Privacy Policy
1. Introduction
This Privacy Policy explains how WeStep (“WeStep,” “we,” “our,” or “us”) collects, uses, and protects information when you use the WeStep mobile application (the “App”). WeStep is operated by Ezekiel Sung. By using WeStep, you agree to the practices described in this policy.
2. Information We Collect
We collect the following categories of information to provide and improve WeStep:
- Account information: email address, display name, profile settings, and authentication identifiers used to sign you in.
- Profile content: profile photo or avatar, if you choose to upload one.
- Step and fitness data: daily step counts read from Apple HealthKit with your permission.
- Social data: friend connections, friend requests, league memberships, leaderboard standings, messages, reactions, activity notifications, and sync requests.
- Device-related identifiers: a device identifier generated by the app and push notification tokens used to deliver notifications.
- Diagnostics: app error logs containing safe technical information such as app version, build number, error area, error message, and timestamps.
WeStep does not collect precise location data.
3. HealthKit and Fitness Data
WeStep reads step count data from Apple HealthKit only after you grant permission. We use this data to power features within the app, including:
- Showing your daily steps and goal progress
- Comparing progress with your friends
- Calculating league leaderboards
- Powering widgets and step-tracking features
- Achievements and badges, where enabled
We do not sell HealthKit data. We do not use HealthKit data for advertising. We do not share HealthKit data with third-party advertisers or data brokers.
You can revoke WeStep’s access to HealthKit at any time through the iOS Settings app or the Apple Health app.
4. How We Use Information
We use the information we collect to:
- Provide core WeStep features such as step tracking, friends, leagues, leaderboards, messages, and reactions
- Authenticate users and secure your account
- Sync your daily step logs across your devices and to features that involve other users (such as friends and leagues)
- Send push notifications you have enabled
- Diagnose problems, prevent abuse, and improve the app
- Send essential account emails such as password reset emails
5. Social Features
WeStep is designed around social step tracking. When you use social features, information such as your display name, profile photo, step totals, friendships, league memberships, leaderboard standings, messages, and reactions may be visible to your friends or to members of your leagues, depending on the feature.
Messages, reactions, and profile information may be visible to other users in the contexts where those features are used (for example, in a chat with a friend or on a league leaderboard).
6. Profile Photos and User Content
If you upload a profile photo or avatar, it is stored using our backend storage provider (Supabase) and may be visible to your friends and to members of your leagues. You can update or remove your profile photo at any time from within the app.
7. Push Notifications
If you enable push notifications, we use push notification tokens to deliver notifications such as friend requests, reactions, messages, sync requests, and league updates. Push notification tokens are not used for advertising. You can disable notifications at any time in the iOS Settings app.
8. Diagnostics and Error Logs
To keep WeStep reliable, the app may record diagnostic information when errors occur. This may include app version, build number, a device identifier generated by the app, the area of the app where the error occurred, the error message, and timestamps. We use this information to investigate and fix problems.
9. Authentication and Password Reset Emails
WeStep uses Supabase for account authentication. When you sign up, sign in, or request a password reset, we may send essential account emails (such as password reset emails) using an email delivery provider (Resend). These emails are sent only for authentication and account purposes.
10. How We Share Information
We share information only as needed to operate WeStep:
- Other users: social information (such as display name, avatar, step activity, messages, and reactions) is shared with friends or league members through normal use of social features.
- Service providers: we use Supabase to provide authentication, database, and storage services, and Resend to deliver authentication and password reset emails. Apple HealthKit and the Apple Push Notification service are provided by Apple.
- Legal: we may disclose information if required by law or to protect the safety of users or the public.
We do not sell your personal information, and we do not share your information with advertisers or data brokers.
11. Data Retention
We retain account information, step logs, social data, and related content for as long as your account is active or as needed to provide WeStep. Diagnostic logs are retained for a limited period to help us investigate issues. You can request deletion of your account at any time.
12. Account Deletion
You can delete your WeStep account directly in the app:
Open WeStep → Profile → Settings → Delete Account.
When you delete your account, your account information and associated data are removed from our systems in accordance with our retention practices. Some information may be retained where required for legal, security, or fraud prevention purposes.
13. Children’s Privacy
WeStep is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us so we can remove it.
14. Security
We use industry-standard safeguards to protect your information, including encryption in transit and access controls on our backend systems. No method of transmission or storage is perfectly secure, but we work to protect your information.
15. Your Choices
- You can revoke HealthKit access at any time in iOS Settings or the Apple Health app.
- You can disable push notifications in iOS Settings.
- You can edit your profile and remove your profile photo from within the app.
- You can delete your account from within the app.
16. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. Material changes will be communicated in the app or through other reasonable means.
17. Contact Us
If you have questions about this Privacy Policy or your information, contact us at: