Privacy Policy – Tontine Fitness, LLC

Tontine Fitness, LLC ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

1. Information We Collect

1.1 Information You Provide

Account information: Your Apple ID (via Sign in with Apple), display name, email address (which may be a private relay address), and username you choose.
Financial information: Payment is processed entirely by Stripe, Inc. We store only non-sensitive payment metadata (e.g., last 4 digits of bank account for display) — we never store full card numbers or bank account credentials.
Bank account details for withdrawals: Routing number and account number are transmitted to Stripe for ACH payout setup. We do not store these on our servers after tokenization.
Tax information: If required by law, we may collect a taxpayer identification number (TIN) to issue tax forms for prize winnings.

1.2 Information Collected Automatically

Step data: Daily step counts sourced from Apple HealthKit. We collect step count totals (not raw sensor data) solely for competition scoring.
Competition data: Your participation history, step records, earnings, and competition outcomes.
Device information: Device type, operating system version, and app version for troubleshooting purposes.
Usage data: App interactions and feature usage (anonymized or pseudonymized where possible).
Push notification tokens: To send competition alerts and reminders (only if you grant permission).

1.3 Information We Do Not Collect

Precise GPS location
Contacts, photos, or camera access (beyond profile photo upload if you choose)
Raw biometric or continuous sensor data beyond daily step totals
Social graph data beyond usernames you voluntarily connect as friends in-app

2. How We Use Your Information

Purpose	Data Used
Operate competitions	Apple ID, username, step data, competition records
Process payments	Apple Pay token (via Stripe), billing address for tax
Process withdrawals	Bank account token (Stripe), Vault Wallet balance
Issue tax forms	Name, TIN, prize amounts (if legally required)
Send notifications	Push token, competition status
Improve the Service	Anonymized usage data, crash logs
Fraud prevention & security	Account data, device identifiers, behavioral signals
Legal compliance	Any required data as determined by applicable law

We do not sell your personal information to third parties. We do not use your data for targeted advertising.

3. Apple HealthKit Data

Tontine Fitness accesses Apple HealthKit data (specifically, step count) solely for the purpose of verifying daily competition goals. HealthKit data is:

Read only when you have granted HealthKit permission in iOS Settings;
Used exclusively for competition scoring — never shared with third parties for advertising or marketing;
Not used to build health profiles or sold to data brokers;
Stored in our Firebase database in pseudonymized form (keyed by user ID and date).

You may revoke HealthKit access at any time via iOS Settings → Privacy & Security → Health → Tontine Fitness. Revoking access will prevent future step syncing and may result in elimination from active competitions.

4. Third-Party Services

We use the following third-party services, each of which has its own privacy practices:

Firebase (Google LLC) — backend database, authentication, and cloud functions. Data may be stored on Google infrastructure. See Firebase Privacy.
Stripe, Inc. — payment processing and ACH transfers. Card and bank data is handled by Stripe under PCI-DSS compliance. See Stripe Privacy Policy.
Apple, Inc. — Sign in with Apple authentication and Apple Pay. Your Apple ID credentials are managed solely by Apple. See Apple Privacy Policy.

We do not integrate with advertising networks, social media trackers, or data brokers.

5. Data Retention

We retain your data for as long as your account is active and for a reasonable period afterward to comply with legal obligations (such as tax record retention requirements). Specific retention periods:

Account and profile data: Retained until account deletion, then deleted within 30 days.
Competition and earnings records: Retained for 7 years for tax and legal compliance purposes.
Step data: Retained for up to 2 years, then deleted or anonymized.
Crash logs and usage data: Retained for up to 90 days.

6. Data Security

We implement industry-standard security measures including encrypted data transmission (TLS), Firebase Security Rules to limit data access, and third-party payment tokenization so we never handle raw financial credentials. No system is perfectly secure; in the event of a data breach that materially affects your rights, we will notify affected users as required by applicable law.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of personal data we hold about you.
Correction: Request correction of inaccurate data.
Deletion: Request deletion of your account and associated data (subject to legal retention requirements). Use the in-app Delete Account function or contact us.
Portability: Request your data in a machine-readable format.
Opt-out of communications: Disable push notifications in iOS Settings at any time.

To exercise any of these rights, contact us at privacy@tontinefitness.app. We will respond within 30 days.

8. Children's Privacy

Tontine Fitness is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have inadvertently collected data from a child, we will delete it promptly. Contact us at privacy@tontinefitness.app if you believe a child has created an account.

9. California Privacy Rights (CCPA/CPRA)

California residents have the right to know what personal information we collect and how it is used, to request deletion, to opt out of the sale of personal information (we do not sell personal information), and to non-discrimination for exercising these rights. To submit a request, contact us at privacy@tontinefitness.app.

10. Nevada Privacy Rights

Nevada residents may request that we not sell their covered information. We do not sell personal information. To submit a request, contact us at privacy@tontinefitness.app.

11. International Users

Tontine Fitness is operated from the United States. If you access the Service from outside the US, your information may be transferred to and processed in the United States, which may have different data protection laws than your jurisdiction. By using the Service, you consent to this transfer.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the Effective Date and, for significant changes, by in-app notification. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

13. Contact Us

For privacy-related inquiries:
Tontine Fitness, LLC
Privacy: privacy@tontinefitness.app
Support: Support Center