PRIVACY POLICY

Last Updated: April 6, 2026

1. Introduction

Gauntlet Digital LLC ("Gauntlet," "we," "us," or "our") operates the Gauntlet mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the App.

By using Gauntlet, you agree to the collection and use of information in accordance with this policy. If you do not agree, do not use the App.

Gauntlet is intended for users in the United States who are 18 years of age or older.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name and email address when you create an account via Apple Sign In, Google Sign In, or email/password authentication. If you use Sign in with Apple with the "Hide My Email" feature, we receive an Apple-provided relay email address and treat it the same as any other email address. We do not attempt to discover your real email.
  • Profile Information: Display name, bio, and any other information you choose to add to your profile.
  • Squad & Competition Data: Squad names, membership, competition entries, Crucible matchup participation, and activity summaries within squads you belong to.
  • Support Communications: Information you provide when contacting us for support.

2.2 Information from Third-Party Services

  • Apple HealthKit: With your explicit permission, we read workout data including activity type, duration, distance, calories burned, heart rate, step counts, and exercise minutes. We never write data to HealthKit. We do not sell or use HealthKit data for advertising.

2.3 Information Collected Automatically

  • Device Information: Device model, operating system version, and unique device identifiers.
  • Push Notification Tokens: Device tokens for delivering push notifications you have opted into.
  • Crash and Diagnostic Data: We use Sentry to collect crash reports, error logs, and performance data to identify and fix technical issues. We do not configure Sentry to capture health or fitness data.
  • Product Analytics: We use PostHog to understand how the App is used: which screens are visited, which features are used, and how flows perform, so we can improve the product. PostHog receives a pseudonymous user ID and event data. It does not receive your name, email, HealthKit data, or workout content. PostHog data is governed by their privacy policy at https://posthog.com/privacy. This is separate from crash reports, which you can disable via Settings > Preferences > Send crash reports.

2.4 Referral Program Data

When you participate in Gauntlet's referral program:

  • Invite Links: Links you share contain opaque identifiers (UUIDs) for your account, competitions, or squads. These links are shared outside the App via your device's native share sheet.
  • Referral Records: We store which accounts you referred and their referral status (signed up, activated). If someone signs up through your link, their display name is visible to you in your referrals dashboard.

We do not access your device contacts, phone number, or address book for referral purposes.

2.5 Information We Do NOT Collect

  • We do not collect profile photos (this feature is not currently available).
  • We do not collect body measurements, weight, or biometric health data beyond workout activity metrics.
  • We do not access your device camera, microphone, or contacts.
  • We do not collect financial or payment information.
  • We do not operate in-app messaging or chat; no message content is collected.

3. How We Use Your Information

We use the information we collect to:

Purpose Legal Basis
Provide and maintain the App Contract performance
Create and manage your account Contract performance
Calculate rankings, leaderboards, and competition results Contract performance
Run Crucible squad matchups and tier/division ranking Contract performance
Track streaks, achievements, and progression Contract performance
Enable squad creation, management, and social features Contract performance
Process referral program participation and rewards Contract performance
Send push notifications (competition updates, reminders, squad activity) Consent
Diagnose crashes and fix technical issues Legitimate interest
Understand product usage to improve the App (via PostHog) Legitimate interest
Comply with legal obligations Legal obligation

We do not use your data for:

  • Selling to third parties
  • Advertising or ad targeting
  • Building advertising profiles
  • Any purpose incompatible with those listed above

4. How We Share Your Information

4.1 Information Visible to Other Users

Certain information is visible to other users by design:

  • Public Profile: Display name, tier/division rank, and achievements.
  • Competition Data: Your results and leaderboard positions within competitions you join.
  • Squad Activity: Your squad membership and activity within squads you belong to.
  • Crucible Data: Your individual contribution scores within your squad's weekly Crucible matchups.
  • Friends Feed: Your activity is visible to users on your friends list.
  • Referral Visibility: If you sign up through another user's referral link, your display name is visible to that referrer in their referrals dashboard.

4.2 Service Providers

We share information with third-party service providers who perform services on our behalf:

Provider Purpose
Supabase Database hosting, authentication, and file storage (hosted on AWS in the United States)
Sentry Crash reporting and error diagnostics
PostHog Product analytics (pseudonymous usage events)
Expo / EAS App build, update distribution, and push notification routing
Apple Push Notification Service (APNs) Final delivery of push notifications to your device
Google Authentication via Google Sign-In
Apple Authentication via Sign in with Apple

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

4.3 Referral Links

When you share an invite link, the link contains opaque UUIDs that recipients and any intermediary platforms (messaging apps, email clients, social media) may process. We do not control how third-party platforms handle URLs shared through them.

4.4 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., a court order or government agency).

4.5 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

4.6 No Sale of Personal Information

We do not sell, rent, or trade your personal information to third parties. This includes California residents under the CCPA/CPRA.

5. Data Storage and Security

5.1 Storage Location

Your data is stored on Supabase infrastructure hosted on Amazon Web Services in the United States.

5.2 Security Measures

We implement appropriate technical and organizational measures including:

  • Encryption in transit (TLS/SSL) and at rest
  • Row-level security (RLS) policies on all database tables
  • Secure authentication via Apple Sign In and bcrypt-hashed passwords
  • Access controls limiting access to personal data

5.3 Data Retention

  • Account Data: Retained while your account is active. Upon account deletion, your personal data is deleted within 30 days.
  • Competition Records: Upon account deletion, 1-on-1 competitions you participated in are deleted entirely. In multi-participant or squad competitions, your participation record is removed and the competition continues without you. Your data is not retained in anonymized form.
  • Crash and Diagnostic Data: Retained by Sentry for up to 90 days.
  • Product Analytics Data: Retained by PostHog according to our PostHog project configuration; deleted upon account deletion.
  • Referral Records: Retained while your account is active; deleted upon account deletion.

6. Your Rights and Choices

Regardless of your location, you have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your account and associated personal data through Settings > Account > Delete Account.
  • Withdraw Consent for HealthKit access through your iPhone's Settings > Health > Data Access & Devices.
  • Opt Out of Push Notifications through your device settings.

To submit a data access or correction request, contact us at [email protected].

California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose.
  • Delete your personal information.
  • Opt Out of Sale: We do not sell personal information, but you may submit a request confirming this.
  • Non-Discrimination: We will not discriminate against you for exercising your rights.

To exercise these rights, contact us at [email protected].

7. Apple HealthKit Data: Special Provisions

In compliance with Apple's HealthKit guidelines:

  • HealthKit data is used solely to provide competition scoring, rankings, and activity tracking features within the App.
  • HealthKit data is never used for advertising, marketing, or data mining.
  • HealthKit data is never sold to third parties, including data brokers, advertising platforms, or information resellers.
  • HealthKit data is never disclosed to third-party services, including our crash reporting service (Sentry).
  • HealthKit data is never stored in iCloud or any unsecured storage mechanism.
  • You can revoke HealthKit access at any time through your iPhone's Settings > Health > Data Access & Devices.

8. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you without undue delay and within the timeframes required by applicable law. Notification will be sent to the email address associated with your account.

9. Children's Privacy

Gauntlet is intended for users 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected information from a user under 18, we will delete that account and its associated data promptly. To report an underage account, contact us at [email protected].

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Sending an email to the address associated with your account at least 14 days before changes take effect
  • Posting the updated policy in the App
  • Updating the "Last Updated" date at the top of this document

Your continued use of the App after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

Gauntlet Digital LLC
Email: [email protected]
Address: 1112 E Magdalena Dr, Tempe, Arizona 85283