Privacy Policy

Privacy

Last updated · June 6, 2026

BEARSCAR is a social challenge app. We use your data to run accounts, challenges, leaderboards, notifications, purchases, integrations, safety tools, and support. We do not sell your personal information.

Information we collect

• Email address and authentication data used to sign in and secure your account.
• Profile data such as full name, username, avatar, bio, ambassador or badge status.
• Challenge and activity data such as goals, exercises, logs, progress, scores, wins, streaks, deadlines, teams, squads, leagues, invites, and leaderboard placement.
• Social content such as friends, participants, comments, reactions, reports, blocks, and media you upload or attach to activity.
• Device notification tokens and notification preferences if you enable push alerts.
• Purchase and entitlement data for premium features, handled through app-store billing and RevenueCat.
• Apple Health or HealthKit data on iOS, and Google Health Connect data on Android, if you explicitly allow access on your device.
• Diagnostics, crash reports, device information, and security logs used to operate and protect the app.

How we use information

• Create, authenticate, sync, and protect your account.
• Run solo, duel, free-for-all, team, co-op, squad, and league challenge features.
• Show progress, leaderboards, activity feeds, comments, reactions, badges, and profile stats.
• Send notifications about invites, friend requests, challenge activity, wins, reminders, and account events.
• Verify purchases, restore entitlements, support premium features, and prevent abuse.
• Investigate reports, enforce community rules, troubleshoot issues, and improve reliability.

Visibility and sharing

BEARSCAR is social by design. Your profile, avatar, username, challenge participation, progress, comments, reactions, badges, and leaderboard results may be visible to friends, challenge participants, squads, leagues, or users who receive a share link, depending on the feature and privacy context. We do not sell your personal information.

Integrations and providers

We use trusted providers to run BEARSCAR, including Supabase for authentication and data storage, Expo for app infrastructure and push notifications, RevenueCat and app stores for purchases, Sentry for diagnostics, Apple HealthKit when you grant permission on iOS, and Google Health Connect when you grant permission on Android.

Health and workout data

Apple Health/HealthKit (iOS) and Google Health Connect (Android) access is optional. BEARSCAR only reads workout sessions and, when a challenge needs them, daily step and floor totals; it never writes data back to Apple Health or Health Connect. You can change Apple Health / Health Connect permissions from your device settings. If you disconnect an integration, BEARSCAR stops importing new data from that source. You can contact us if you want imported activity data reviewed or deleted.

Data retention and deletion

• Account, profile, challenge, activity, social, purchase entitlement, and support data is kept while your account is active or while needed to provide BEARSCAR.
• When you delete your account, we delete or anonymize account-linked data from active systems immediately where deletion is technically and legally possible, including profile data, activity logs, comments, reactions, friendships, notification tokens, imported health or workout data, and authentication data.
• Imported Apple Health/HealthKit or Google Health Connect workout data is kept while your connection or permission remains active. If you disconnect the integration, withdraw permission, or delete your account, data from that source is deleted.
• Operational records are kept for limited periods: analytics events for 90 days, notifications for 60 days, sent or failed notification queue records for 14 days, public share events for 60 days, and audit or security logs for 365 days.
• Crash and error reports are generally kept for up to 90 days unless we need them longer to investigate security, fraud, abuse, legal, or service-integrity issues.
• Limited records may be retained when required for security, fraud prevention, legal compliance, dispute handling, purchase or accounting obligations, or abuse investigation. Retained records are not used to operate a public BEARSCAR profile.
• Anonymous, aggregated metrics that no longer identify a user may be retained indefinitely.

Data security

We use authentication, access controls, infrastructure security, and operational monitoring to protect user data. No storage or transmission method is perfect, but we work to keep BEARSCAR protected and to limit access to what is needed to operate the service.

Your choices

• Update your profile in the app.
• Disable notifications in app or device settings.
• Revoke Apple Health / Google Health Connect permissions.
• Delete your account in app settings or request deletion at bearscar.org/account-deletion.
• Contact us for privacy, access, correction, or deletion requests.

Children

BEARSCAR is intended for users aged 16 and older. If you believe someone under 16 has provided personal information, contact us so we can review and remove it when appropriate.

Contact

BEARSCAR is provided by Baert AS in Oslo, Norway. For privacy questions, access, correction, or deletion requests, email privacy@bearscar.org or use the privacy contact form.