Privacy Policy
Last updated: 2026-05-16
This is the privacy policy for Notch, the Wear OS and Android app published by Code to Muscle (a sole proprietorship operated by Edwin Knuth). Plain English, no legalese. If anything here is unclear, email eknuth@gmail.com and I'll fix the wording.
The short version
- Your workouts and heart rate samples stay on your watch and phone. They are not uploaded anywhere by default.
- The only personal data I ever receive on a server tied to you is your email address, and only if you typed it into the signup form on
notch.codetomuscle.com. - Notch sends anonymous diagnostic traces (device model, OS version, exercise IDs, durations, error types) to a self-hosted SigNoz instance so I can tell when the app is broken. No names, no Hevy keys, no per-sample heart-rate data.
- If you turn on Hevy sync and paste your API key, your set data is sent to
api.hevyapp.comso it can land in your Hevy account. Notch doesn't store a copy of that anywhere else. - No ad networks. No tracking SDKs. No third-party analytics products.
What Notch collects, where it goes, and why
1. Workout data (sets, durations, exercise names)
- What: Each timed hold or rep-based set you log (exercise name, duration or rep count, timestamp).
- Where it lives: A local Room database on your watch. The same data is mirrored to your phone via the Wearable Data Layer so the companion app can show history and charts.
- What leaves your devices: Nothing. There is no Notch-operated server for workout data.
- Why: This is the entire point of the app. The data is yours.
2. Heart rate samples (during timed holds, optional)
- What: Heart rate readings sampled by the Health Services Client while a hold timer is running. If your watch has no HR sensor, or you deny the permission, Notch silently skips this and logs the set without HR.
- Where it lives: Stored alongside the set in the local database. Never transmitted off-device.
- Why: So you can see how a 60-second dead hang affected you over time.
- You can revoke: System Settings, then Permissions, then Body Sensors / Health.
3. Email address (only if you signed up on the website)
- What: The email address you typed into the signup form on
notch.codetomuscle.com. - Where it lives: A Cloudflare Workers KV namespace, stored in Cloudflare's infrastructure.
- Used for: A single launch-announcement email when Notch ships to the Play Store. Possibly one or two follow-ups if you're an active early user. That's it.
- Not used for: Targeted ads. Selling. Sharing with third parties. There is no marketing automation tool wired up.
- You can delete it: Email eknuth@gmail.com with the subject "delete my email" and I will remove it within seven days. You can also unsubscribe from any email I send you.
4. Hevy sync (opt-in)
- What: When you paste your Hevy API key into the phone app's Settings (Pro feature), Notch bundles each day's sets into a workout and POSTs it to
api.hevyapp.com. - API key storage: Your Hevy API key is stored encrypted on your device using Android's
EncryptedSharedPreferences. The phone propagates it to the watch over the Wearable Data Layer. It never leaves your devices except to authenticate with Hevy. - Where the workout data lives after sync: In your Hevy account. Hevy's privacy policy applies once it's there: https://hevyapp.com/privacy
- What Notch retains: Only the local copy that already lives on your watch and phone. Notch does not keep a separate sync log on a server.
- Default: Off. Notch will never sync to Hevy unless you explicitly enable it and paste your own API key.
5. Diagnostic telemetry (anonymous traces to SigNoz)
- What: Notch sends anonymous traces to a self-hosted SigNoz instance at
signoz.codetomuscle.comso I can tell when the app is broken in the wild. Each trace carries:service.name(notch-watch or notch-phone),service.version,device.model(e.g. "Pixel Watch 3"),os.version,app.installer(Play Store vs sideload), exercise IDs, durations in seconds, HR averages and maxes as scalars, and exception types and messages when something throws. - What is NOT included: No user IDs, no email addresses, no Hevy API keys, no per-sample heart-rate data, no exercise names that you create, no advertising IDs, no IP addresses (the SigNoz collector does not record them).
- Sampling: Release builds report 10% of traces. Debug builds I run locally report 100%. If your watch is below 20% battery (10% on phone), the exporter is suppressed.
- Crashes: Uncaught exceptions are captured as a span and reported. The stack trace and exception message are included. I'll fix what I see.
- Why: It's the only way I know whether the app is reliable for you. Without it I'd be guessing.
- No third-party analytics: SigNoz is a self-hosted open-source observability tool. The instance is mine, on a server I control. No Google Analytics, no Firebase, no Mixpanel, no Amplitude, no Crashlytics.
What Notch does NOT do
- No third-party analytics (no Google Analytics, no Firebase Analytics, no Mixpanel, no Amplitude, none of it).
- No ad networks. No advertising IDs read.
- No social SDKs.
- No selling, renting, or sharing of your data with anyone, ever. The Hevy sync is opt-in and goes only to your own Hevy account; the SigNoz traces go to a server I personally operate.
Permissions Notch requests, and why
| Permission | Why |
|---|---|
BODY_SENSORS | Read heart rate during a hold timer. Optional. |
ACTIVITY_RECOGNITION | Required by Health Services Client to start an exercise session. |
POST_NOTIFICATIONS | Show the optional daily reminder ("you haven't notched any reps yet today"). |
RECEIVE_BOOT_COMPLETED | Re-arm the daily reminder alarm after the device reboots. |
WAKE_LOCK / VIBRATE | Run the timer reliably and provide haptic ticks. |
INTERNET | Hevy API calls (if you enable sync) and anonymous diagnostic traces to SigNoz. |
Data retention
- On your devices: Forever, until you uninstall Notch. Uninstalling wipes the local database. All sets, heart rate samples, and streak data are gone.
- Email signups: Retained until you ask for deletion or until I shut the mailing list down. Either way I will not silently keep it forever; if you haven't engaged with an email in 24 months I will purge your address proactively.
- SigNoz traces: Retained for 15 days at the SigNoz instance, then deleted automatically.
Your rights
You can:
- Access all data Notch holds about you on your devices (it's all visible in the app; there's no hidden field).
- Delete all on-device data by uninstalling the app.
- Delete your email signup by emailing eknuth@gmail.com.
- Opt out of any feature that sends data off-device. Hevy sync is off by default. Diagnostic traces can be disabled by clearing your Hevy key and installing a Debug build (not currently exposed as a user toggle; if this matters to you, email me and I'll add one).
GDPR and CCPA: I treat all users the same regardless of jurisdiction. The above rights apply to everyone.
Children
Notch is rated for ages 13+. The strength training advice in the app and on the website assumes an adult body. I don't knowingly collect data from anyone under 13. If you believe a child's email made it onto the signup list, email me and I'll remove it.
Security
- The Cloudflare Worker uses TLS for all traffic.
- The KV namespace is access-controlled to my Cloudflare account.
- The on-device Room database is protected by the OS sandbox; Android isolates app storage by package.
- The Hevy API key is stored in Android's
EncryptedSharedPreferenceson-device. - I won't pretend to have a SOC 2. I'm a single developer. If you need that level of assurance, this app probably isn't for you yet.
Changes to this policy
If I change anything material, I'll update the "Last updated" date at the top and post a note on notch.codetomuscle.com. If a change expands what data is collected, I'll email everyone on the mailing list before it takes effect.
Contact
- Developer: Edwin Knuth, doing business as Code to Muscle
- Email: eknuth@gmail.com
- Website: https://notch.codetomuscle.com
For deletion requests, privacy questions, or anything else, that email reaches me directly.