PaceWolf ("we", "our", or "us") is a fitness accountability app that lets you run challenges with friends backed by real financial stakes. This policy explains what data we collect, why we collect it, and how we protect it.
1. Data We Collect
Account information
- Mobile phone number — used solely for OTP-based sign-in via Firebase Authentication.
- Display name and profile photo — shown to other participants in your challenges.
Fitness data
- Running distance and step count, read from Apple Health with your explicit permission.
- Data is used only to track your progress in active challenges. It is never used for advertising or sold to third parties.
Payment information
- UPI VPA (payment address) — stored so other participants can send you settlement payments directly. We never initiate payments on your behalf and we never hold your money.
Device data
- APNs device token — used only to send you push notifications about your challenges. Stored on our servers and never shared.
Usage data
- Challenge activity (km logged per day, challenge results) — necessary to run the app's core features.
2. How We Use Your Data
- Authenticate your account and keep it secure.
- Display your progress and leaderboard position to challenge participants.
- Calculate challenge results and settlement amounts.
- Send push notifications about challenge events (starts, completions, reminders).
- Show your UPI VPA to other participants so they can settle payments with you.
We do not use your data for advertising, profiling, or any purpose not listed above.
3. Apple Health / HealthKit
PaceWolf accesses Apple Health data (running distance, step count) only to measure your challenge progress. This data is never shared with third parties, never used for advertising or marketing, and never uploaded beyond what is required to display your km total within your active challenges.
You can revoke HealthKit access at any time in Settings → Privacy & Security → Health → PaceWolf. Revoking access will stop your km from syncing but will not delete your account.
4. Data Sharing
We share the minimum data required to operate the app:
- Other challenge participants — your display name, profile photo, km progress, and UPI VPA are visible to people in the same challenge as you.
- Firebase (Google) — your phone number is sent to Firebase solely to verify OTP codes. See Firebase Privacy.
- Apple APNs — your device token is sent to Apple's push notification service to deliver notifications to your device.
We do not sell, rent, or trade your personal data to any third party.
5. Data Retention
Your data is retained for as long as your account is active. Challenge history (results, km records) is kept after a challenge ends so participants can reference settlement details.
To request deletion of your account and all associated data, email us at privacy@pacewolf.run. We will process deletion requests within 30 days.
6. Security
All data is transmitted over HTTPS. Authentication tokens are stored in iOS Keychain. We use Railway's managed PostgreSQL with restricted network access for our database. We do not store OTP codes — they are verified and discarded by Firebase.
7. Children
PaceWolf is not intended for users under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will delete it promptly.
8. Your Rights
- Access — you can view all your data in the app (profile, challenge history, stats).
- Correction — you can update your display name and UPI VPA in the app.
- Deletion — email privacy@pacewolf.run to delete your account and all data.
- Portability — contact us to request a copy of your data in JSON format.
9. Changes to This Policy
We may update this policy as the app evolves. We will notify you of material changes via an in-app notice. The "Last updated" date at the top always reflects the current version.
10. Contact
Questions or concerns about this policy? Email us at privacy@pacewolf.run.