Trust Center

Trust, security & privacy

This page is maintained by Roks Therapy Liverpool to answer common questions about how Roks Recovery Lab keeps your account and recovery data safe. It describes controls that are currently in place in the app and is not an independent certification or audit.

Accounts & authentication

Accounts are protected by email and password sign-in, with optional Google sign-in handled by the upstream provider. Sessions are stored in your browser and can be ended at any time by signing out.

Access to administrative tools is limited to designated staff accounts and is enforced on the server, not just in the browser.

What we collect

To run the app we store the information you give us: your email address, profile details you choose to add, pain logs, daily check-ins, practice completions, community posts and messages with the Ask Lennox assistant. Payment details are handled directly by our payment processor — we do not see or store full card numbers.

How your data is used

Your recovery data is used to power features inside the app — your dashboard, streaks, recommended practices and the Ask Lennox assistant. We do not sell your personal data. We use privacy-respecting analytics to understand which pages and features are used.

Storage & access controls

Application data is stored in a managed Postgres database with row-level security enabled, so each signed-in account can only read and write its own records. Published practice content is only readable by signed-in accounts. Uploaded files (such as practice images) live in private storage buckets and are served through short-lived signed links rather than public URLs.

Traffic between your browser and the app is encrypted in transit using HTTPS.

Subprocessors & integrations

We rely on a small number of trusted providers to operate the service, including our hosting and database provider, our email delivery provider, our payments provider and Google Analytics for aggregate usage statistics. Each provider only receives the data needed to perform its function.

Cookies & analytics

The site uses a small number of cookies and similar storage for sign-in sessions and for Google Analytics 4. Analytics is used to understand site usage in aggregate, not to identify you personally.

Retention & deletion

Your data is retained while your account is active. If you would like a copy of your data, or to have your account and associated data deleted, contact us at the address below and we will action the request.

Reporting a security issue

If you believe you have found a security issue, please email hello@roksrecovery.com with details so we can investigate. Please do not publicly disclose the issue until we have had a chance to respond.

Changes to this page

We update this page as the app evolves. It describes current practices and is not a contract or legal notice. For questions, contact hello@roksrecovery.com.

← Back to home