Your data, on your device.

What we collect.

Workout data, your weights, targets, rehab list, onboarding answers, settings, and session history, is stored in your browser's localStorage on your device. Sign-in identity (the email you used or the Google account you connected) is stored by our auth provider, Supabase, so we can recognise you when you come back. We do not store your workout data on our servers in this version.

If you sign in on a different device today, your workout data is a fresh start because it lives in localStorage on the original device. Optional cross-device sync is on the roadmap and will be announced here when it ships.

Analytics.

When you accept analytics in the cookie banner, Grov loads a Google Analytics 4 tag. GA4 sends anonymised usage data (page views, basic session metadata) to Google so we can see which pages are useful and which are not. IP addresses are anonymised. No workout content, no weights, no rehab notes, nothing from your training data is sent.

The default is denied. Analytics load only after you give consent. For the full list of what the tag sets and how to opt out, see our cookies page.

What we don't collect.

No payment. No health data beyond what you type into the app yourself, which stays on your device. No third-party marketing trackers, no ad networks, no fingerprinting scripts, no social pixels. The only personal detail we hold is the email address or Google account you signed in with.

Cookies.

Grov uses two classes of storage, and that is it:

• Strictly necessary. Your workout data is held in localStorage key-value entries. These are not cookies in the browser sense, they do not travel with network requests, and they never leave your device.
• Analytics. Google Analytics 4 cookies, set only if you opt in via the banner.

The full inventory, names, lifetimes, and purposes, is on the cookies page.

Your rights.

Because all of your Grov data lives on your device, you are in full control of it. Clearing site data for grov.fit in your browser deletes everything. There is no server copy to chase.

Right to access, right to delete, right to port: open your browser's DevTools and read or export your localStorage, or use the reset option in Grov's settings. Right to withdraw analytics consent: click the banner's Decline button, which you can re-open any time via the link in the footer.

Hosting.

The Grov site is served by Vercel via its edge network. Vercel may log request metadata (IP address, user agent, referrer) for infrastructure operation and security purposes under its own privacy terms. We do not control those logs beyond what Vercel exposes. See Vercel's privacy policy for details.

Children.

Grov is not directed at children under 13 (US COPPA) or under 16 (EU GDPR). We do not knowingly collect any data from children, and in practice there is very little data to collect regardless. If you believe a child has used Grov and you would like to raise a concern, please contact us.

Contact.

Questions about this policy or your data: hello@grov.fit. We will respond within 30 days where required by law, and usually much faster.

Changes.

Updates to this policy are posted on this page, and the last updated date at the top is bumped. Material changes will be surfaced via a banner on your next visit so you have a chance to read them.