Privacy Policy

1. Introduction

FORGE - Habits & Fitness ("Company," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last updated" date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

• Create an account (name, email address, password)
• Subscribe to our service (payment information is processed by Apple and not stored by us)
• Contact our support team
• Participate in surveys, promotions, or beta testing programs
• Provide feedback or communicate with us

2.2 Health and Fitness Data

With your explicit consent, we collect health and fitness data including:

• Workout data, exercise logs, and physical activity records
• Nutrition information, meal logs, and dietary preferences
• Body measurements and weight data
• Progress photos (stored locally on your device unless you choose to sync)
• Apple Health data (steps, workouts, active energy - only with your explicit consent)
• Challenge progress, streaks, and completion data
• Water intake and hydration logs
• Reading and personal development tracking

2.3 Automatically Collected Information

When you access the Service, we automatically collect certain information, including:

• Device information (device type, operating system, unique device identifiers)
• Usage data (features used, time spent in app, interaction patterns)
• Log data (access times, pages viewed, app crashes, and system activity)
• IP address and general location information (city/country level only)

2.4 Information from Third Parties

We may receive information about you from third-party services you connect to the app, such as Apple Health. We only access the specific data categories you authorize and do not access any health data without your explicit permission.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, operate, and maintain our Service
• Account Management: To manage your account, including authentication and customer support
• Personalization: To personalize your experience and provide tailored content and recommendations
• Communication: To send you updates, notifications, and support messages related to your use of the Service
• Challenge Tracking: To track your challenge progress and provide insights on your performance
• Health Integration: To sync your data with Apple Health (with your consent)
• Analytics: To analyze usage patterns, troubleshoot issues, and improve user experience
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Security: To detect, prevent, and address technical issues, fraud, and security threats

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following limited circumstances:

• Service Providers: We may share your information with third-party vendors who perform services on our behalf, such as hosting, analytics, email delivery, and customer support. These providers are contractually obligated to protect your information and may only use it to provide services to us.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
• Protection of Rights: We may disclose your information to protect our rights, privacy, safety, or property, and that of our users or others.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
• With Your Consent: We may share your information with third parties when you explicitly consent to such sharing.

5. Third-Party Services

We use the following third-party services to operate our Service:

• Apple (App Store, HealthKit): Payment processing and health data integration
• Resend: Transactional email delivery
• MongoDB Atlas: Database hosting and storage
• Heroku: Application hosting and infrastructure
• USDA FoodData Central: Nutrition information database
• RevenueCat: Subscription management

Each of these services has its own privacy policy governing their use of your data. We encourage you to review their privacy policies.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption of data in transit using TLS/HTTPS
• Encryption of sensitive data at rest
• Secure password hashing using industry-standard algorithms
• Regular security assessments and updates
• Access controls limiting employee access to personal data
• Secure cloud infrastructure with reputable providers

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:

• Account Information: Retained for the duration of your account plus 30 days after deletion
• Health and Fitness Data: Retained for the duration of your account; deleted upon account deletion request
• Transaction Records: Retained for 7 years for tax and legal compliance
• Support Communications: Retained for 2 years after resolution
• Analytics Data: Retained for up to 26 months in aggregated, anonymized form

You may request deletion of your account and associated data at any time. Upon deletion request, we will remove your personal data within 30 days, except where retention is required by law.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Portability: Request a copy of your data in a portable, machine-readable format
• Opt-Out: Opt out of marketing communications at any time
• Withdraw Consent: Withdraw consent for data processing where consent is the legal basis
• Restriction: Request restriction of processing in certain circumstances

To exercise any of these rights, please contact us at forge.app.comms@gmail.com. We will respond to your request within 30 days (or 45 days for California residents as required by CCPA).

10. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours of becoming aware of the breach
• Provide information about the nature of the breach and the types of data affected
• Describe the measures we are taking to address the breach
• Offer guidance on steps you can take to protect yourself
• Report the breach to relevant regulatory authorities as required by law

11. International Data Transfers

Your information may be transferred to, stored, and processed in the United States where our servers are located. If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where data protection laws may differ from those in your jurisdiction.

By using our Service, you consent to the transfer of your information to the United States. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy.

12. Children's Privacy

Our Service is not intended for children under 13 years of age (or 16 years of age in certain jurisdictions). We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately.

If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to remove that information from our servers within 30 days.

13. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. We currently respond to DNT signals and do not track users who have DNT enabled. We also honor the Global Privacy Control (GPC) signal.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date at the top of this policy
• Sending you an email notification (for material changes)
• Displaying a notice in the app

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

For California privacy requests, you may also visit our Privacy Choices page.