🔒 Privacy Policy

1. Overview

Welcome to Step One ("we," "our," or "us"). This Privacy Policy explains how we collect, use, protect, and handle your information when you use our mobile application Step One (the "App").

We are committed to protecting your privacy and ensuring transparency about our data practices. This policy applies to all users of Step One and complies with applicable privacy laws including GDPR, CCPA, and Apple's App Store Guidelines.

2. Information We Collect

2.1 Health Data

Step One requests access to the following health information through Apple's HealthKit framework:

• Step Count Data: Daily step counts from your iPhone or connected fitness devices
• Historical Step Data: Past step count records when you choose to import historical data

2.2 App Usage Data

We automatically collect limited technical information to improve app performance:

• Device Information: iOS version, device model, app version
• App Analytics: Feature usage, crash reports, performance metrics
• Advertising Data: Information collected by our advertising partners (see Section 4)

2.3 Data We Do NOT Collect

Step One does not collect:

• Personal identification information (name, email, phone number)
• Location data or GPS coordinates
• Contact lists or social media information
• Payment or financial information
• Photos, camera, or microphone data
• Health data beyond step counts

3. HealthKit Data Usage

3.1 Purpose and Scope

We access your HealthKit step count data solely to provide the core functionality of Step One:

• Display your daily step counts and progress
• Generate charts, trends, and analytics
• Track goal achievements and milestones
• Import historical data for comprehensive analysis

3.2 Data Processing

All HealthKit data processing occurs locally on your device using Apple's SwiftData framework. Your health information is:

• Stored Locally: All step data remains on your device
• Never Transmitted: Health data is not sent to our servers or third parties
• User Controlled: You can delete all health data by deleting the app
• Encrypted: Protected by iOS security features

3.3 Data Retention

HealthKit data is retained on your device until:

• You manually delete data through the app
• You uninstall Step One
• You revoke HealthKit permissions
• You restore your device to factory settings

4. Advertising & AdMob

4.1 Google AdMob Integration

Step One is free to download and use, supported by advertising through Google AdMob. This integration may collect certain information to provide relevant advertisements:

4.2 AdMob Data Collection

Google AdMob may collect and process:

• Advertising Identifier (IDFA): Anonymous device identifier for ad targeting
• Device Information: Device model, operating system, screen size
• App Usage: Time spent in app, features used (aggregated and anonymized)
• Ad Interaction: Which ads are viewed, clicked, or interacted with

4.3 Ad Personalization

You have control over ad personalization:

• iOS Settings: Disable "Limit Ad Tracking" in Settings > Privacy & Security > Apple Advertising
• Google Ad Settings: Manage preferences at adssettings.google.com
• Opt-Out: Request removal from targeted advertising

4.4 Third-Party Ad Networks

AdMob may work with additional advertising partners. These partners may have their own privacy policies:

• Google Privacy Policy: policies.google.com/privacy
• AdMob Privacy: AdMob Privacy Information

5. Data Storage & Security

5.1 Local Storage

Step One uses Apple's SwiftData framework for local data storage:

• Device-Only Storage: All user data remains on your device
• iOS Security: Protected by iOS sandboxing and encryption
• No Cloud Sync: Data is not automatically backed up to cloud services
• Backup Inclusion: Data may be included in iOS device backups if enabled

5.2 Security Measures

We implement industry-standard security practices:

• Data Encryption: All stored data is encrypted using iOS standards
• Secure Coding: Following Apple's security guidelines
• Regular Updates: Timely security patches and improvements
• Limited Access: No remote access to your device data

5.3 Data Breach Protocol

In the unlikely event of a security incident:

• We will assess the scope and impact immediately
• Affected users will be notified within 72 hours
• Appropriate authorities will be contacted as required by law
• Remedial actions will be taken to prevent future incidents

6. Data Sharing

6.1 No Health Data Sharing

We do not share, sell, or transmit your HealthKit step count data with any third parties, including:

• Advertising networks (including AdMob)
• Analytics companies
• Data brokers or resellers
• Social media platforms
• Other app developers

6.2 Limited Technical Data Sharing

We may share anonymized, aggregated technical data with:

• Apple: Crash reports and app performance metrics
• Google (AdMob): Advertising performance data (no health data)
• Analytics Services: App usage statistics (anonymized)

6.3 Legal Requirements

We may disclose information if required by law:

• Court orders or legal process
• Government investigations
• Protection of rights, property, or safety
• Prevention of fraud or abuse

7. Your Rights & Controls

7.1 HealthKit Controls

You have complete control over your health data:

• Grant/Revoke Access: Through iOS Health app settings
• Selective Permissions: Choose which data to share
• Data Deletion: Delete step records in the Health app
• App Removal: Uninstalling removes all local data

7.2 Advertising Controls

Manage your advertising experience:

• Limit Ad Tracking: iOS Settings > Privacy & Security
• Reset Advertising ID: Generate new anonymous identifier
• Google Ad Preferences: Customize ad categories
• Opt-Out Requests: Contact us to disable data collection

7.3 Data Subject Rights (GDPR/CCPA)

If applicable, you have the right to:

• Access: Request information about data we process
• Rectification: Correct inaccurate information
• Erasure: Request deletion of your data
• Portability: Export your data in a readable format
• Objection: Object to certain data processing
• Withdraw Consent: Revoke previously given permissions

8. Children's Privacy

8.1 Age Requirements

Step One is rated 4+ and suitable for all ages. However:

• Children under 13 should use the app with parental supervision
• We do not knowingly collect personal information from children under 13
• HealthKit access requires parental permission for users under 18
• Parents can manage all app permissions through iOS Settings

8.2 COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA):

• No collection of personal information from children under 13
• Parental controls available through iOS restrictions
• Age-appropriate content and advertising
• Clear privacy practices for family use

9. International Users

9.1 Data Processing Location

Since Step One processes data locally on your device:

• Data remains in your geographic location
• No international data transfers for health information
• AdMob may process advertising data globally
• App analytics may be processed by Apple and Google

9.2 Regional Compliance

We comply with applicable privacy laws including:

• GDPR (European Union)
• CCPA (California, USA)
• PIPEDA (Canada)
• LGPD (Brazil)
• Other regional privacy regulations

10. Policy Changes

10.1 Update Notifications

We may update this Privacy Policy periodically. When we do:

• The "Last Updated" date will be revised
• Significant changes will be announced in the app
• Users will be notified through app updates
• Previous versions will remain accessible

10.2 Material Changes

For significant policy changes, we will:

• Provide 30 days advance notice
• Request renewed consent if required
• Allow users to opt-out before changes take effect
• Maintain previous terms for existing users if legally required

11. Contact Information

Supervisory Authority

If you believe we have not adequately resolved your privacy concerns, you have the right to lodge a complaint with your local data protection authority.