← Back to Home

PRIVACY POLICY

Effective date: 19 April 2026 | Last updated: 19 April 2026

FitClash ('we', 'our', 'us') is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what personal data we collect from users of the FitClash mobile application ('the App'), why we collect it, how we use it, and your rights under UK data protection law — including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By creating an account and using the App, you agree to the collection and use of information as described in this policy.

1. WHO WE ARE

FitClash is an independent mobile application. For the purposes of UK GDPR, we are the data controller responsible for your personal data.

Contact: fitclashapp@gmail.com

2. WHAT DATA WE COLLECT

2.1 Account data

When you register you provide:

2.2 Health and fitness data (Apple HealthKit)

With your explicit consent, the App reads the following data from Apple HealthKit on iOS:

Important details about how this data is handled:

2.3 Push notification token

If you grant permission for push notifications, we store a push token (a device identifier generated by Apple's notification service via Expo) in your profile record in our database. This token is used only to deliver clash-related notifications such as invites, acceptances, and results. We do not use it for marketing without your separate consent.

2.4 Profile photo (optional)

You may optionally upload a profile photo using your device's photo library (via expo-image-picker). If uploaded, your photo is stored securely in our database and shown to users you are clashing with or friends with. You can remove your photo at any time from your profile settings.

2.5 Contacts (future feature)

A future version of the App may request access to your device contacts to help you find friends already using FitClash. If and when this feature is introduced:

2.6 Usage and activity data

In the normal course of using the App, the following data is created and stored in our database:

2.7 Session data

Your Supabase Auth session token is stored securely on your device using iOS Keychain (via expo-secure-store). This is used to keep you logged in between app sessions. It is not shared with any third party.

3. HOW WE USE YOUR DATA

4. LEGAL BASIS FOR PROCESSING (UK GDPR)

5. APPLE HEALTHKIT — SPECIAL RULES

Apple HealthKit data is treated with the highest level of care. In addition to the points in section 2.2, we confirm the following:

6. THIRD-PARTY SERVICES

Supabase Inc.

Provides our backend database, authentication, real-time data sync, and file storage. Receives: account data, computed clash scores, friendship records, push tokens, activity feed entries, and goal settings. Supabase processes data on our behalf as a data processor under a Data Processing Agreement. Supabase infrastructure is hosted in the EU/US.

Privacy policy: supabase.com/privacy

Expo / Expo Push Service

Used to deliver push notifications to your device. When you enable notifications, your device push token is sent to Expo's notification infrastructure, which forwards the notification to Apple's Push Notification service (APNs). Expo does not receive the content of your personal data beyond what is necessary to route the notification.

Privacy policy: expo.dev/privacy

Apple Inc. (HealthKit and APNs)

Apple HealthKit is used to read your health and fitness data on your device. Apple's Push Notification service (APNs) is used to deliver push notifications. These are governed by Apple's Privacy Policy: apple.com/legal/privacy

7. DATA WE DO NOT COLLECT

To be explicit about what we do not collect:

8. DATA SHARING

We do not sell your personal data. We share data only in the following circumstances:

9. DATA RETENTION

10. INTERNATIONAL DATA TRANSFERS

Supabase infrastructure may involve data being processed in the United States or other countries outside the UK. Supabase operates under Standard Contractual Clauses and other adequacy mechanisms as required by UK GDPR. We ensure appropriate safeguards are in place for any international transfers.

11. YOUR RIGHTS UNDER UK GDPR

You have the following rights regarding your personal data:

To exercise any of these rights, contact us at: fitclashapp@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

12. CHILDREN'S PRIVACY

FitClash is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. Users aged 13–17 should have parental or guardian consent before using the App. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it promptly.

13. SECURITY

We implement appropriate technical and organisational measures to protect your personal data. These include:

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but will notify you of any breach that affects your personal data as required by law.

14. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify you of material changes through the App or by email. The effective date at the top of this document indicates when it was last updated. Continued use of the App after changes take effect constitutes acceptance of the updated policy.

15. GOVERNING LAW

This Privacy Policy is governed by and construed in accordance with the laws of England and Wales. Any disputes relating to this policy shall be subject to the exclusive jurisdiction of the courts of England and Wales.

16. CONTACT US