R
Rockso

Privacy Policy

Last updated: 3 December 2025

1. Introduction

Welcome to Rockso (“we”, “us”, “our”). We are committed to protecting your privacy and handling your personal data in a transparent and secure way.

This Privacy Policy explains how we collect, use, store and share your information when you use the Rockso application and related services (the “Services”).

Rockso is a multi-sport training assistant focused on training load management, fatigue and injury prevention, built for athletes, coaches and performance staff.

This English version is provided for convenience. In case of discrepancy, the French version of the Privacy Policy may serve as the primary reference.

2. Data we collect

2.1 Data you provide

  • Account information: e-mail address, password, name or identifier.
  • Sports profile: sports practiced, goals, constraints (e.g. available time).
  • Training data you enter: planned or completed sessions, notes, perceived exertion (RPE), comments.
  • Communication data: messages you send us by e-mail or via contact forms (support, feedback, demo requests, etc.).

2.2 Data collected automatically

  • Technical data: device type, operating system, language, browser type.
  • Usage data: pages or screens viewed, clicks on certain elements, error logs.

2.3 Data from third-party services (optional)

When you connect Rockso to third-party services (for example training platforms or GPS watches), we may receive:

  • activity details (sport, date, duration, distance, elevation);
  • physiological data (heart rate, power, cadence, etc.);
  • where applicable, recovery-related indicators (sleep, recent load, recovery scores, etc.).

We only access this data if you explicitly authorise it, and only to provide the features you choose to use.

3. How we use your data

3.1 Main purposes

  • Providing the Services: creating and managing your account, displaying your training data and dashboards.
  • Training load and progression analysis: computing load indicators, highlighting trends, identifying sensitive periods (overload, underload, return to training).
  • Personalised recommendations: suggesting adjustments (e.g. lighten, stabilise or increase load, propose cross-training).
  • Injury risk reduction: helping to identify patterns of overload or insufficient recovery to protect your health in the long term.

3.2 Secondary purposes

  • Product improvement: understanding how the Service is used in order to improve features and user experience.
  • Support & communication: responding to your requests, organising pilot projects, discussing your needs.
  • Security: detecting fraud or abuse and protecting our infrastructure.
  • Legal compliance: meeting applicable legal and regulatory obligations.

3.3 AI and machine learning

Rockso uses AI and machine learning techniques to:

  • analyse training history and load patterns;
  • identify overload or lack of recovery;
  • propose adjustments (e.g. reducing a session, suggesting an easier day, adapting a return-to-training week).

When we use data to improve our models, we favour aggregated and anonymised forms whenever possible. For any more advanced use (e.g. research project), we will ask for your explicit consent.

4. How we share your data

4.1 With your consent

  • Coach / staff access: if you connect your account to a coach, physical trainer or organisation, they may access the data you authorise.
  • Exports: some features may allow you to export your data or summaries to other platforms, only when you trigger it yourself.

4.2 Service providers

We use trusted service providers to operate the Services, for example:

  • Hosting & database: Supabase (hosting and storage, in the EU when possible).
  • AI services: providers of AI models (for example open-source models such as those provided by Mistral) for certain analysis or recommendation features.
  • Communication tools: e-mail or support tools to send notifications and manage requests.
  • Payment provider (if applicable): if you subscribe to a paid plan, we may rely on a third-party payment provider to process transactions. Rockso does not store your card details.

These providers act on the basis of contracts that restrict their use of data and require compliance with applicable regulations (including GDPR where relevant).

4.3 Legal requirements

We may disclose certain data in response to a legal obligation or valid request from a competent authority (for example a court order).

4.4 Business transfers

In the event of a merger, acquisition or transfer of activity, your data may be transferred to the new entity, in compliance with applicable law. You will be informed beforehand where required.

5. What we do not do

  • We do not sell your personal data to third parties.
  • We do not share your data for targeted advertising.
  • We do not share your identifiable data with partners without your explicit consent.

6. Security and retention

Security

We implement reasonable technical and organisational measures to protect your data (encrypted communications, access management, monitoring for vulnerabilities, etc.). No system is perfectly secure, but we continuously work to improve our practices.

Retention

  • Active accounts: we keep data as long as necessary to provide the Services.
  • Inactive accounts: after a long period of inactivity (for example 24 months), some data may be deleted or anonymised, after prior notice.
  • Account deletion: if you delete your account, we delete or anonymise most data within a reasonable timeframe, unless we must keep some of it for legal reasons.

7. Your rights

Depending on your country of residence (for example within the European Economic Area), you may have the following rights:

  • Right of access to your personal data;
  • Right to rectification of inaccurate or incomplete data;
  • Right to erasure (“right to be forgotten”) in some cases;
  • Right to restriction of processing in some cases;
  • Right to object to certain processing based on legitimate interest;
  • Right to data portability for certain data in a structured format.

To exercise these rights, you can contact us at: privacy@rockso.app. We may ask for additional information to verify your identity.

You can also lodge a complaint with your local data protection authority (for example the CNIL in France).

8. Children

Rockso is not intended for individuals under 18 years of age. We do not knowingly collect data about minors. If you believe a minor has provided us with personal data, please contact us so that we can delete it.

9. International transfers

When some data is processed outside the European Union, we seek to implement appropriate safeguards (such as standard contractual clauses) where legally required.

10. Cookies and analytics

At this stage, Rockso does not use advertising cookies or trackers for profiling. Cookies or similar technologies may be used only to ensure the proper technical functioning of the site and demo (for example, session management).

We may in the future use a privacy-friendly analytics tool (for example Plausible, Matomo or similar) to better understand how the site is used (pages visited, visit duration, general traffic sources). These tools will be configured not to collect directly identifying information and will not be used for targeted advertising.

If we introduce cookies or trackers for advertising or profiling purposes, we will update this policy and ask for your consent where required by law.

11. Changes to this policy

We may update this Privacy Policy to reflect legal, technical or functional changes. In case of material changes, we will inform you by an appropriate channel (notice in the app, banner, e-mail, etc.).

12. Contact

For any question regarding this policy or your data, you can contact us at:

  • E-mail: privacy@rockso.app
  • Postal address: Rockso, 20 rue Pierre Mille, 75015 Paris, France