Privacy Policy

What we collect

Strenko is a step-tracking app. We collect only what we need to run the product:

• Account. Email address, username, display name, and (optional) avatar image you upload.
• Activity. Daily step totals, walking distance, and active-calorie estimates, plus the source they came from (manual entry, Apple Health, Health Connect, Samsung Health, Fitbit, or Garmin).
• Device integrations. When you connect Fitbit or Garmin, we store the OAuth access and refresh tokens the providers issue. Tokens are encrypted at rest using a symmetric key held only on the server.
• Social graph. Friend relationships you accept and challenges you join or are invited to.
• Push tokens. If you opt in to notifications we store the FCM / APNs token your device returns, plus the notification preferences you set.
• Operational logs. Standard request logs (IP, user-agent, path, status) retained for security and debugging.

What we do not collect

• We do not run third-party advertising or analytics SDKs.
• We do not sell or rent personal data.
• We do not track you across other apps or websites.
• We do not write to Apple Health or Health Connect.
• We do not collect precise location.

How we use it

• To compute your daily totals, streaks, and goal progress.
• To rank you against friends on the leaderboards and inside challenges you've joined.
• To send transactional emails (password reset, email verification) and the push notifications you've enabled.
• To enforce the manual-entry cap and other anti-cheat rules.
• To investigate abuse and keep the service reliable.

Who we share with

We don't share personal data with third parties for their own purposes. We use the following processors strictly to deliver the service:

• Hosting. Our application and database run on infrastructure operated by our hosting provider, which sees encrypted traffic in transit.
• Email delivery. Transactional emails (password reset, email verification) are sent through an SMTP relay; the relay sees the recipient address and the email body.
• Push delivery. Notifications fan out through Apple Push Notification service and / or Firebase Cloud Messaging; the platforms see your device token and the notification payload.
• Device-integration providers. If you connect Fitbit or Garmin, those providers see the OAuth exchange and return the activity data you authorize.

How long we keep it

Account data and step history are kept while your account is active. Operational logs roll off after at most 90 days. When you delete your account (see below), we erase your profile, step history, device tokens, friend graph, status messages, and OAuth credentials within a few seconds; encrypted database backups are overwritten on their normal rotation cadence.

Your choices

• Access & export. Email [email protected] and we'll send you a copy of your data.
• Correction. Most profile fields can be edited inside the app. For anything else, email us.
• Deletion. Open the app, go to Profile → Account, and tap Delete account. Details and a web fallback are at /account/delete.
• Disconnect a provider. The Devices tab revokes the OAuth grant on the provider's side and wipes the tokens we hold.

Children

Strenko is not directed at children under 13 (or the equivalent minimum age in your jurisdiction). If you believe a child has created an account, email [email protected] and we will delete it.

Changes

If we change this policy materially, we'll update the effective date above and surface a notice inside the app before the change takes effect.

Contact

Questions or requests: [email protected].