Privacy Policy

Effective date: April 16, 2026  ·  Last updated: April 16, 2026

1. About This Policy

This Privacy Policy describes how StepStreak — the iOS app published on the App Store, also marketed as "StepsStreak" on our website at stepsstreak.com (together, "the App", "we", "our") — handles information when you use our iOS application. By using the App, you agree to the practices described in this policy.

2. Information We Access from Apple Health

StepsStreak requests permission to read one data type from Apple HealthKit:

• Step Count (HKQuantityType .stepCount) — used to display your daily step progress and determine whether you have met the 10,000-step daily goal.

We request this permission explicitly through iOS's standard HealthKit authorization dialog. You may revoke it at any time in Settings → Health → Data Access & Devices → StepsStreak.

Health data stays on your device. It is never transmitted to our servers or any third party.

3. Information We Collect from You

To sign you in, bill you, and keep the app running, we collect:

• Name and email address — from Sign in with Apple or Google. Stored in our backend (Supabase) to identify your account.
• Anonymous user ID — a random UUID issued by Supabase so we can tie your purchase to your account.
• Purchase status — whether you have bought the one-time 21-day challenge. Stored with Apple's StoreKit, RevenueCat, and our backend.
• Challenge timestamps — when you started and completed a challenge, used to power the live "walkers active now" counter shown in-app.
• App usage events — screens viewed, buttons tapped, and similar product-interaction events. Used to understand which parts of the app work and which confuse people.
• Crash reports — automatically collected if the app crashes, so we can fix bugs.

We do not collect location data, contacts, photos, advertising identifiers (IDFA), or any health data beyond step count.

4. Third-Party Service Providers

StepsStreak relies on the following service providers. None of them receive your HealthKit step data. None of them track you across other apps or websites.

• Supabase (auth + database) — stores your user ID, name, email, purchase status, and challenge timestamps. Privacy policy.
• RevenueCat (in-app purchases) — receives the Apple transaction identifier so we can verify your one-time purchase and restore it on a new device. Privacy policy.
• Apple StoreKit / Sign in with Apple — handles payment and authentication. Governed by Apple's privacy policy.
• Google Sign-In — only if you choose Google as your login method. Governed by Google's privacy policy.
• Mixpanel (product analytics) — receives your anonymous user ID and app-usage events. Configured without IDFA / cross-app tracking. Privacy policy.
• Firebase Crashlytics (crash reporting) — receives crash stack traces, device model, and OS version. Google Analytics is disabled. Privacy policy.

5. How We Use This Information

We use the information collected solely to:

• Authenticate you and keep you signed in.
• Unlock and restore your one-time 21-day challenge purchase.
• Display your progress, streak, and history inside the app.
• Power the live community counter ("X walkers live in a challenge right now").
• Diagnose crashes and fix bugs.
• Understand in aggregate which parts of the app people use.

We do not use any of this information for advertising, targeted marketing, or sale to third parties.

6. Data Storage & Security

Your challenge records, day history, walks, and streak are stored locally on your device using Apple's SwiftData framework.

Your account and purchase information is stored with Supabase and RevenueCat, encrypted in transit (TLS) and at rest. Access is restricted via row-level security — each account can only read its own data.

Your step data remains inside Apple Health and is governed by Apple's own privacy policy.

7. HealthKit-Specific Disclosures

In compliance with Apple's HealthKit guidelines:

• HealthKit data will not be used for advertising or other use-based data mining.
• HealthKit data will not be sold to third parties, including data brokers, advertising networks, or data analytics providers.
• HealthKit data will not be disclosed to third parties for any purpose without user consent, except as required by law.
• StepsStreak reads step count only. It does not write any data to HealthKit.

8. Tracking & Advertising

StepsStreak does not show ads. We do not use the iOS advertising identifier (IDFA). We do not track you across other apps or websites. The App Tracking Transparency prompt is therefore not shown.

9. Children's Privacy

StepsStreak is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has used the app and provided any personal information, please contact us and we will take appropriate steps.

10. Your Rights & Data Deletion

You can delete your account and all associated server-side data at any time:

• In the app: Settings → Delete account. This permanently removes your profile row and all data tied to your user ID from our backend. The deletion cannot be undone.
• Local app data: Deleting the app from your device removes all locally stored challenge, streak, and widget data.
• HealthKit access: Settings → Health → Data Access & Devices → StepsStreak revokes our read permission.
• By email: You can also write to support@stepsstreak.com and we will delete your account within 7 days.

Depending on where you live, you may also have the right to access, correct, or port your data. Email the address above to exercise those rights.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Material changes will be surfaced in-app. Continued use after any changes constitutes your acceptance of the revised policy.

12. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at:

support@stepsstreak.com