← sovv.health

Privacy Policy

Operated by Mustafar Ltd. · Effective 22 May 2026 · Last updated 22 May 2026.

The short version

1. Who we are

sovv is an iOS application that processes training, recovery, sleep, and nutrition data on your device to deliver a personalised morning briefing. The application is published by Mustafar Ltd. ("we", "us", "our"), operating under the brand sovv at sovv.health, and we are the data controller for any personal data described in this policy.

Contact for privacy matters: privacy@sovv.health.

2. The data we receive

2.1 Account information (sign-in)

When you create an account we store one of the following depending on which sign-in method you use:

This data is held by Firebase Authentication (a Google service) acting as our processor under the controller-processor model. It is the only personal data we hold on our servers.

2.2 Subscriptions

If you subscribe to sovv Pro, Apple processes the transaction through StoreKit and provides us a receipt indicating that you are entitled to Pro and which SKU (monthly or annual). We do not see your name, billing address, card number, or other payment information — Apple holds all of that. See Apple's Media Services policy for how Apple handles your purchase data.

2.3 Health, sleep, training, and nutrition data

sovv reads the following from Apple Health on your device:

You explicitly grant sovv permission to read these types via the Apple Health permission sheet during onboarding. You can review and revoke that permission at any time in the iOS Settings app under Health → Data Access & Devices → sovv.

This data is read, processed, and stored only on your device. It is never transmitted to our servers, to any cloud, or to any third party. The patent that protects sovv's core technology (Intellectual Property Office of Singapore application 10202601003R) is structured around on-device offline processing — the design itself prevents network transmission. This is verifiable: every cycle of the overnight engine runs with iOS's requiresNetworkConnectivity = false constraint enforced at the operating-system level.

2.4 Data you log inside sovv

Workouts you build, meals you log, race targets you set, station goals, briefings the engine generates, and the insights it derives are stored locally in the app's SwiftData container on your device. None of this is uploaded.

3. What our systems see

The narrowest possible set:

Server logs at our hosting provider may briefly record IP address and request metadata for routine network-operations reasons. These are not joined to your identity and are aged out in line with our hosting provider's defaults (typically 30 days).

4. On-device crash and performance diagnostics

iOS sends sovv an anonymous daily digest of crashes, hangs, and excess CPU / disk events via Apple's MetricKit framework. We persist this digest locally so a developer (or you) can review it for bug reports. sovv does not upload these diagnostics anywhere. You can view, export, or wipe them at any time from Profile → Diagnostics inside the app.

5. What we don't do

6. Legal bases for processing (GDPR / UK GDPR)

If you are in the EU, UK, or another jurisdiction with comparable rules, our legal bases for the limited processing we perform are:

7. Your rights

You can:

If you are in the EU or UK you also have the rights granted by the GDPR / UK GDPR (access, rectification, erasure, restriction, objection, portability, and the right to lodge a complaint with a supervisory authority). To exercise any of these, write to privacy@sovv.health. We will respond within 30 days.

If you are in California, CCPA / CPRA grant you the right to know, delete, correct, and limit use of personal information, plus the right not to be discriminated against for exercising those rights. We do not sell or share personal information as those terms are defined by California law.

8. International transfers

Firebase Authentication is provided by Google LLC and may store sign-in records in data centres outside your country of residence. Google relies on the EU Standard Contractual Clauses and equivalent UK and Swiss safeguards for international transfers. By signing in you authorise this transfer to the limited extent it is necessary to provide the Service.

9. Children

sovv is intended for adult athletes. It is not directed at children under 13 (or 16 in the EU), and we do not knowingly collect personal information from them. If you believe a child has provided us with personal data, please contact privacy@sovv.health and we will delete it promptly.

10. Security

Health and training data never leaves your device; protecting it is the device's job, and we rely on iOS Data Protection (your device passcode plus Secure Enclave hardware encryption) for at-rest protection. The narrow set of data on our servers is protected by Firebase's TLS-in-transit and at-rest encryption.

11. Retention

CategoryRetained for
Account record (Firebase)For as long as your account is active. Deleted within 30 days of you using "Delete account & wipe data".
Subscription receiptsFor as long as required by Apple's developer agreements and applicable tax law (typically 7 years).
On-device health, training, nutrition dataUntil you delete the app or use "Delete account & wipe data".
MetricKit diagnostic digestsUp to 100 entries on-device; wiped when you tap "Clear all diagnostics" or delete the app.
Server access logs~30 days, per our hosting provider's defaults.

12. Changes to this policy

If we change anything that affects the data we collect or how we use it, we will update the "Last updated" date at the top of this page and surface the change in-app on next launch. Material changes will be announced at least 30 days before they take effect.

13. Patent & technology disclosure

sovv's overnight processing engine is protected by Intellectual Property Office of Singapore patent application 10202601003R. The architecture's offline, on-device design is required by the patent claims — it is not a marketing choice. This is the legal mechanism that backs the privacy promises above.

14. Contact

Mustafar Ltd.
Privacy enquiries: privacy@sovv.health
Customer support: support@sovv.health
Legal: legal@sovv.health