We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how Calorie Challenge collects, uses, and safeguards your information when you use our mobile application and related services (the "Service").
By using the Service, you consent to the data practices described in this policy.
2. Data We Collect
We collect only the data necessary to verify your physical activity and facilitate the financial accountability mechanics of the App.
A. Health & Biometric Data (Crucial)
To function, the App requires read-access to specific data points from Apple HealthKit (iOS) or Google Health Connect (Android):
Data Type
Purpose
Active Energy Burned
To verify calorie targets and challenge completion
Heart Rate
To ensure effort is human and genuine (anti-cheat validation)
Workouts / Activity
To track distance, duration, and type of exercise
Steps
For step-based challenges
B. Account & Financial Data
Identity: Email address (for account recovery and authentication)
Wallet Address: Your public blockchain address used to pledge funds and receive rewards
Transaction History: On-chain records of your pledges, forfeits, and winnings
C. Device Data
Device model, OS version, and unique identifiers (used for security and fraud prevention).
3. Special Provisions for Health Data
We treat your health data with the highest level of sensitivity. In compliance with Apple's App Store Review Guidelines (Section 5.1.3) and Google Play's Health Connect Policy:
🚫 What We DO NOT Do With Your Health Data
NO ADVERTISING: We DO NOT use your HealthKit/Health Connect data for advertising, marketing, or data mining purposes.
NO SALE OF DATA: We DO NOT sell, rent, or share your health data with third parties, data brokers, or information resellers.
NO PROFILING: We do not build long-term historical profiles of your health outside of what is needed for challenge verification.
✅ What We DO With Your Health Data
PURPOSE LIMITATION: Your health data is used SOLELY for verifying your completion of fitness challenges ("Proof of Workout") within the App.
LOCAL PROCESSING: Whenever possible, our algorithms process data locally on your device or via secure, ephemeral oracle transmission.
FRAUD PREVENTION: Heart rate and activity patterns are analyzed to detect anomalies that suggest cheating.
4. How We Use Your Data
Verification (The Oracle): To cryptographically prove to the Smart Contract that you completed a physical task.
Fraud Prevention: To detect anomalies (e.g., GPS spoofing or impossible heart rates) that suggest cheating.
Transaction Facilitation: To enable deposits and withdrawals via our third-party partners.
Communication: To send you security alerts, challenge results, or "Magic Links" for login.
5. Sharing of Data
A. The Blockchain (Public Ledger)
Please be aware that blockchain transactions are public. When you join a challenge or claim a reward:
Your Wallet Address and Transaction Amount are visible on the public blockchain explorer.
We DO NOT publish your name, email, or health data on the blockchain.
B. Third-Party Service Providers
Privy / Web3Auth: For secure, non-custodial wallet creation and login.
Stripe / MoonPay / Transak: For processing fiat payments. We do not store your credit card information.
Cloud Infrastructure: (Firebase/Google Cloud) for secure backend hosting.
6. Data Security
Encryption: Data in transit is encrypted via SSL/TLS (HTTPS).
Non-Custodial Architecture: We do not store your private keys. Your funds are secured by smart contracts.
Access Control: Strict internal limitations on who can access user data.
Regular Audits: We conduct regular security assessments of our systems.
7. Data Retention & Deletion
Retention: We retain account data only as long as your account is active or as required by law.
Right to Delete: You may request deletion of your account and data at any time via App settings or by contacting us.
Note: We cannot delete transactions already recorded on the public Blockchain, as that ledger is immutable.
To delete your account: Open the App → Profile → Settings → Delete Account, or email us at privacy@caloriechallenge.app
8. Children's Privacy
Our Service is strictly for users aged 18 and older. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a minor, we will delete it immediately and suspend the account.
9. Your Rights
Depending on your location, you may have the following rights:
Access: Request a copy of your personal data
Correction: Update inaccurate information via Profile settings
Deletion: Request deletion of your account and data
Portability: Request your data in a machine-readable format
Withdraw Consent: Revoke health data access via your device's health platform settings
Contact Us
If you have questions about this Privacy Policy or your data rights, please contact us: