How Rallo handles your data.

We wrote this plain. The short version: by default, everything stays on your device. The video you record, the data Rallo extracts, the report it generates — none of it leaves your phone unless you choose to share a session.

Effective May 19, 2026 · Version 1.0

What Rallo is

Rallo is an iOS app that watches your tennis practice and tells you the one thing to work on next session. You prop your phone on the fence, play, and get a short report afterward. The app is built and operated by Andrey Esipov ("we", "us"). Contact: privacy@rallotennis.com.

What we collect, and when

When you sign in

Rallo's core coaching flow does not require sign-in. If you choose to sign in for shared-report management, Rallo supports Sign in with Apple and Sign in with Google. When you use either, we receive from Apple or Google:

Your name (first/last, if you allow it; Apple lets you withhold)
Your email (Apple may give you a relay address like xxxxx@privaterelay.appleid.com instead of your real email — we treat both the same)
A user identifier assigned by the provider (Apple's userID, Google's userID)

This is the only sign-in data we receive. We never get your password or any other account information from Apple or Google.

When the app first launches

The app generates a random install identifier — a UUID that identifies the install of Rallo on this device, not you. We send this identifier and a per-install cryptographic key to our backend so we can later verify uploads come from your install. The install identifier doesn't connect to your name, email, or any third-party data about you.

While you use the app

By default, everything stays on your device. The video you record, the pose data Rallo extracts, the report it generates — none of it leaves your phone unless you choose to share a session.

If you opt into the "Help us improve" toggle in Settings, the app sends a small amount of anonymous usage data (which screens you opened, which features you used) over a signed HTTPS connection. This is off by default. You can turn it off any time.

When you share a session

If you tap the share button on a session report, Rallo uploads two things to our servers (Cloudflare R2):

The recorded video clip from that session
The analyzed report (a JSON file containing pose keypoints, stroke counts, and the coaching note)

The upload is tied to your install identifier and signed with your install's cryptographic key. Anyone with the share link can view the session. Share links expire after 90 days; Rallo runs a cleanup job to remove expired clips and reports from our servers. You can revoke a share link at any time from the app, which removes the clip and report immediately and makes the link stop working.

Diagnostic data from Apple and Google

Apple's platform collects standard crash reports and performance data when you let it (a toggle in iOS Settings). We see only anonymized, aggregated crash reports through App Store Connect.

The Google Sign-In SDK that we embed sends its own diagnostic telemetry to Google. We don't receive that telemetry. Google's privacy policy at policies.google.com/privacy covers it.

What we don't collect

Your location. Rallo never asks for location permission and doesn't store any location data.
Your contacts. Rallo's coach-sharing feature uses invite codes, not contact lists. We never read your address book.
Audio recordings. The microphone captures ball-string contact for stroke timing, but the audio is processed on your phone and never leaves it.
Health or fitness data. Rallo doesn't use HealthKit and doesn't read your Apple Watch.
Financial data. Subscription payments go through Apple's In-App Purchase system. We see only that you have an active subscription — never your card or bank details.
Browsing or search history. Rallo doesn't track what you do outside the app.
Anything for advertising. Rallo has no ads and doesn't share your data with advertising networks.

How we use your data

Data	What we do with it
Name, email, user identifier	Optional shared-report account support; v1 does not use sign-in to sync or restore your phone-local library
Install identifier	Verify uploads come from a real install and rate-limit abuse
Shared clip + report	Display the share link to whoever you give it to; nothing else
"Help us improve" telemetry (opt-in)	Understand which features get used, so we can improve the product
Diagnostic data (Apple + Google SDK)	Fix crashes and performance regressions

We do not use your data for advertising, do not sell it, and do not share it with data brokers.

Third parties we work with

Three companies process data on Rallo's behalf:

Apple — Sign in with Apple, App Store, In-App Purchase, crash reports. Apple's privacy policy: apple.com/legal/privacy.
Google — Sign in with Google. Google's privacy policy: policies.google.com/privacy.
Cloudflare — Our backend (Workers + R2 storage) runs on Cloudflare. Cloudflare's privacy policy: cloudflare.com/privacypolicy.

These are the only third parties. We don't have other partners, plugins, or analytics SDKs.

Where your data lives

Rallo's backend runs on Cloudflare's global network. When your install registers or you share a session, that data may be stored in Cloudflare data centers anywhere in the world, including outside your country. If you're in the European Union or United Kingdom, your data is transferred to and stored under standard contractual clauses providing equivalent protection.

How long we keep your data

Account data (name, email, identifiers): until you delete your account
Shared clips and reports: until you revoke the share link, or after the 90-day share-link expiration cleanup runs (whichever is sooner)
Diagnostic data: 90 days, then aggregated and anonymized
Anonymous telemetry (opt-in only): 1 year

Your rights

You can, at any time:

See what we have about you — email us and we'll send a copy within 30 days
Delete your account — email us and we'll erase your account and all linked data within 30 days
Correct anything wrong — email us with the change
Revoke a shared session — in the app, on the session detail page
Stop "Help us improve" telemetry — toggle off in Settings (it's off by default)
Opt out of marketing emails — we don't send any in v1, but if we ever do, every one will have an unsubscribe link

If you're in the EU/UK (GDPR), you also have the right to data portability and the right to lodge a complaint with your supervisory authority.

If you're in California (CCPA), you have the right to know what we collect, the right to delete, and the right not to be discriminated against for exercising your rights. We do not sell personal information.

To exercise any of these rights, email privacy@rallotennis.com.

Children's privacy

Rallo is built for tennis players age 13 and up. We don't knowingly collect data from anyone under 13. If you're a parent and you think your child under 13 created a Rallo account, email us and we'll delete it.

Pediatric Mode (for ages 8–12) is in development for a future version. When it ships, this policy will be updated to describe the parental-consent flow required by COPPA.

Security

We use:

TLS 1.3 for all network traffic
Apple Keychain for storing your sign-in session on your phone
HMAC signatures on every backend request, so a stolen device identifier can't be replayed by an attacker
iOS hardware encryption for everything stored on disk

No system is perfectly secure. If we ever discover a breach that affects you, we'll notify you within 72 hours under GDPR rules, or as soon as practicable under other applicable laws.

Changes to this policy

If we change how Rallo handles your data, we'll update this policy and bump the "Effective" date at the top. Material changes (new categories of data collected, new third parties, changes in retention) will be announced in-app before they take effect.

The current version is 1.0, effective May 19, 2026.

Contact

For any privacy question, request, or complaint:

Email: privacy@rallotennis.com

We respond within 5 business days.