Privacy Policy

Last updated: April 13, 2026

10K Club ("we", "our", or "the App") is a walking and step-tracking application that helps users discover circular walking routes, track their daily activity, and connect with friends and crews. This Privacy Policy explains what information we collect, how we use it, and the choices you have.

By using 10K Club, you agree to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Name (from Sign in with Apple or Google)
• Email address
• Profile photo (if provided by your sign-in provider)
• Username (chosen by you)

1.2 Health and Activity Data

With your explicit permission, we read:

• Daily step counts from Apple HealthKit (iOS) or Google Health Connect (Android)

We never write data to HealthKit or Health Connect. Step counts are stored in our backend (Firebase Firestore) only to enable features such as your personal stats, weekly/monthly charts, leaderboards, and crew rankings.

1.3 Location Data

With your explicit permission, we use:

• Approximate and precise GPS location to generate circular walking routes from your current position

Location is processed in real time by the App and the Mapbox Directions API to compute walking routes. We do not store your raw GPS coordinates in our backend.

1.4 Social and Crew Data

• Followers / Following lists
• Crew memberships, creation, and join requests
• Saved and liked routes

1.5 Diagnostic Data

We use Firebase Crashlytics to collect anonymized crash reports, device model, OS version, and app version to diagnose issues and improve stability.

2. How We Use Your Information

We use the information described above to:

• Authenticate you and maintain your account
• Display your step activity, streaks, and progress
• Generate personalized walking routes
• Power leaderboards, crews, and social features
• Improve App stability and performance
• Communicate with you about service-related matters (e.g., security updates)

We do not sell your personal information. We do not show third-party advertising.

3. How We Share Your Information

Your information is shared only in the following limited cases:

• Other users: Your username, profile photo, follower/following lists, crew memberships, public step totals, and saved routes are visible to other authenticated users of the App.
• Service providers: We use the following processors to operate the App:
  • Google Firebase (Authentication, Firestore, Crashlytics, Storage) — data hosting
  • Mapbox — map tiles and walking-route generation (location data is sent in real time)
  • Apple / Google — authentication providers
• Legal requirements: We may disclose information if required by law, court order, or to protect the rights, safety, or property of users or the public.

We never sell or rent your data to advertisers or data brokers.

4. Data Retention

• Account data, steps, social data: retained for as long as your account is active.
• Diagnostic data: typically retained up to 90 days by Firebase Crashlytics.
• Account deletion: you can delete your account at any time from the Profile screen. When you do, we permanently delete your profile, step history, follower relationships, and crew memberships within 30 days. Backup copies may persist for up to an additional 60 days for disaster-recovery purposes.

5. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your data ("right to erasure")
• Export your data in a portable format
• Withdraw consent for HealthKit, Health Connect, or Location at any time via your device's system settings
• Object to certain processing activities

To exercise these rights, contact us at the email below. EU/UK users may also contact their local Data Protection Authority. California residents have additional rights under the CCPA, including the right to opt out of "sales" of personal information (we do not engage in such sales).

6. HealthKit-Specific Disclosures (iOS)

Per Apple's HealthKit guidelines:

• We only request read access to step count data.
• HealthKit data is never shared with third parties for advertising or marketing purposes.
• HealthKit data is never sold.
• HealthKit data is used solely to display your activity inside the App and to compute step-based features (leaderboards, crews, streaks).
• You can revoke HealthKit access at any time in iOS Settings → Privacy & Security → Health → 10K Club.

7. Children's Privacy

10K Club is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

8. Security

We use industry-standard measures to protect your data, including:

• Encrypted connections (TLS) between the App and our backend
• Firebase Authentication for identity verification
• Firestore Security Rules to restrict data access on a per-user basis

No method of transmission or storage is 100% secure, but we work continuously to protect your information.

9. International Data Transfers

Your data may be processed and stored on servers operated by Google Firebase and Mapbox in the United States, the European Union, or other regions. By using the App, you consent to the transfer and processing of your data in these locations.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the App and updating the "Last updated" date above. Continued use of the App after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions, requests, or concerns about this Privacy Policy or your data, contact us at:

Email: privacy@be10kclub.com