Stone — Privacy Policy
Last updated: 2026-05-14. Policy version 2026-05-14.
Stone is a workout log and training assistant. This policy describes what Stone does and does not collect, where data lives, and the controls you have.
We've tried to write this in plain English. Where a paragraph intentionally has no marketing varnish, that's by design.
At a glance
- Your workouts live on your device by default. They sync to your iCloud account when you turn iCloud Sync on in Settings — that copy is in your iCloud, not Stone's servers.
- Cloud AI is opt-in during onboarding. When you turn it on, a small summary of your training is sent to Stone's Cloudflare Worker, which proxies to xAI Grok. The Worker does not store the request payload.
- Apple Health is opt-in. Reads (body weight, resting heart rate, HRV) feed Stone's recommender on-device only — your raw values never leave the phone. Writes (HKWorkout records, body weight entries) are a separate opt-in toggle, off by default.
- You can delete everything any time — local data, iCloud mirror, AI memory, and Stone's server-side rate-limit + safety counters — from Settings ▸ Privacy ▸ Delete all my data.
What we collect — and where it lives
Always local on your device, unless you turn on iCloud Sync
- Your workouts (exercises, sets, weights, reps, durations, notes).
- Your training profile (when you fill it in).
- AI memories you've accepted (statements like "trains push days on Tuesday afternoons" — only if you opted into Cloud AI and accepted the proposal).
- AI request audit log — one row per cloud call, surfaced in Settings ▸ AI Use.
- Cached learned aliases (e.g. you corrected "incline db" to "Incline Dumbbell Press" and Stone remembers).
- Custom exercises you've added (when an entry doesn't exist in Stone's seed library and you save it).
When iCloud Sync is on, this same data is mirrored to your private CloudKit container under your iCloud account. Apple, not Stone, operates iCloud and applies its own iCloud privacy terms.
Apple Health (HealthKit) — when you turn it on
Apple Health integration is off by default. If you turn it on in Settings ▸ Apple Health, Stone can:
- Read body mass, resting heart rate, and heart rate variability (HRV) from Apple Health. These values stay on your device. Stone summarizes them into a categorical hint ("fresh" / "stale" / "elevated") for the recommender — the raw numbers never leave the phone.
- Write finished workouts as HKWorkout records and body-weight log entries to Apple Health (each is a separate opt-in toggle, off by default). Writes do not transit Stone's servers — they go straight to Apple Health via the on-device API.
Per Apple's HealthKit terms: Health and fitness data is processed by Stone solely in accordance with your consent, used only to provide and improve the app's functionality, and is not shared with any third party for advertising or data-broker purposes.
You can revoke any HealthKit permission at any time via the Health app → Sharing → Apps → Stone. When write permission is revoked, Stone surfaces a specific error if you try to log body weight through the in-app sheet, rather than silently failing.
Sent to Stone's Cloudflare Worker only when you've opted in
- A categorical shape of recent training (e.g. "5 workouts in the last week, pressing-heavy") — never raw set-by-set details unless the call is the Quick Log parser, in which case the freeform note you typed (or photo, if you used the photo path) is sent so it can be parsed.
- Your Apple Sign-in identity token, if you've signed in with Apple. Used only to verify your identity for elevated quotas; never stored beyond the lifetime of the request.
- An App Attest device handle that proves the call came from a real Stone install on a real device. App Attest produces a non-correlatable cryptographic handle, not a personal identifier or device serial number.
The Worker passes the request to xAI Grok via the Cloudflare AI
Gateway. The Worker does not store the request payload (it sets
cf-aig-collect-log-payload: false per call). Cloudflare retains
metadata logs (timestamps, status codes, byte counts) per its own
gateway
documentation so
we can monitor cost and abuse.
Sent to xAI
xAI receives the model input and produces the response. As of 2026-05-14:
- xAI does not use API requests to train its models by default.
- xAI's stated retention policy for API data is up to 30 days.
- Zero Data Retention (ZDR) is available at the enterprise tier; Stone's developer key is not currently ZDR-enabled.
- Stone's privacy policy embeds the policy version of the day each call was made, so historical AI Use entries continue to reflect the policy that applied at the time — not whatever xAI's policy says today.
xAI's terms apply directly to API data sent on Stone's behalf: see x.ai/legal.
Third-party processors
Stone uses the following third-party services to operate. Each processes data on Stone's behalf only for the purposes described.
| Processor | Purpose | Data they see | Their policy |
|---|---|---|---|
| Apple (iCloud + CloudKit) | Optional encrypted backup of your workouts | The same fields as your local store, if you turn on iCloud Sync. Encrypted in transit and at rest by Apple. | Apple Privacy |
| Apple (Sign in with Apple) | Optional sign-in for elevated cloud-AI quota | Your Apple ID's stable per-app subject identifier, optionally a relay email | Apple Sign in with Apple |
| Apple (App Attest) | Device-integrity proof on cloud calls | Cryptographic handle proving the request came from a real Stone install | Apple Developer Docs |
| Cloudflare | Worker hosting + AI Gateway routing | Request metadata (timestamps, status, byte counts) per gateway policy; never the request body | Cloudflare Privacy |
| xAI | LLM provider for parsing + recommendations | Model input (categorical training summary + freeform notes / photos when you Quick Log) | xAI Legal |
We do not transfer your data to any party other than those listed above.
What we do not collect
- We do not collect your name, email, phone number, or location unless you explicitly type one of them into a workout note.
- We do not collect HealthKit data unless you turn on Apple Health in Settings, and even then your raw HealthKit values stay on your device (see the HealthKit section above).
- We do not advertise. We do not have third-party trackers.
- We do not sell, rent, or share your personal data with any third party for advertising, data-broker, or "sale" purposes (CCPA-defined).
Automated decision-making
Stone's Cloud AI generates recommended workout sessions and parses your freeform Quick Log notes. These are decisions made by an automated system (xAI Grok via Stone's Worker).
- These decisions do not have legal or similarly significant effects on you (they're workout suggestions).
- You can turn Cloud AI off in Settings ▸ Cloud AI at any time, in which case Stone falls back to its on-device deterministic recommender and parser.
- Every cloud call is recorded in Settings ▸ AI Use with the provider, data shape sent, retention policy at the time, and response status. You can audit which inputs produced which outputs.
Data retention
| Data | Where stored | Retention |
|---|---|---|
| Workouts, training profile, custom exercises | Your device (+ optional iCloud mirror) | Until you delete them via Settings ▸ Privacy or by deleting the app |
| AI memories | Your device (+ optional iCloud mirror) | Until you tap Forget AI memories or Delete all my data |
| AI request audit log | Your device | Until you tap Forget AI memories or Delete all my data |
| Quick Log learned aliases | Your device | Until you tap Delete all my data |
| Cloudflare AI Gateway metadata | Cloudflare | Per Cloudflare's AI Gateway retention defaults (~30 days) |
| xAI inference data | xAI | Up to 30 days per xAI's API policy at time of call |
| App Attest device record | Stone's Worker KV | Until you tap Delete all my data (Stone's /v1/account/delete clears the server-side record) |
| Sign in with Apple subject identifier | Stone's Worker KV (only if you signed in) | Until you sign out + tap Delete all my data |
Sign in with Apple
Sign in with Apple is optional. If you sign in:
- Apple gives Stone a stable per-app identifier (Apple's "subject" claim). We use it to switch your cloud-AI quota from the per-device anonymous limit to a higher per-account limit.
- Apple may send a relay email address to Stone if you chose "Hide My Email". Stone currently has no email server so the address is not used. If we ever add account features that send email, we will say so before turning them on.
If you sign out of Sign in with Apple inside Stone, the credential is removed from this device. Apple's record of the sign-in stays under your iCloud account settings — Apple, not Stone, controls that.
Your rights and controls
Stone gives you direct in-app controls for every right described below. You don't need to email us to exercise them — but if you prefer, see "Data requests" below.
Rights under GDPR (EU users)
- Right to access (Article 15) — Settings ▸ Privacy ▸ Export your data produces a complete copy in CSV, JSON, or Markdown.
- Right to rectification (Article 16) — Edit any workout or AI memory directly in the app.
- Right to erasure (Article 17, "right to be forgotten") — Settings ▸ Privacy ▸ Delete all my data (three-step confirmation; local + iCloud mirror + Worker-side counters).
- Right to restrict processing (Article 18) — Toggle Cloud AI off; toggle iCloud Sync off; revoke HealthKit in Health app.
- Right to data portability (Article 20) — The Export above produces JSON suitable for re-import elsewhere.
- Right to object (Article 21) — Cloud AI is opt-in; you can withdraw consent any time via Settings ▸ Cloud AI.
- Right not to be subject to automated decision-making (Article 22) — See the "Automated decision-making" section above.
Rights under CCPA / CPRA (California users)
- Right to know — Settings ▸ AI Use and Settings ▸ Privacy ▸ Export your data show every cloud call + every category of data collected.
- Right to delete — Settings ▸ Privacy ▸ Delete all my data.
- Right to correct — Edit any workout or AI memory in-app.
- Right to opt-out of sale or sharing — Stone never sells or shares personal data with third parties for "sale" or "sharing" as those terms are defined under CCPA. No action needed.
- Right to limit use of sensitive PI — All cloud-AI processing of training data is gated behind the Settings ▸ Cloud AI toggle, which is opt-in. HealthKit reads + writes are separately gated.
Concrete controls
- Settings ▸ Cloud AI — toggle cloud AI on or off. Off is the default until you grant consent at onboarding.
- Settings ▸ Apple Health — toggle HealthKit reads + a separate toggle for workout writes. Both default off.
- Settings ▸ Sync ▸ iCloud Sync — toggle CloudKit sync. Turning it off keeps the existing iCloud data; Stone just stops mirroring new changes until you turn it back on.
- Settings ▸ Privacy ▸ Export your data — produces a CSV / JSON / Markdown copy of everything Stone stores about you. JSON includes the AI request audit log with the policy version pinned per row.
- Settings ▸ Privacy ▸ Forget AI memories only — removes the audit log + AI memories. Your workouts stay.
- Settings ▸ Privacy ▸ Delete all my data — three-step confirmation (review → confirm → type "Delete my Stone data"), then a full local + CloudKit + Worker-side wipe.
- Settings ▸ AI Use — read-only audit log of every cloud call with the provider, data shape sent, retention copy, and policy version.
Data requests
For data-subject requests not covered by the in-app controls (rare — the in-app controls already give you everything in your local + iCloud + Worker zone), email us at the address in Settings ▸ About.
Changes to this policy
We'll update the version stamp at the top of this file when this document changes. Each AI request audit row preserves the policy version that applied at the time of that request, so historical data stays interpretable even after the live policy moves. Material changes that broaden what we collect or send to third parties will also be surfaced as an in-app notice on next launch.
Children
Stone is not directed to children under 13 within the meaning of the Children's Online Privacy Protection Act (COPPA). If you believe we have inadvertently collected information from a child, contact us and we will delete it.
Governing law
This policy and your use of Stone are governed by the laws of the State of California, United States, without regard to conflict-of-laws principles. EU users retain the rights described in the "Rights under GDPR" section regardless of governing-law choice.
Contact
The contact address lives in Settings ▸ About inside the app and on the App Store listing. For data-subject requests or privacy questions, email the address listed there.