Privacy Policy

Information We Collect

• Account & profile: email, username, avatar (if provided), device tokens for push, referral codes, and basic signup metadata. If you sign in via Google or Facebook, we receive your name, email, and profile picture from those providers.
• Health & activity (with your explicit consent): Apple HealthKit and Android Health Connect data such as workouts, active energy/calories, steps, exercise sessions, and heart metrics where available and where you grant access. We read this data to compute your FitScore/FitCoin. We sync only derived/aggregated scores (e.g., FitScore, FitCoins, daily summaries), not raw HealthKit or Health Connect samples.
• Location (if enabled): used for location-aware rewards or features. You can disable in system settings.
• Social & engagement: friends/connections, invites, referrals, raffle entries, rewards/offers redemptions, and in-app actions related to social and rewards features.
• User content (Stories): photos and videos you choose to post as a Story (visible to your friends). We also store view markers so you can see “Seen by” counts on your own Stories. Stories are designed to expire after 24 hours, but you can delete them sooner.
• User content (Clubs): club membership, posts, post images (if you attach media), comments, replies, likes, and related timestamps. Club posts and comments are generally visible to members of that club, and can be aggregated into a feed for the clubs you’ve joined.
• Links you share: if you share a club post, we generate a link (deep link/universal link) that contains identifiers (e.g., clubId/postId) so recipients can open the exact post in the app or on the web.
• Safety & reporting: if you report a user or content, we collect the report details you submit (reason, optional note) plus relevant account identifiers so our team can review and take action.
• Blocking: if you block another user, we store a block record so we can hide their content and prevent unwanted interactions.
• Device & app data: app version, OS version, device model, language/locale, push tokens (APNs/FCM) to deliver notifications, and advertising identifiers where ads are enabled (such as Android Advertising ID or Apple's IDFA if permitted).
• Usage, analytics, crash data: app interactions, performance metrics, and crash reports to improve stability and features.
• Support interactions: messages you send to us for help.

How We Use Information

• Compute and display your FitScore/FitCoins and related insights.
• Sync your scores and rewards across devices (derived data only; no raw HealthKit samples are sent to our servers).
• Deliver notifications (e.g., workout recognition, rewards, friend activity), if you allow push permissions.
• Operate social features (friends, leaderboards), referrals, rewards, and raffles.
• Enable Stories (posting, viewing, friend-only sharing, view counting, and deletion).
• Enable Clubs features (creating/joining clubs, viewing member lists, posting updates, commenting, replying, liking, and sharing posts).
• Allocate and store partner promo codes when you redeem certain rewards/offers (so you can access your code later).
• Improve performance, security, and reliability; prevent fraud and abuse.
• Provide customer support and communicate important updates.
• Serve ads and measure their performance where applicable (e.g., AdMob).

Health Data

• We access Apple HealthKit and Android Health Connect only with your consent. You can change permissions anytime in the Health app, Health Connect, or your device settings.
• Raw health data is processed to compute your activity scores. We do not sell or use HealthKit or Health Connect data for advertising.
• We only sync derived values (e.g., FitScore, FitCoins, daily summaries) to Firebase so your account stays in sync across devices.

Push Notifications

We use device tokens (APNs/FCM) to send notifications about workouts, rewards, friends, and account activity. You can disable notifications in your device settings.

Stories, Friends & Visibility

• Stories are shared with your friends (not publicly).
• When you view a friend’s Story, we store a view marker so the story owner can see aggregate “Seen by” information for that story instance.
• You can delete your Story at any time. Deleted Stories should stop being visible immediately.

Reports, Blocking & Safety

If you report a user, club post, or comment, we store the report details (reason and optional note), the reporter and reported user IDs/usernames, and relevant metadata to help investigate. If you block a user, we store a block record so we can hide their content and prevent unwanted interactions. We may review reported content and take action (e.g., warnings, removals, content deletion, member removal, or account restrictions) to keep the community safe.

Clubs Moderation & Controls

• Club owners can typically manage their club (e.g., update club details, post updates, view members, and remove members).
• App moderators may have elevated permissions across clubs to help keep Fitcoin safe (e.g., removing abusive content or users).
• Content removal: you may be able to delete your own content in-app (where available). Club owners/moderators may remove posts/comments or members for safety and community reasons.

Location

If you grant location access, we use it for location-aware rewards or features. You can turn this off in system settings.

Sharing & Processors

• We do not sell personal data.
• Vendors/processors: Firebase (Auth, Firestore, Cloud Functions, Messaging), Meta/Facebook (Login, App Events), Google (Login, Analytics, Health Connect, AdMob/Google Mobile Ads), Apple (HealthKit, APNs, In-App Purchases), and similar service providers who help us run the app.
• We may share data to comply with law, protect our rights, or in connection with a merger/acquisition.

App Tracking & Advertising

Fitcoin may show ads using Google Mobile Ads/AdMob. On Android, Google Mobile Ads may use the Android Advertising ID and related device/app information to deliver ads, measure performance, apply frequency capping, and help detect fraud or abuse. You can reset or delete your Android Advertising ID in Android settings. On iOS, if you grant App Tracking Transparency (ATT) permission, we may share your device's advertising identifier (IDFA) with advertising partners (e.g., Meta, Google) to measure ad performance and attribution. You can change this choice at any time in your device's privacy settings.

In-App Purchases

Payments for Fitcoin Premium, where offered, are processed by Apple via the App Store or Google via Google Play Billing. We do not store your credit card details. We may receive purchase confirmations or receipts from Apple or Google to unlock premium features.

Device Permissions

• Camera: used to capture photos and videos for Stories.
• Photo Library: used if you choose to upload an existing photo or video.
• Health: used to read your activity data via Apple HealthKit or Android Health Connect (with your consent).
• Location: used for location-aware rewards (if enabled).

Retention

We keep data while your account is active or as needed for legitimate business, legal, or security purposes. Stories are designed to expire after 24 hours and may be deleted by you sooner. Clubs content (posts, comments, likes) may persist until deleted by you (where available), by a club owner, or by moderators. Derived fitness scores and account records may persist in backups for a limited period after deletion.

Security

Data in transit is encrypted (HTTPS). Access to production systems is restricted and audited. No system is 100% secure; please safeguard your account.

Your Choices & Rights

• Health permissions: manage in the Apple Health app.
• Notifications: manage in device settings.
• Location: manage in device settings.
• Data access/deletion: email hello@fitcoin.co. You can request account deletion and data removal; derived records in backups may take additional time to clear.
• Marketing: you can opt out of marketing communications at any time.

Children

Fitcoin is not directed to children under 13 (or the minimum age in your region). We do not knowingly collect data from children. If you believe a child has provided data, contact us to delete it.

Changes to This Policy

We may update this policy from time to time. Material changes will be posted here with an updated “Last updated” date.

Contact

Questions or requests: hello@fitcoin.co.