Stone — AI Disclosure
Last updated: 2026-05-27. Policy version 2026-05-27.
This page is the long-form companion to Settings ▸ AI Use inside the app. The in-app surface shows the per-call audit; this page describes the system end-to-end so you know what to expect before you opt in.
When does AI run?
Stone is cloud-AI-first. The pipeline tries each tier in this order:
- Cloud AI (xAI Grok, reached through a privacy-preserving proxy). Every Quick Log save when Cloud AI is on in Settings. Also used to produce the Today recommendation, to answer Ask Stone, and to propose entries on the Learned screen.
- On-device deterministic parser — the safety floor. Parses
canonical inputs like
Bench 185 x 8with no network and no model. Always available; runs when Cloud AI is unavailable, offline, or your consent settings opt out of cloud. - Apple Foundation Models — planned on-device tier. Once Apple's Foundation Models API stabilises for the structured generation Stone needs, it will slot in as the on-device tier on Apple-Intelligence-capable hardware. Until then, the deterministic parser above is the on-device path.
Manual confirmation surfaces only when even the deterministic floor produced an ambiguous result.
If you have Cloud AI turned off in Settings, every save skips straight to the on-device deterministic parser.
Which mode runs
Cloud AI uses xAI's Grok models through a privacy-preserving proxy, in two modes:
- A fast mode for chat (Ask Stone) and Quick Log parsing, so replies are instant.
- A deeper-reasoning mode for your Today recommendation and learned-pattern proposals, where a little extra reasoning meaningfully improves the result.
The "AI quality" setting (Balanced / Smarter) changes only how deeply your recommendation is reasoned — chat and parsing always use the fast mode. Same provider, same privacy posture, same retention, same per-request cost either way.
What gets sent
The exact bytes are pinned per call. Settings ▸ AI Use shows the data shape of every cloud call:
- Workout Parse — sends the freeform note you typed in Quick Log (or the photo, if you used the photo path).
- Session Recommendation — sends a compact training summary: number of recent workouts, a humanized movement-balance string ("pressing-heavy", "leg-light"), your goal / equipment / preferred session length, any injuries or avoided movements you've entered, and (when you've accepted any) up to a few of your highest-confidence Learned memories. When Apple Health is on, a categorical readiness hint ("fresh" / "stale") derived on-device — never raw heart-rate numbers, never raw set-by-set detail.
- Ask Stone — sends your question plus the same compact training context, so the answer is grounded in your history.
- Memory Update — sends summaries of the last few workouts + the current focus and (optionally) the existing memories you've accepted, so the model can refine without repeating itself.
Who sees the data and how long they keep it
| Hop | Sees | Retention |
|---|---|---|
| Your iPhone | Everything — it's the source of truth. | Until you delete it. |
| Privacy-preserving proxy (Cloudflare) | The request, in transit only. | Does not store the request body. Cloudflare retains only metadata (timestamps, status codes, byte counts) for cost and abuse monitoring. |
| xAI (Grok) | The request body Stone sent. | Per xAI's API policy: not used to train models by default; retained only for a limited period. See x.ai/legal. |
When this policy version changes, the AI Use audit row stays pinned to the version that applied when the call was made — your historical record doesn't get rewritten by a later xAI ToS change.
What gets returned
For Quick Log, a structured workout the deterministic parser couldn't produce on its own. For Recommendations, a session title, training load, duration, and rationale bullets. For Ask Stone, a grounded plain-language answer, optionally with links back to specific workouts in your history. For Memories, candidates with evidence pointing back at specific workouts.
Every response runs through Stone's server-side safety validator before it reaches your device. The validator filters:
- Motivational hype and "crush it" language.
- Shaming or judgmental language about you.
- Diagnostic phrases and medical advice — that's a clinician's job, not Stone's.
- Prompt-injection echoes.
When your input mentions pain or injury, the safety validator forces a more conservative training-load suggestion and inserts a safety note pointing you at a qualified clinician. Stone never tries to diagnose.
Your controls
- Cloud AI is off by default. You opt in once at onboarding; toggle in Settings any time.
- Forget AI memories only clears the audit log + every AI memory. Your workouts stay.
- Delete all my data wipes local + iCloud + server-side state including the rate-limit and safety counters keyed to your device and account.
- AI Use in Settings shows the full per-call audit: timestamp, provider, data shape, retention note, and the policy version that applied at the time.
What Stone will never do
- Use your data to train a third-party model. (Stone doesn't train any model. xAI's stated policy is they don't either.)
- Send your data to any provider you didn't opt into.
- Show motivational hype, shame language, or medical claims — enforced server-side regardless of what either model proposes.
- Send raw Apple Health values off your device. When Apple Health is on, readings are summarized to a categorical hint on-device before any cloud call (see the Privacy Policy for the full HealthKit detail).
Open questions / honest limits
- Device integrity — every cloud call from Stone carries a cryptographic device-integrity check so the backend can refuse abuse. This is automatic; you don't need to do anything.
- Account credentials — Sign in with Apple is optional. If you sign in, Stone may occasionally ask you to re-confirm your Apple ID to keep elevated AI quotas active. You can refresh it anytime from Settings → Account.
- On-device AI tiers — additional fully-on-device AI surfaces are planned for capable hardware and are rolling out gradually. The deterministic parser handles every input today; cloud AI steps in only when consent is on AND the deterministic path can't resolve the input.