Privacy Policy

Last updated: [TODO: date]

1. Introduction

[TODO: Introduce Clinchr and explain the purpose of this privacy policy. State commitment to protecting user privacy and compliance with GDPR and other applicable regulations.]

2. Data We Collect

[TODO: List all data collected. Categories include:

  • Account information — name, email address, profile photo
  • Authentication data — email/password, or OAuth tokens (Google, Apple)
  • Workout data — workout type, duration, date/time, indoor/outdoor, associated gym
  • Social data — friend connections, kudos, comments, feed activity
  • Gym data — gym memberships, gym ownership claims
  • Device data — push notification tokens, device type
  • Usage data — app interactions, feature usage (for improving the app)

]

3. How We Use Your Data

[TODO: Explain the purposes for data processing:

  • Providing and improving the Clinchr service
  • Displaying workouts, leaderboards, and social features
  • Sending push notifications (with user consent)
  • Processing premium subscriptions
  • Moderating content (reports, blocks)
  • Analytics and app improvement

]

4. Legal Basis for Processing (GDPR)

[TODO: State the legal bases under GDPR Article 6:

  • Consent — push notifications, optional data sharing
  • Contract — providing the service you signed up for
  • Legitimate interest — improving the app, preventing abuse

]

5. Third-Party Services

[TODO: List all third-party services that process user data:

  • Supabase — database, authentication, file storage (hosted in EU)
  • Expo — push notification delivery
  • Google Places API — gym search (no user data sent)
  • Apple / Google — OAuth sign-in, in-app purchase processing
  • Strava — optional activity import (only with user consent)
  • Sentry — crash reporting (if enabled)

]

6. Data Retention

[TODO: Explain how long data is retained. Workout data and account data are kept as long as the account is active. Upon account deletion, all data is permanently removed (cascading delete). Specify any retention periods for legal compliance.]

7. Your Rights (GDPR)

[TODO: List user rights under GDPR:

  • Right of access — request a copy of your data
  • Right to rectification — correct inaccurate data
  • Right to erasure — delete your account and all data
  • Right to data portability — export your data (available in Settings)
  • Right to restrict processing — limit how we use your data
  • Right to object — object to processing based on legitimate interest
  • Right to withdraw consent — withdraw consent at any time

]

8. Data Deletion

[TODO: Explain the account deletion process. Users can delete their account from the app's Settings screen. Deletion is permanent and removes all personal data, workouts, social connections, and content. This is GDPR-compliant with cascading deletes.]

9. Data Security

[TODO: Describe security measures: encrypted connections (HTTPS/TLS), Row Level Security (RLS) on database, secure authentication, no plain-text password storage.]

10. Children's Privacy

[TODO: State the minimum age requirement. Clinchr does not knowingly collect data from children under the minimum age. If discovered, such data will be deleted immediately.]

11. Changes to This Policy

[TODO: Clinchr reserves the right to update this policy. Users will be notified of material changes. The "Last updated" date at the top will reflect the most recent revision.]

12. Contact

[TODO: Provide contact details for privacy inquiries, e.g. privacy@clinchr.app. Include physical address if required by jurisdiction.]