Privacy Policy

Overview

Rock is a personal sleep and habit tracking application that connects to the Oura Ring API. This policy explains what data Rock collects, how it is stored, and your rights regarding that data.

Data We Collect

When you connect your Oura account, Rock accesses and stores the following:

• Your Oura user ID and email address
• Daily sleep, readiness, and activity scores and details
• Sleep period data (duration, stages, HRV, heart rate, breathing rate)

Rock also stores data you create directly:

• Custom habits and daily check-ins
• Goals and streak progress

How Data Is Stored

All data is stored in a cloud-hosted database powered by Turso (LibSQL). Your Oura OAuth tokens are encrypted at rest using AES-256-GCM. Your session is maintained via an encrypted, HTTP-only cookie.

Rock does not send your data to any analytics platforms or advertising networks.

Oura API Access

Rock connects to the Oura API using OAuth2 with the scopes: daily, heartrate, workout, tag, session, and spo2. You can revoke Rock's access at any time from your Oura account settings.

Your Rights

You can at any time:

• Disconnect your Oura account via the Settings page
• Request deletion of all your data by contacting us
• Revoke OAuth access directly from Oura's settings

Contact

For any privacy-related questions, reach out at [email protected].