Privacy policy

Last updated: February 12, 2026

This Privacy Policy explains how Dash (“we”, “us”) handles information when you use the Dash iOS app (the “App”) and the Dash Workouts website and related services (the “Services”).

1) Who we are

Controller: Rui Peres
Location: London, United Kingdom
Contact: rui.peres@dashworkouts.app

2) What Dash does

Dash is a companion app that displays your training stats and widgets. Dash connects to data providers only after you choose to connect them (for example, Strava and/or Apple Health).

Dash does not record activities itself.

3) Information we process

A) Provider authentication information (for example, Strava)

When you connect Dash to Strava, Dash stores:

  • Strava access token and refresh token
  • Token expiration time
  • Strava athlete ID

Storage: on your device (for example, iOS Keychain).
Purpose: authenticate with Strava and fetch your Strava data.

Cookies note: Strava’s login page is owned and controlled by Strava. Strava may use cookies on their website. Dash does not read or access Strava cookies.

B) Activity and workout information used by the App

Dash reads provider data needed to display your stats and widgets (for example, profile fields, activity summaries, and time-series streams like distance, heart rate, power, and elevation when available).

Storage: on your device (local storage/cache).

Optional server-side features: Some optional features (for example, server-side integrations or provider sync) may require storing a copy of your authorized activity data on our servers so the feature can work. When we do this, we store it securely and only for the purpose of providing the feature you requested.

C) Apple Health / HealthKit data (if you choose to connect it)

If you connect Apple Health, Dash reads the HealthKit data you authorize (for example, workouts and related metrics) to provide the same stats and widgets experience.

Storage: on your device (local storage/cache).

D) Push notifications (silent notifications)

Dash may use silent push notifications to trigger background refresh.

Our notifications server may store:

  • Provider user identifier (for example, Strava athlete ID)
  • Device push token (APNs token)

We store nothing else for notifications (no activities, no webhook payloads, no history).
Retention: deleted when you log out / disconnect.

E) Purchases and subscriptions

Payments are processed by Apple In-App Purchase. Dash does not receive your payment card details.

Dash may use RevenueCat to manage subscription entitlements. RevenueCat processes purchase/receipt information and related technical identifiers necessary to provide subscription status.

F) Crash and error diagnostics (Sentry)

Dash uses Sentry to diagnose crashes and improve reliability.

Dash may set a Sentry user identifier to a provider identifier (for example, your Strava athlete ID) and may send diagnostic events (such as breadcrumbs and error context) to help troubleshoot issues.

4) What we do not do

  • No ads
  • No sale of personal data
  • No IDFA / App Tracking Transparency for advertising tracking
  • No background location tracking: Dash does not track your device location; any route/location data is limited to the workout data you import from your provider

5) Why we process data (purposes)

We process information to:

  • Provide the App’s features (provider connection, widgets, stats)
  • Maintain your session
  • Provide subscriptions and entitlement checks
  • Deliver silent notifications for refresh
  • Diagnose crashes and fix bugs

6) Legal bases (UK GDPR / GDPR)

Where applicable, we rely on:

  • Contract (to provide the service you request)
  • Legitimate interests (app security and reliability, crash diagnostics)
  • Consent (where required by iOS for certain permissions)

7) Sharing

We share information only with:

  • Providers you connect (for example, Strava, Apple Health)
  • Apple (purchases)
  • RevenueCat (subscription management)
  • Sentry (crash reporting)
  • Hosting providers required to run notifications and optional sync services

We do not share data with third parties for advertising.

8) International transfers

Our service providers may process information outside the UK. Where required, appropriate safeguards are used.

9) Retention

  • On-device tokens and cached data: until logout or app deletion
  • Notifications server record (identifier + push token): deleted on logout/disconnect
  • Crash reports: retained according to Sentry retention settings

10) Your rights

You may have rights to access, delete, or restrict processing of your personal data. To request help, contact rui.peres@dashworkouts.app.

Because much of your activity data originates from your connected provider, you can also manage much of it directly via that provider.

11) Children

Dash is not directed to children under 13. We do not knowingly collect personal data from children under 13.

12) Changes

We may update this Privacy Policy. The “Last updated” date will reflect changes.

Contact

Email: rui.peres@dashworkouts.app