Privacy Policy
1. Who we are
Spira (“spira”, “we”, “us”) is an audio-guided physiological training app for VO₂max interval training and breathwork.
The data controller responsible for your information is:
- Karim Ghezali
- Contact: hello@withspira.com
- Website: https://withspira.com
If you are in the EU/EEA and have questions about your data, contact us at the address above.
2. Our approach to your data
Spira is built to be local-first. Spira does not require an account. You do not create a username or password, and we do not ask for your name or email to use the app. Your training history, profile details, and session data are stored locally on your device, not on our servers.
We collect the minimum needed to (a) make the app work, (b) keep it stable, and (c) understand—anonymously—how the app is used so we can improve it.
3. What data is processed, and where
a) Data stored only on your device (we never receive it)
- Profile: age, biological sex at birth, height, weight, resting heart rate, maximum heart rate. Used to personalise training zones and guidance.
- Session history: protocols completed, duration, modality, timestamps, and heart-rate metrics from your sessions.
- Settings: cue styles, preferences.
This information stays on your device (local storage) and is removed if you delete the app.
b) Apple Health (HealthKit) — only with your permission
If you grant permission, Spira can:
- Read heart-rate and profile data (e.g. from Apple Watch, Oura, Withings, or other Health-connected devices) to show your metrics after a session and pre-fill your profile.
- Write completed workouts to Apple Health.
Apple Health data is processed on your device for these features. We do not send your Apple Health data to our servers or to any third party, and we never use it for advertising. You can revoke Health access at any time in iOS Settings → Privacy & Security → Health. Spira still works without it.
c) Bluetooth heart-rate monitors — only with your permission
If you connect a supported Bluetooth heart-rate monitor, Spira reads live heart-rate data during your session to display your zones and metrics. This data is processed on your device. We do not transmit it to our servers.
d) Anonymous usage analytics (PostHog)
To understand how Spira is used and where it can be improved, the app collects anonymous usage analytics using PostHog, hosted in the European Union. This analytics runs inside the app only — the withspira.com website does not use analytics or tracking scripts.
- We collect events such as which screens are viewed and which sessions are started, completed, or ended early, plus technical context (app version, device model, OS version, language).
- This data is tied to a random, app-generated identifier — not to your name, email, or any account (there is no account).
- We do not send your sensitive health records (exact heart rate, weight, height, sex, or exact age) to analytics. Where intensity or age informs analysis, it is reduced to broad ranges only.
- We do not use this data to track you across other apps or websites, and we do not sell it.
- You can opt out of analytics in the app, and analytics are only collected after you have been informed.
e) Crash and error reporting (Sentry)
To keep the app stable, we use Sentry to collect crash and error diagnostics from the app (not from this website). Data is stored in the European Union. Crash reports contain technical information (error details, device and OS version, app state at the time of the crash) and do not include your health records.
f) Website waitlist (Formspree)
If you join the waitlist on withspira.com, the email address you submit is collected and processed on our behalf by Formspree, acting as our processor. We use it only to contact you about spira’s availability and launch. We do not use it for any other purpose, and we do not share it further. You can request deletion of your email at any time by contacting hello@withspira.com.
4. Legal bases (GDPR)
For users in the EU/EEA, we rely on:
- Consent — for Apple Health access, Bluetooth access, usage analytics, and the website waitlist. You can withdraw consent at any time.
- Legitimate interests — for crash/error diagnostics needed to keep the app secure and functioning, balanced against your rights.
- Performance of a service — to provide the training features you request.
5. Who we share data with
We do not sell your data. We share data only with the service providers that operate the app’s infrastructure, strictly to provide the service:
- PostHog (EU) — anonymous product analytics.
- Sentry (EU) — crash and error diagnostics.
- Apple — app distribution and, where you use them, Apple Health and platform services.
- Formspree — waitlist email collection on our website.
These providers act as our processors under contract. Apple Health and on-device data are not shared with them.
6. International transfers
We host analytics and diagnostics in the European Union. Where any provider processes data outside the EU/EEA, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.
7. Data retention
- On-device data (profile, sessions, settings): kept until you delete it in the app or uninstall the app.
- Analytics and crash data: retained only as long as needed for the purposes above, in line with our providers’ standard retention periods, then deleted or anonymised.
- Waitlist emails: kept until we have notified you of launch, or until you request deletion, whichever comes first.
8. Your rights
Subject to applicable law (including the GDPR), you have the right to access, correct, delete, restrict, or object to the processing of your personal data, and to data portability. Because most of your data lives only on your device, you can exercise much of this directly: edit your profile, delete sessions, or uninstall the app to remove local data. For analytics, crash, or waitlist data, contact hello@withspira.com and we will action your request. You may also lodge a complaint with your local data protection authority (in France, the CNIL).
9. Children
Spira is not directed to children and is intended for adults. We do not knowingly collect data from children under 16. If you believe a child has used the app, contact us.
10. Security
We use reputable providers and reasonable technical measures to protect data. No method of transmission or storage is completely secure, but keeping your training data on your device by default reduces exposure.
11. Not medical advice
Spira provides training guidance only and is not medical advice. It does not diagnose, treat, or monitor any medical condition. Consult a qualified professional before beginning any intense exercise programme.
12. Changes to this policy
We may update this policy as the app evolves. We will post the updated version here and change the “Last updated” date. Material changes will be communicated in-app where appropriate.
13. Contact
Questions about privacy: hello@withspira.com