Draft — have a lawyer review before relying on this, and fill in every [PLACEHOLDER].
We keep data collection to what the app needs to work. No ads, no IDFA, no cross-app tracking.
1. Who we are
Streak Club (“the app”, “we”, “us”) is operated by [LEGAL ENTITY NAME], [ADDRESS], the Netherlands. We are the data controller for the personal data described below.
Questions or requests: hello@streakclub.app.
2. What we collect and why
| Data | Source | Why | Legal basis (GDPR) |
|---|---|---|---|
| Name & email | Sign in with Apple (email may be an Apple private-relay address) | Create & identify your account | Contract — Art. 6(1)(b) |
| Account & gameplay data (habits, clashes, streaks, lives, logged sessions) | You, as you use the app | Provide the core service | Contract — Art. 6(1)(b) |
| Push notification device token | Your device, only if you enable notifications | Send streak/cutoff reminders | Consent — Art. 6(1)(a) |
| Product interaction & usage events | Automatically, via PostHog | Understand & improve the app | Legitimate interest — Art. 6(1)(f) |
| Crash & performance diagnostics | Automatically, via Sentry | Diagnose crashes & stability | Legitimate interest — Art. 6(1)(f) |
We do not use advertising identifiers (IDFA), and we do not track you across other companies’ apps or websites.
3. Who processes data for us
We share data only with the providers that run the service, each bound by a data-processing agreement:
- Apple — Sign in with Apple (authentication).
- Supabase — database, auth, storage, backend functions. Hosted in the EU (Frankfurt, eu-central-1).
- PostHog — product analytics. EU instance (eu.i.posthog.com).
- Sentry — crash & performance monitoring. EU region.
We do not sell your personal data.
4. Where your data is stored
Your data is processed and stored within the European Union. If any processor moves data outside the EU, it is covered by an adequacy decision or EU Standard Contractual Clauses.
5. How long we keep it
- Account & gameplay data: as long as your account exists.
- On account deletion (§7) we delete your personal data and revoke the Sign in with Apple connection. Limited records may be retained where legally required, then deleted.
- Analytics & crash data: retained up to [RETENTION PERIOD, e.g. 12 months], then deleted or anonymised.
6. Your rights
Under the GDPR you can access, correct, delete, restrict or object to processing, port your data, and withdraw consent at any time. You can also complain to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.
To exercise any right, email hello@streakclub.app. You can also delete your account and data yourself, in-app, under Account → Delete account.
7. Deleting your account
In the app, go to Account → Delete account. This permanently deletes your Streak Club account and personal data and revokes the Sign in with Apple connection. Active clashes are forfeited. This cannot be undone.
8. Children
Streak Club is not directed at children. You must be at least 16 (or the minimum digital-consent age in your country) to use it.
9. Security
Data is encrypted in transit (HTTPS). Authentication is handled by Apple and Supabase; we never see or store your Apple password. Access to production data is restricted.
10. Changes
We may update this policy. We’ll post the new version here and update the date above; significant changes will be communicated in-app.
11. Contact
[LEGAL ENTITY NAME] · hello@streakclub.app · [ADDRESS]