Brobot is a private AI fitness coaching service that helps you track your health, nutrition, and training. This policy explains what data we collect, how we use it, where it's stored, who can access it, and what control you have over it.
Brobot is operated by a single individual (the "operator"), not a company. Your data is handled with the care and privacy standards of a personal coaching relationship.
When you onboard with Brobot, we collect:
If you connect a wearable device or fitness platform, we collect data from it daily:
| Source | What We Collect |
|---|---|
| Garmin | Steps, heart rate, HRV, sleep (hours + stages), stress, VO2max, training load, calories, SpO2, body battery |
| Whoop | HRV, recovery score, strain, sleep performance, respiratory rate |
| Oura | HRV, readiness score, sleep stages, resting HR, SpO2, stress, activity, workouts |
| Samsung Health | Steps, distance, calories, heart rate, HRV, sleep + stages, workouts, SpO2, weight |
| Strava | Workouts only: activity name, sport type, duration, distance, elevation, heart rate, power. No sleep or recovery data. |
| TrainingPeaks | Planned and completed workouts, Training Stress Score (TSS), fitness metrics (CTL/ATL/TSB) |
When you send Brobot a photo or description of a meal, we estimate the macronutrient content (calories, protein, carbs, fats) and log it in a structured file. This data is used to track your daily intake against your targets and, if you've opted in, share it with your trainer via a Google Sheet.
If you've competed in Hyrox events and provide your name, we look up your publicly available race results from hyresult.com (splits, rankings, station times) to help shape your training.
Brobot maintains a daily session log of key topics discussed during coaching — goals, decisions, training adjustments, meals logged, and anything else relevant to your coaching. These logs help Brobot maintain continuity across sessions.
Your data is used solely to provide personalised fitness coaching:
We never use your data for advertising, sell it to third parties, or aggregate it across clients for any purpose.
Your personal data, health files, nutrition logs, and session memory are stored as files on a private server operated by the operator. These files are organised per-client and isolated from other clients' data.
OAuth tokens (the credentials that let Brobot access your Garmin, Whoop, Oura, Strava, or TrainingPeaks account) are stored in separate per-client directories with restricted file permissions (readable only by the server's operating system user).
If you opt into coach collaboration, a Google Sheet is created or connected containing your daily health metrics. This sheet is stored in Google Drive and shared with:
Brobot writes to specific columns only (weight, nutrition, steps, cardio, sleep, heart rate, HRV, daily notes) and never modifies your trainer's columns, formulas, or formatting.
If you use Samsung Health, your phone exports a daily health backup to a Google Drive folder that you share with Brobot's service account. Brobot reads this folder to extract your health data. The folder and its contents remain in your Google Drive under your ownership.
Brobot relies on the following third-party services to function. Each receives only the minimum data necessary for its role:
| Service | Role | What It Receives |
|---|---|---|
| Anthropic (Claude AI) | Powers the coaching agent | Your messages, health data summaries, profile context, and coaching history during active sessions and summary generation |
| Google Cloud | Drive and Sheets APIs | Health data written to your coach sheet; Samsung Health exports read from your Drive folder |
| Cloudflare | Secure tunnel for OAuth | OAuth authorization codes pass through during integration setup (not stored) |
| Whoop / Oura / Strava / Garmin / TrainingPeaks | Health data providers | OAuth tokens exchanged to fetch your health data on your behalf |
| Message delivery | Your coaching summaries and meal reminders |
Brobot is powered by Anthropic's Claude AI. When you interact with Brobot or when it generates your daily summary, your data is sent to Anthropic's servers for processing. Anthropic's data handling practices are governed by their own privacy policy and terms of service. Brobot does not train any AI models on your data.
If you opt into coach collaboration during onboarding, Brobot shares your daily health and nutrition metrics with your personal trainer via a shared Google Sheet. You are always asked for explicit consent before this is set up. Your trainer sees:
Your trainer does not have access to:
Brobot enforces strict client isolation. Your data is never shared with, referenced by, or visible to any other client. Brobot will not confirm or deny the existence of other clients. These isolation rules are built into Brobot's core operating instructions and cannot be overridden.
The operator (who manages the Brobot service) has access to the server where your data is stored. The operator can view your files for troubleshooting purposes but does not routinely access your coaching conversations or health data.
Your data is retained for as long as your account is active. There is no automatic deletion schedule.
When you deactivate your account, your data remains on the server but is no longer processed by daily syncs or coaching sessions. You can request full deletion at any time (see Section 8).
We take the following measures to protect your data:
Every data sync and coach sheet update is logged to an audit file with a timestamp, client ID, and summary of what was accessed or written. This allows us to answer "when was my data last accessed?" if you ask. Deletion events are also logged for accountability.
All client data, OAuth tokens, and operator secrets are stored inside a LUKS-encrypted volume on the server. The volume is unlocked at boot and remains mounted while the server is running. If the server is powered off or the drive is removed, the data is encrypted and inaccessible without the passphrase.
You can ask Brobot for a copy of all your stored data at any time. Just say something like "can I have a copy of my data?" and Brobot will generate a zip file containing:
The zip is sent to you via your primary channel (WhatsApp). OAuth tokens are excluded for security — they would be useless to you and a risk if intercepted. Your Google Sheet (if you have coach collaboration enabled) is already in your Google Drive and accessible directly.
You can disconnect any health integration at any time by asking Brobot. This revokes Brobot's access to that service and deletes the stored tokens. Health data already collected remains in your files unless you request deletion.
If you no longer want your trainer to see your data, you can remove their access from the Google Sheet directly (via the Sheet's Share settings), or ask Brobot or the operator to update your configuration.
You can request permanent deletion of all your data at any time by telling Brobot. Just say "delete my data" or "remove my account." Brobot will ask you to confirm once (this is irreversible), then immediately:
This is fully automated — no operator involvement needed. Once confirmed, deletion is immediate and permanent.
If you'd like to take a break without deleting everything, ask Brobot to "pause" your account. This stops all daily syncs, summaries, and coaching messages while keeping your data intact for when you're ready to resume.
Brobot is not designed for use by anyone under 18. We do not knowingly collect data from minors. If you believe a minor has been onboarded, please contact the operator immediately.
We may update this policy as Brobot evolves. Material changes will be communicated to active clients via their primary communication channel before taking effect.
If you have questions about this policy, your data, or your rights, contact the operator directly: