voice transcripts, or the AI's responses. It does not record request or response bodies. The only content-related values it records are numeric counters (token counts and byte sizes reported by the AI service provider) used to measure latency and detect cost regressions — never the text itself.

The proxy keeps a few short-lived operational records:

  • App Attest challenges for one-time registration of your install: a random nonce with a 5-minute expiration.
  • App Attest registration records for your install: a public key identifier and a monotonic usage counter (used to detect replay attacks). Stored for the lifetime of the install — never the private key, which stays in your iPhone's Secure Enclave and is not accessible to us.
  • Daily rate-limit counters: integer request and token-budget tallies that reset each UTC day (24-hour rolling retention) and are never linked to prompt content.

Our cloud infrastructure provider logs request-level metadata (timestamps, IP address, response status) for operational purposes under its standard retention. Our own proxy code writes a per-request telemetry line with the route name, byte counts, AI-service token counts, and timing data, plus operational error messages — never request or response bodies.

What the AI service provider retains

Our AI service provider processes coach requests under its API data-usage policy. The provider is contractually committed not to use API inputs to train its models. The provider retains API request and response data for up to 30 days for abuse and misuse monitoring, after which it is deleted.

Subscriptions

Takat Plus is sold through Apple's In-App Purchase system. We use a subscription-management provider to validate purchases and manage entitlements. The provider receives an anonymous device-generated user ID, the product you purchased and its status, and basic device metadata. It does not receive your name, email, or Apple ID.

If you grant App Tracking Transparency permission when prompted, the subscription-management provider additionally collects Apple's advertising identifier (IDFA) for install-attribution reporting. If you deny the prompt, IDFA is not collected. Nothing in Takat depends on ATT being granted.

Anonymous analytics

We use a product-analytics provider to understand how people use Takat so we can improve it. The provider receives event names (for example, "workout logged" or "paywall viewed") and category-only properties. A client-side allowlist prevents exercise names, routine titles, notes, or any coach content from ever being sent. Events are tied to an anonymous device ID; the provider does not know your name, email, or Apple ID.

Marketing site and waitlist

The takat.app marketing site is a static informational site. If you submit your email address to our pre-launch waitlist, we send it to an email-marketing provider that we use to email you when Takat ships and to send occasional updates about Takat. We use the address only to contact you about Takat. You can unsubscribe any time using the link in any email we send, or by emailing hello@takat.app.

The waitlist form rate-limits submissions by IP address; the IP is held only in memory for the rate-limit window and is not logged or persisted.

App Tracking Transparency

After onboarding, iOS shows Apple's App Tracking Transparency prompt. Your choice controls whether our subscription-management provider collects Apple's advertising identifier (IDFA). Denying the prompt does not disable any feature of Takat. You can change your choice in iOS Settings → Privacy & Security → Tracking.

Service providers (subprocessors)

We work with service providers in the following categories. All providers are contractually committed to processing your data only for the services we contract them for, and not training their models on your data.

  • Apple — App Store, StoreKit, iCloud, HealthKit, Speech Recognition, App Attest (apple.com/legal/privacy)
  • Subscription-management provider — purchase validation and entitlements
  • Product-analytics provider — anonymous usage analytics
  • Cloud-infrastructure provider — AI coach proxy hosting and request routing
  • AI service providers — coach language-model hosting
  • Email-marketing provider — pre-launch waitlist email collection on the takat.app marketing site

A current list of the specific vendors in each category is available on request at hello@takat.app.

What we do not collect

  • No advertising SDKs beyond the IDFA collection noted above (no Facebook SDK, no AppsFlyer, no Branch).
  • No location tracking.
  • No access to your contacts, calendar, or photos.
  • No microphone access outside an active voice-logging session you started.
  • No sale or rental of your data to third parties.

Children

Takat is not directed at children under 13 and we do not knowingly collect information from children under 13.

Takat has no user accounts and does not store workout data on its servers. If a child has used Takat on a parent or guardian's iPhone, the in-device remedies described elsewhere in this policy are the complete way to remove that data:

  • Uninstalling Takat, or Settings → Profile → Delete all Takat data inside the app, removes all on-device data.
  • The iCloud backup file (if cloud backup was ever enabled) lives in the family's own iCloud storage and can be removed at iOS Settings → [your Apple ID] → iCloud → Manage Storage → Takat.
  • An active Takat Plus subscription is managed through the family's Apple ID at iOS Settings → [your Apple ID] → Subscriptions.

If a child has joined our marketing waitlist with their email address, email hello@takat.app from a parent or guardian email account and we will remove the address from our waitlist list.

Delete all data

Settings → Profile → Delete all Takat data wipes your routines, programs, logged workouts, onboarding profile, app settings, coach conversation, and AI-generated form cues. It rotates the anonymous analytics and subscription identifiers tied to your install, and deletes the iCloud backup on a best-effort basis if iCloud is reachable.

It does not cancel an active Takat Plus subscription — only Apple can do that, in iOS Settings → [your Apple ID] → Subscriptions. The in-app confirmation alert points you there.

Your California privacy rights (CCPA / CPRA)

California residents have the right to:

  • Know what categories of personal information we collect and why.
  • Request deletion of personal information we hold about you.
  • Correct inaccurate personal information.
  • Opt out of any "sale" or "sharing" of personal information.
  • Limit the use of "sensitive personal information" as defined by the statute.

We do not sell or share personal information. We do not use personal information for cross-context behavioral advertising. We do not process "sensitive personal information" beyond Apple Health data you explicitly grant (governed by Apple's own terms).

To exercise any of these rights, email hello@takat.app. Because Takat has no account system, verification usually involves enough context (approximate install date, device model, Apple ID used for purchase) for us to identify the right records at our service providers on your behalf. We respond within the 45-day window required by the statute.

Your privacy rights (other jurisdictions)

Residents of other US states with comprehensive consumer-privacy laws (Colorado, Connecticut, Virginia, Utah, and similar) have substantially similar rights. Exercise them the same way.

EEA / UK / Switzerland residents

Takat is a solo-operator app offered to users in the United States and internationally through the App Store. If you are in the European Economic Area, the United Kingdom, or Switzerland, the EU General Data Protection Regulation and (for UK residents) the UK GDPR apply to our processing of your personal data.

Your rights. You have the right to access the personal data we hold about you; to request rectification of inaccurate data; to request erasure; to request restriction of processing; to data portability; and to object to processing, including processing based on legitimate interest. Where we rely on your consent (Apple Health, microphone, App Tracking Transparency, iCloud backup), you may withdraw that consent at any time from iOS Settings or from within Takat. Withdrawal does not affect processing carried out before withdrawal.

Automated decision-making. We do not use automated decision-making that produces legal or similarly significant effects about you within the meaning of GDPR Article 22. The AI coach's suggestions are advisory and only take effect when you act on them.

Our legal bases. We rely on your consent for the permissions you explicitly grant (Apple Health access, microphone access for voice logging, App Tracking Transparency, iCloud backup). We rely on our legitimate interest in operating, securing, and improving the Service for the minimal analytics, subscription validation, and coach-request routing required to deliver the features you invoke. We rely on contract performance for the subscription validation that makes Takat Plus features available.

How to exercise your rights. Email hello@takat.app with a description of what you're asking for. Because Takat has no account system, please include enough context for us to identify the right records — approximate install date, device model, the Apple ID you used for any Takat Plus purchase. We will respond within one month of receipt, as required by GDPR Article 12, and may extend that period by up to two further months for complex or numerous requests, in which case we will tell you within the first month.

EU and UK representative. At our current scale, Takat does not maintain an EU representative under GDPR Article 27 or a UK representative under UK GDPR Article 27. We handle data-subject requests and supervisory-authority correspondence directly via email at hello@takat.app.

Right to complain. You have the right to lodge a complaint with the data-protection supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place of alleged infringement, or with the UK Information Commissioner's Office (ico.org.uk). We ask that you contact us first at hello@takat.app so we have a chance to resolve your concern directly.

International transfers. Your data may be processed in the United States by our subprocessors (categories listed in the Service providers section above). For transfers from the EEA / UK / Switzerland to the United States, we rely on the Standard Contractual Clauses published by the European Commission (and the UK International Data Transfer Addendum where applicable) as incorporated into our subprocessors' data-processing terms.

Data retention

  • Data on your device: until you delete it in-app or uninstall.
  • iCloud backup: until you delete it from your iCloud storage.
  • Subscription-management records: per the provider's retention policy. The anonymous subscription identifier is rotated on Delete All Data.
  • Anonymous analytics events: 1-year rolling retention. The anonymous distinct ID is rotated on Delete All Data; post-rotation events cannot be linked to the prior install.
  • Coach proxy: prompts, voice transcripts, and AI responses are not retained. App Attest challenges expire after 5 minutes. Rate-limit counters reset daily (24-hour rolling). App Attest registration records persist for the lifetime of the install and are erased on Delete All Data (the key is cleared locally; the server-side record remains until expiry but cannot be linked to you after the local key is wiped).
  • AI service providers: up to 30 days for abuse and misuse monitoring, then deleted. Not used to train models.
  • Marketing waitlist email: retained at our email-marketing provider for as long as you stay subscribed. You can unsubscribe at any time using the link in any email we send, or by emailing hello@takat.app.

Data security

We use TLS for all network traffic. The App Attest private key that verifies coach requests is stored in your iPhone's Secure Enclave and is not accessible to us or to the app. No online service is 100% secure; if you notice something concerning, email hello@takat.app.

Changes to this policy

If we make a material change we will update the Last updated date and surface the change in-app before your next coach or backup action.

Governing law

This policy is governed by the laws of the State of California, without regard to conflict-of-laws principles, except where mandatory consumer-protection law in your jurisdiction applies.

Contact

Email: hello@takat.app

Publisher: Six Pak Labs LLC, a California limited liability company

Address: 2108 N St, Ste N, Sacramento, CA 95816, United States