Privacy Policy

Last updated: 22 April 2026

Who we are

Grocode Ltd (company number 17109978) is the data controller for the personal data processed through our website (grocode.net) and our applications, including Waitz and Eleven.

You can contact us at contact@grocode.net.

What data we collect

We may collect the following personal data:

• Account information: email address and display name when you create an account in one of our apps
• Fitness and workout data (Waitz): the workouts you log, including exercises performed, sets, reps, weights, durations, rest intervals, workout notes, optional body weight entries, and any perceived-exertion ratings you enter
• Usage data: app usage patterns, feature interactions, and performance data to improve our products
• Device information: device type, operating system, and app version for compatibility and debugging
• Payment information: processed securely by our payment providers (Apple App Store, Google Play Store). We do not store card details.

How we use your data

We use your personal data to:

• Provide and maintain our services
• Process your subscription and payments
• Sync your data across devices (where applicable)
• Improve and develop our products
• Send service-related communications

Legal basis for processing

We process your data on the following legal bases under UK GDPR:

• Contract: to provide the services you've signed up for
• Legitimate interests: to improve our products and maintain security
• Consent: for optional analytics and marketing communications

Data storage and security

Your data is stored securely using industry-standard encryption. We use Supabase (hosted in the EU) for cloud storage and authentication. Local data on your device is stored using on-device databases.

Data retention

We retain your data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it by law.

App permissions and on-device features (Waitz)

The Waitz app uses the following device permissions to deliver core functionality:

• Notifications: to deliver rest-timer alerts (“halfway”, “10 seconds remaining”, “rest complete”) and workout reminders. You can disable notifications at any time from your device settings.
• Foreground service (Android): while a workout is in progress, Waitz runs a foreground service to keep the workout timer accurate even when the app is backgrounded or the screen is off. The service holds only the live workout duration and current exercise context; no additional data is collected by it.
• Exact alarms (Android): used to fire rest-timer notifications on time. You can grant or revoke this permission from your Android system settings under “Alarms & reminders”.

Health platform integration (Waitz, optional)

If you enable Health Sync in Waitz settings, completed workouts are written to Apple Health (iOS) or Health Connect (Android) so they contribute to your device's activity rings and fitness history. The data shared is limited to workout type, start and end time, duration, estimated calories, and exercise names. Apple Health and Health Connect store this data on your device; we do not retain additional copies beyond the workout record you already have in Waitz. Health Sync is off by default and can be disabled at any time. You may also grant Waitz read access to resting heart rate, HRV, sleep, or step count so the in-app AI Coach can personalise recovery insights — these data points are used in real time to generate coach responses and are not stored on our servers.

AI Coach feature (Waitz, optional)

The “Ask the Coach” feature sends your question and relevant workout context (such as recent workout summary, fatigue state, and any health-readiness data you have chosen to share) to Google's Gemini generative AI API via a Supabase edge function, which returns a personalised response. We do not send your account email or display name to Google. Coach interactions are retained on your account so you can see past responses; you can delete them at any time.

Your rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate data
• Erase your data (right to be forgotten)
• Restrict or object to processing
• Data portability — receive your data in a structured format
• Withdraw consent at any time

To exercise any of these rights, contact us at contact@grocode.net.

Children's data

Waitz is intended for users aged 16 and over and is not directed at children.

Our Eleven app is designed for use by children aged 7–11 under parental supervision. We comply with the UK Age Appropriate Design Code (Children's Code). We do not serve advertising to children, do not use their data for profiling, and collect only the minimum data necessary to provide the service. Parental consent is required for account creation.

Third-party services

We use the following third-party services that may process your data:

• Supabase: authentication and cloud storage (EU-hosted)
• RevenueCat: subscription management
• PostHog: product analytics and usage measurement (EU-hosted)
• Google (Gemini API): powers the “Ask the Coach” AI feature in Waitz. See “AI Coach feature” above for details of what is sent.
• Apple / Google: app distribution and payment processing
• Apple Health / Google Health Connect: on-device health platforms written to only if you opt in via the Waitz Health Sync setting (see “Health platform integration” above)

Cookies

Our website uses only essential cookies required for the site to function. We do not use tracking cookies or third-party advertising cookies.

Changes to this policy

We may update this privacy policy from time to time. We will notify you of significant changes through our apps or by email.

Complaints

If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.