Privacy Policy

Effective Date: May 21, 2026

SquatPass (“we”, “our”, or “us”) operates the SquatPass mobile application. This Privacy Policy explains what data we collect, how we use it, and your rights.

1. Data We Collect

Account Information

• Name — first name, provided during onboarding or via Apple Sign In.
• Display name — chosen during onboarding. Shown publicly on the in-app global leaderboard alongside your rep count. You may change it at any time from Profile, or block another user to hide their display name from your view.
• Email address — collected during email sign-up or Apple Sign In (optional).
• User ID — a unique identifier assigned when your account is created.

Onboarding Quiz Responses

During onboarding you answer questions about your screen-time goals, daily phone usage, and fitness preferences. These responses are stored to personalize your experience.

Fitness & Workout Data

• Number of squat repetitions per session
• Workout duration (seconds)
• XP earned and current level
• Streak length (consecutive days with workouts)
• Daily squat goal setting
• Optional Step Rewards settings, including whether Step Rewards are enabled and your daily step goal

If you turn on Step Rewards, SquatPass requests read-only permission to read your step count from Apple HealthKit. We use today's step count on your device to show progress and determine whether a daily step reward can be claimed. SquatPass does not write to Apple Health, and your HealthKit step count history is not uploaded to SquatPass servers, analytics providers, or advertising partners. You can revoke Health access at any time in Apple Health settings.

Subscription Information

If you purchase a subscription, we store your subscription status, plan type, and transaction identifiers provided by Apple. We do not have access to your payment method or billing details — those are handled entirely by Apple.

App Usage and Attribution Data

We collect limited app interaction events, such as app installs and launches, screen and area views, onboarding and quiz funnel progress, paywall views, checkout and subscription purchase outcomes, workout type and completion summaries, leaderboard access, and selected feature interactions. Step Rewards analytics events do not include your HealthKit step count or whether you met a step goal. We use this to understand where users drop off, measure paywall conversion, improve product reliability, and measure the effectiveness of our own advertising campaigns. We use PostHog for product analytics and AppsFlyer for mobile attribution and advertising measurement. AppsFlyer may process app/device identifiers such as IDFV and, if you grant App Tracking Transparency permission on iOS, IDFA. AppsFlyer also receives attribution events we send, including onboarding content views, registration, onboarding completion, paywall/add-to-cart, checkout, and purchases with product ID, amount, currency, and transaction/order ID. AppsFlyer may send configured partner postbacks to Meta Ads for app install and funnel-event measurement. SquatPass no longer sends direct Meta SDK App Events or Meta Aggregated Event Measurement events from the app.

2. Camera Usage

SquatPass uses your device camera to detect squat movements in real time using on-device pose estimation (QuickPose SDK). No video or images are recorded, stored, or transmitted. All pose detection processing happens locally on your device. The camera feed is never uploaded to any server.

3. How We Use Your Data

• Provide the service — track workouts, calculate XP, maintain streaks, and manage your time-bank balance.
• Gamification — evaluate badge/achievement criteria and display progress.
• Personalization — tailor the experience based on your onboarding quiz answers.
• Subscription management — verify purchase status with Apple's servers.
• Analytics and attribution — understand onboarding and purchase flow performance, measure our own advertising campaigns, and avoid showing irrelevant ads for SquatPass.
• Notifications — send a daily streak reminder (if you grant permission). No data about notification delivery or opens is collected.
• Public leaderboard — display your chosen display name, avatar, and rep count to other SquatPass users on the in-app global leaderboard. You can change what appears there or block another user from your view at any time.
• Moderation — if you file a report against another user, we store that report (your user ID, the reported user ID, and any reason you provided) so we can review display names and account behaviour. Reports are not visible to other users.

4. Third-Party Services

We do not sell or rent your personal data. We use PostHog for product analytics, funnel measurement, and masked mobile session replay to understand app flow and diagnose usability issues. We use AppsFlyer as our mobile measurement partner for app attribution, campaign measurement, and AppsFlyer-managed partner postbacks to Meta Ads. We do not use the Meta SDK to log app events, and we do not send Meta user/account identifiers or purchase transaction identifiers directly from the app. This build updates Apple's SKAdNetwork/AdAttributionKit only for an install/app-open baseline conversion value, and does not update Apple conversion values for registration, onboarding completion, paywall views, checkout, or purchases.

5. Data Stored on Your Device

• Offline workout queue — workouts completed without an internet connection are stored locally in a SQLite database and synced when connectivity returns. They are deleted from local storage after a successful upload.
• App blocking preferences — the list of apps you choose to block and your time-bank balance are stored locally on your device and in an App Group. This data is never sent to our servers.
• Step Rewards data — HealthKit step counts and same-day claim eligibility are processed locally on your device. Only your Step Rewards preference and selected daily step goal may sync to your account. HealthKit data is not used for advertising or marketing.
• Authentication session — your login session is persisted locally so you stay signed in between app launches.

6. What We Do Not Collect

• Location data
• Contacts or address book
• HealthKit step count history on our servers, analytics providers, or advertising partners
• Device fingerprints, UDIDs, or IDFA when tracking permission is denied on iOS
• Browsing or search history
• Microphone audio
• Crash logs or diagnostic reports

7. Data Retention

We retain your account and workout data for as long as your account exists. If you delete your account (see below), all associated data is permanently removed from our servers.

8. Account Deletion

You can delete your account at any time from Profile → Delete Account within the app. Deleting your account permanently removes:

• Your user profile and quiz responses
• All workout history
• Stats, achievements, and streaks
• Blocked app preferences
• Subscription records

This action is irreversible. Locally stored data (offline queue, app blocking preferences) is cleared when you sign out.

9. Children's Privacy

SquatPass is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us and we will delete it promptly.

10. Security

We use industry-standard security practices, including encrypted connections (HTTPS/TLS), row-level security on our database, and server-side authentication validation. API keys embedded in the app are restricted to public-facing operations only.

11. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (via in-app account deletion or by contacting us)
• Object to or restrict processing of your data

To exercise any of these rights, contact us at the address below.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Effective Date” at the top of this page. Continued use of the app after changes constitutes acceptance.