Legal

Privacy Policy

Last updated: April 8, 2026

Teku is a gym workout tracker built and operated by Kwadwo Adu (sole proprietor). This policy explains what data we collect, how we use it, and the rights you have over your data. We aim for radical clarity - if anything here is unclear, email us at the address below and we'll fix the wording.

1. What we collect

We collect the minimum data needed to make Teku work.

Account data

  • -Email address - only when you sign up via email/password (you can also use Sign in with Apple, in which case we store the Apple-issued identifier instead).
  • -Apple user identifier - when you use Sign in with Apple, we store the opaque ID Apple gives us. We never see your real Apple ID.
  • -Display name - optional, only if you set one.

Workout data

  • -Workout logs - exercises, sets, weights, reps, RPE, rest times, notes you add to a session.
  • -Programs - the training programs you create or activate from templates.
  • -Personal records (PRs) - automatically calculated from your workout logs.
  • -Body composition - weight, optional progress photos (stored on-device only by default).

Health data (optional, on-device only)

If you grant HealthKit permission, Teku reads heart rate and sleep summaries to inform training suggestions, and writes completed workouts and body weight back to Apple Health. Health data never leaves your device - it is not transmitted to our servers or to any third party.

Diagnostic data (anonymized)

  • -Crash reports and performance traces (Sentry, see Section 3)
  • -Anonymized usage analytics (PostHog, see Section 3)
  • -We never link these to your real identity.

2. How we store it

  • -All account and workout data is stored on a server we operate in Hetzner Barcelona, Spain (EU).
  • -Data is encrypted at rest using PostgreSQL native encryption.
  • -Connections between the iOS app and our server use TLS 1.3 with certificate pinning.
  • -Workout data is also stored locally on your device (GRDB / SQLite) so the app works offline.
  • -Your data does not leave the EU. We do not use US-based hosting, databases, or backups for your account/workout data.

3. Third-party services we use

We use the smallest set of third parties needed to operate the app.

ServicePurposeData shared
Sentry (EU)Crash reportingAnonymous device info, stack traces
PostHog (EU)Anonymous analyticsRandom UUID, feature usage events
OneSignalPush notificationsAnonymous push token
Apple HealthKitOptional health dataNone (on-device only)
Sign in with AppleAuthenticationApple-issued identifier only

We do not use Google Analytics, Facebook SDK, TikTok SDK, any ad network, cross-app tracking, email marketing automation, or any data broker.

4. Your rights (GDPR & beyond)

You have the following rights over your data, regardless of where you live. We honor them globally.

  • -Access - get a copy of all data we hold about you (JSON export within 30 days)
  • -Rectification - correct inaccurate data
  • -Erasure - delete your account and all data (within 30 days)
  • -Restriction - pause processing while we resolve a dispute
  • -Portability - export your data in machine-readable format (in-app)
  • -Objection - object to specific processing

Email privacy@teku.fit to exercise any of these rights.

5. Data retention

  • -Active accounts: workout logs retained as long as your account is active.
  • -Account deletion: data removed within 30 days. Technical logs may persist up to 90 days for security.
  • -Backups: retained for 30 days for disaster recovery. Deleted data purged on next rotation.

6. Children's privacy

Teku is rated 4+ on the App Store. We do not knowingly collect data from children under 13. If you believe your child has provided us with data, contact us and we will delete it.

7. Changes to this policy

If we make material changes, we will notify you in-app and via email at least 7 days before the change takes effect.

8. Contact

Questions?

Email privacy@teku.fit (forwards to Kwadwo Adu). We respond within 5 business days.

EU representative: not required (controller is established in the EU - Spain). If unsatisfied, you may lodge a complaint with the Spanish Data Protection Authority (AEPD).