Privacy Policy — ChallengeTies

This Privacy Policy explains how Maxime Cortes ("ChallengeTies", "we", "us") collects, uses, and protects your personal data when you use the ChallengeTies mobile application. It complies with the EU General Data Protection Regulation (GDPR) and applicable French data protection law.

Who We Are

Data Controller: Maxime Cortes, independent developer operating under the ChallengeTies brand.

Contact: support@challengeties.app

App: ChallengeTies — available on Apple App Store and Google Play Store.

As data controller, we are responsible for the personal data you provide to us and the data we collect automatically when you use the App.

Data We Collect

We collect the following categories of personal data:

Category	Examples	Source
Identity data	Username, display name, profile photo	Provided by you
Contact data	Email address	Provided by you or via Google/Apple sign-in
Usage data	Challenges completed, streaks, trophies, daily check-ins	Generated automatically
Device data	Device type, OS version, app version, push notification token	Collected automatically
Location data	Approximate country/region (only if you enable location features)	Device, with your permission
Communications	Messages you send to support	Provided by you
Payment data	Transaction IDs for in-app purchases (no card data stored by us)	Apple / Google platforms

We do not store payment card details. All payment processing is handled exclusively by Apple App Store or Google Play Store.

How We Use Your Data

We use your personal data for the following purposes:

Creating and managing your account
Providing and personalising the App experience (challenges, streaks, leaderboards)
Sending push notifications related to your challenges and account (you can opt out in device settings)
Processing in-app purchases and managing subscriptions
Analysing usage patterns to improve the App (aggregated, anonymised where possible)
Responding to support requests and communications
Detecting and preventing fraud, abuse, or violations of our Terms of Use
Complying with applicable legal obligations

We do not sell your personal data to third parties. We do not use your data for automated profiling that produces legal or similarly significant effects.

Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data on the following legal bases:

Contract performance (Art. 6(1)(b)): Processing necessary to provide the App and its features to you
Legitimate interests (Art. 6(1)(f)): Analytics, security, fraud prevention, and App improvement
Consent (Art. 6(1)(a)): Push notifications, location features, and advertising (where applicable) — you may withdraw consent at any time
Legal obligation (Art. 6(1)(c)): Compliance with applicable laws

Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service.

Account data: Retained for the duration of your account and deleted within 30 days of account deletion
Usage data: Retained for up to 24 months for analytics purposes, then anonymised or deleted
Support communications: Retained for up to 3 years
Legal/financial records: Retained for up to 10 years as required by French law

You can request deletion of your account and associated data at any time (see Section 8).

Third-Party Services

We use the following trusted third-party service providers to operate the App. Each acts as a data processor on our behalf:

Service	Purpose	Privacy Policy
Google Firebase (Auth, Firestore, Storage, Cloud Functions)	Authentication, database, file storage, backend functions	firebase.google.com/support/privacy
Google AdMob	In-app advertising (free tier users)	policies.google.com/privacy
Expo / Expo Notifications	App build platform, push notifications	expo.dev/privacy
Apple App Store	App distribution, in-app purchases (iOS)	apple.com/legal/privacy
Google Play Store	App distribution, in-app purchases (Android)	policies.google.com/privacy
Make (Integromat)	Internal workflow automation (no user PII shared)	make.com/en/privacy-notice

We do not share your personal data with advertisers or other third parties except as described above or as required by law.

International Data Transfers

Some of our third-party service providers (notably Google Firebase) are based in the United States. When your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions where applicable
Service providers certified under recognised frameworks

For more information about these safeguards, contact us at support@challengeties.app.

Your Rights

Under the GDPR and French data protection law, you have the following rights:

✓ Right of Access

Request a copy of all personal data we hold about you

✓ Right to Rectification

Request correction of inaccurate or incomplete data

✓ Right to Erasure

Request deletion of your data ("right to be forgotten")

✓ Right to Restriction

Request that we limit processing of your data

✓ Right to Portability

Receive your data in a structured, machine-readable format

✓ Right to Object

Object to processing based on legitimate interests

✓ Withdraw Consent

Withdraw consent at any time without affecting prior processing

✓ Lodge a Complaint

File a complaint with the CNIL (France) or your local supervisory authority

To exercise any of these rights, contact us at support@challengeties.app. We will respond within 30 days. You may also delete your account directly in the App under Settings → Delete Account.

CNIL (France): You have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés — cnil.fr

Children's Privacy

ChallengeTies is not directed to children under 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13 without parental consent, we will delete it promptly.

If you believe a child under 13 has provided us with personal data, please contact us at support@challengeties.app.

Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:

Encrypted data transmission (HTTPS/TLS)
Firebase Security Rules restricting data access
Authentication tokens and secure session management
Regular review of access permissions

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach affecting your rights, we will notify you and the relevant supervisory authority as required by law.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and notify you within the App or by email where appropriate.

We encourage you to review this Policy periodically. Your continued use of the App after any changes constitutes your acceptance of the updated Policy.

Contact & Data Protection

For any questions, requests, or concerns regarding this Privacy Policy or our data practices:

Email: support@challengeties.app
Website: challengeties.app
Data Controller: Maxime Cortes — independent developer, France

We aim to respond to all data-related requests within 30 days as required by GDPR Article 12.

You also have the right to contact the CNIL (Commission Nationale de l'Informatique et des Libertés) directly at cnil.fr if you have concerns about how we handle your personal data.

↑ Back to top