Privacy Policy
Last updated: 2026-01-05
Fitcoin respects your privacy. This policy explains what we collect, why we collect it, how we use it, and the choices you have. By using Fitcoin, you agree to this policy.
Information We Collect
- Account & profile: email, username, avatar (if provided), device tokens for push, referral codes, and basic signup metadata.
- Health & activity (with your explicit consent): Apple HealthKit data such as workouts, active energy, steps, heart metrics (if you grant access). We read these locally to compute your FitScore/FitCoin. We sync only derived/aggregated scores (e.g., FitScore, FitCoins, daily summaries), not raw HealthKit samples.
- Location (if enabled): used for location-aware rewards or features. You can disable in system settings.
- Social & engagement: friends/connections, invites, referrals, raffle entries, rewards/offers redemptions, and in-app actions related to social and rewards features.
- User content (Stories): photos you choose to post as a Story (visible to your friends). We also store view markers so you can see “Seen by” counts on your own Stories. Stories are designed to expire after 24 hours, but you can delete them sooner.
- Safety & reporting: if you report a user or content, we collect the report details you submit (reason, optional note) plus relevant account identifiers so our team can review and take action.
- Device & app data: app version, OS version, device model, language/locale, and push tokens (APNs/FCM) to deliver notifications.
- Usage, analytics, crash data: app interactions, performance metrics, and crash reports to improve stability and features.
- Support interactions: messages you send to us for help.
How We Use Information
- Compute and display your FitScore/FitCoins and related insights.
- Sync your scores and rewards across devices (derived data only; no raw HealthKit samples are sent to our servers).
- Deliver notifications (e.g., workout recognition, rewards, friend activity), if you allow push permissions.
- Operate social features (friends, leaderboards), referrals, rewards, and raffles.
- Enable Stories (posting, viewing, friend-only sharing, view counting, and deletion).
- Allocate and store partner promo codes when you redeem certain rewards/offers (so you can access your code later).
- Improve performance, security, and reliability; prevent fraud and abuse.
- Provide customer support and communicate important updates.
- Serve ads and measure their performance where applicable (e.g., AdMob).
HealthKit Data
- We access HealthKit only with your consent. You can change permissions anytime in the Health app.
- Raw HealthKit data is processed on your device. We do not sell or use HealthKit data for advertising.
- We only sync derived values (e.g., FitScore, FitCoins, daily summaries) to Firebase so your account stays in sync across devices.
Push Notifications
We use device tokens (APNs/FCM) to send notifications about workouts, rewards, friends, and account activity. You can disable notifications in your device settings.
Stories, Friends & Visibility
- Stories are shared with your friends (not publicly).
- When you view a friend’s Story, we store a view marker so the story owner can see aggregate “Seen by” information for that story instance.
- You can delete your Story at any time. Deleted Stories should stop being visible immediately.
Reports & Safety
If you report a user or Story, we store the report details (reason and optional note), the reporter and reported user IDs/usernames, and relevant metadata to help investigate. We may review reported content and take action (e.g., warnings, removals, or account restrictions) to keep the community safe.
Location
If you grant location access, we use it for location-aware rewards or features. You can turn this off in system settings.
Sharing & Processors
- We do not sell personal data.
- Vendors/processors: Firebase (Auth, Firestore, Cloud Functions, Messaging), Apple (HealthKit, APNs), analytics/crash tools, AdMob (ads), and similar service providers who help us run the app.
- We may share data to comply with law, protect our rights, or in connection with a merger/acquisition.
Retention
We keep data while your account is active or as needed for legitimate business, legal, or security purposes. Stories are designed to expire after 24 hours and may be deleted by you sooner. Derived fitness scores and account records may persist in backups for a limited period after deletion.
Security
Data in transit is encrypted (HTTPS). Access to production systems is restricted and audited. No system is 100% secure; please safeguard your account.
Your Choices & Rights
- Health permissions: manage in the Apple Health app.
- Notifications: manage in device settings.
- Location: manage in device settings.
- Data access/deletion: email hello@fitcoin.co. You can request account deletion and data removal; derived records in backups may take additional time to clear.
- Marketing: you can opt out of marketing communications at any time.
Children
Fitcoin is not directed to children under 13 (or the minimum age in your region). We do not knowingly collect data from children. If you believe a child has provided data, contact us to delete it.
Changes to This Policy
We may update this policy from time to time. Material changes will be posted here with an updated “Last updated” date.
Contact
Questions or requests: hello@fitcoin.co.