Privacy Policy
Last Updated: September 23, 2025
Welcome to reThrive. Protecting your privacy is central to what we do. This Privacy Policy explains how we handle your data when you use our Services. We do not sell your personal or sensitive user data.
1. The basics
Thrive Group (a trading name of fitIQ LTD, UK, imprint) is the controller of your data. You can always reach us at support@rethrive.co with privacy questions.
2. Information we collect
We collect information to provide and improve our Services. This information includes:
a) Information you provide to us
Account information: When you create a reThrive account, we collect your email address. Instead of a password, you set a personal security PIN that is used locally to encrypt your data. This PIN is never stored or collected by us.
Required profile information: To calculate your True Age and provide core services, we require your date of birth and sex assigned at birth. Some values, like weight and body fat percentage, may also be provided directly by you if not available from a connected service.
b) Information from devices or integrations
To provide our core service, we require access to biometric data from your third-party wearable devices and health platforms (for example, Apple Health, Health Connect, Oura, Garmin). When you connect, we may collect various types of your health and fitness data, such as but not limited to:
Cardiorespiratory fitness data: for example, VO2 Max
Heart health data: for example, Resting Heart Rate (RHR) and Heart Rate Variability (HRV)
Body composition data: for example, lean body mass, weight, height, body fat percentage
Activity data: for example, daily steps, workout types, duration, and intensity
Sleep data: for example, sleep duration and consistency
Permissions minimization: We only request the minimum permissions and data scopes necessary to provide the Service.
You are in control: When connecting a new integration, you will be prompted to select which data you want to synchronize.
c) Information from your use of our Services
Usage data: Information about how you interact with our App and Site, such as features used and time spent, to help improve our Services.
Technical data: IP address, device or browser type, OS version, and diagnostic information to ensure the functionality and security of our Services.
3. How we use your information
We use your information for the following purposes:
To provide and personalize our Services: To calculate your True Age and Pace of Aging, deliver insights, and track your progress with the Thrive Levers.
To communicate with you: To send service-related updates, security alerts, and support messages.
To improve our Services: We use aggregated and anonymized data to calculate community-level statistics (such as the collective Age Delta).
To ensure security: To protect against fraud, abuse, and security incidents.
No ads from health data: We do not use your health data for advertising.
4. How we protect your information
We take the security of your data very seriously:
Encryption: All data is encrypted in transit and at rest.
Access control: Our system is architected so only you can access your personal and biometric information. reThrive employees cannot access your individual, identifiable data without your explicit consent (e.g. for customer support queries).
Data minimization: We only collect data essential to provide and improve our Services.
Security practices: We apply least‑privilege access and maintain audit logs.
5. Data sharing
We do not sell, rent, or trade your personal or health information. We do not share personal information with third parties for their independent marketing. We only share data in these limited circumstances:
With your consent: For example, when you choose to participate in Circles and share your progress with other members.
When you choose to share: The App allows you to share certain information (for example, an image of your True Age or Pace of Aging) with third‑party services you select. When you initiate this action, you direct us to share that specific information on your behalf. We do not control the privacy practices of the services you share with.
With processors: With service providers that process data on our behalf to operate and support the Service, under data protection agreements that prohibit selling your data. These include:
Analytics and diagnostics: app events, crash logs, and device information
Messaging and email: contact information for service communications
Authentication and identity: account email for sign‑in
Hosting and infrastructure: secure storage and delivery of the Service
For legal reasons: If required by law, regulation, or a valid legal process.
6. Your data protection rights
We are committed to upholding privacy rights for all users. Depending on your location, you may have specific rights.
a) UK and EEA users (GDPR/UK GDPR)
Right of access: Request copies of your personal data.
Right to rectification: Request correction of inaccurate data.
Right to erasure: Request deletion of your personal data, under certain conditions.
Right to restrict processing: Request restrictions under certain conditions.
Right to data portability: Request transfer of your data to another organization or to you, under certain conditions.
Legal bases: We process personal data based on:
Performance of a contract: to provide the Service
Legitimate interests: to keep the Service secure, prevent abuse, and improve features
Consent: where required by law, for connecting third‑party devices and certain analytics
International transfers: Where data is processed outside the UK/EEA, we use appropriate safeguards, such as Standard Contractual Clauses.
b) United States users
Depending on your state of residence (for example, California), you may have:
Right to know: The categories of personal information collected, sources, purposes, and disclosures.
Right to delete: Request deletion of personal information we have collected, subject to exceptions.
Right to non‑discrimination: We will not discriminate against you for exercising privacy rights.
To exercise any rights, contact us at support@rethrive.co. We may need to verify your request. You may designate an authorized agent where permitted by law.
7. Data retention
We retain your personal data for as long as your account is active or as needed to provide the Services.
You can delete your account at any time, which will permanently delete your personal and biometric data from our systems, subject to limited retention to comply with legal obligations or resolve disputes.
Retention timelines: Upon account deletion, we begin deletion immediately and complete it within 30 days. Aggregated, de‑identified data that cannot reasonably be linked back to you may be retained.
8. Account and data deletion
In‑app deletion path: Settings → Privacy → Delete account. Deleting your account deletes associated personal and biometric data.
Web request: If you cannot access the App, submit an email request to support@rethrive.co from your account email.
Verification: We may ask you to verify your identity or account ownership to process the request.
Timeline: We complete deletion within 30 days, subject to limited retention where required by law.
9. Children
The Service is not directed to children under 13 and is intended for individuals 16+ or the age required by your local law. We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us so we can delete it.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on our Site and App or by sending you an email. Continuing to use the Services after the effective date means you accept the new terms.
11. Contact
Questions or requests?
Email: support@rethrive.co
Controller: Thrive Group (fitIQ LTD, UK)