Legal

Privacy Policy

Last Updated: March 4, 2026  ·  Effective: March 4, 2026

Plain English summary: StepToFit reads your step count, walking distance, and calorie data from Apple Health to power your personal dashboard and challenges. This data stays on your device and in your private Firebase account. We do not sell your data, show ads, or share health information with third parties for marketing.

1. Who We Are

StepToFit ("we," "us," or "our") is a mobile application for iPhone. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use the StepToFit iOS application (the "App"). If you have questions, contact us at mayur@dnyantra.com.

2. Information We Collect

2a. Health & Fitness Data (Apple HealthKit)

With your explicit permission, the App reads the following data types from Apple HealthKit:

  • Step count (HKQuantityTypeIdentifierStepCount) — to display your daily, weekly, monthly, and yearly step totals.
  • Walking and running distance (HKQuantityTypeIdentifierDistanceWalkingRunning) — to show kilometres or miles walked.
  • Active energy burned (HKQuantityTypeIdentifierActiveEnergyBurned) — to display calorie data on your dashboard.
  • Flights climbed (HKQuantityTypeIdentifierFlightsClimbed) — if enabled, to display floors climbed.

We only request the specific data types listed above. We do not request access to blood pressure, heart rate, blood glucose, reproductive health, clinical records, or any other sensitive HealthKit category.

2b. Account Information (Google Sign-In)

When you sign in with Google, we receive:

  • Display name — to identify you in challenge leaderboards.
  • Email address — for account management and support.
  • Google User ID — as a unique account identifier.
  • Profile picture URL — optionally displayed in your profile (not stored by us).

2c. App Usage Data (Firebase)

We use Firebase (Google LLC) as our backend. The following data is stored in Firebase Firestore:

  • Your step score during Blitz events (start steps, end steps, delta score).
  • Your participation records in challenges (display name, current step progress).
  • Challenge metadata you create (title, goal, duration, invite code).
  • Anti-cheat integrity flags (a boolean indicating whether a score was flagged as anomalous — no biometric data is stored).

2d. Device & Crash Data

If the App crashes, basic crash diagnostic data (device model, OS version, stack trace) may be collected by Firebase Crashlytics to help us improve stability. This data does not include health information.

2e. Data We Do NOT Collect

  • We do not collect precise GPS location data.
  • We do not collect contacts, photos, or camera data (camera is used only to scan QR codes; images are not stored).
  • We do not use the Apple Advertising Identifier (IDFA).
  • We do not run display advertising or use ad SDKs.

3. How We Use Your Information

3a. Providing Core Features

  • Displaying your step, distance, and calorie stats on the home dashboard and weekly/monthly/yearly charts.
  • Calculating your daily goal progress and maintaining your streak calendar.
  • Powering Blitz events: your step count at event start and end is used to calculate your score and rank you on the live leaderboard.
  • Powering Challenges: your step progress is shared with other challenge participants so they can see your rank.
  • Generating your FIT Certificate PDF based on your total yearly step count.
Important — Leaderboard Use of Health Data: When you join a Blitz event or challenge, your step-count data is used to compute a score that is visible to other participants. By joining an event, you consent to this use. You may leave a challenge at any time, and your score will no longer be shown to others.

3b. App Improvement

Crash reports and anonymised usage patterns (e.g., which screens are visited) may be used to improve the App. Health data is never included in analytics events.

3c. What We Never Do with Health Data

  • We never use HealthKit data for advertising, marketing, or behavioural profiling.
  • We never sell, rent, or license your health data to third parties.
  • We never share HealthKit data with data brokers or analytics platforms.
  • We never use health data to target push notifications for commercial purposes.

4. Data Sharing with Third Parties

We share data with the following third parties only as described:

4a. Google LLC (Firebase)

Firebase provides our authentication, database (Firestore), and crash reporting infrastructure. Google processes data on our behalf under a Data Processing Agreement. Firebase does not use your data for advertising. See Firebase Privacy.

4b. Other Challenge Participants

When you participate in a challenge or Blitz event, your display name and step score are visible to other participants in that specific event. No email address or detailed health metrics are shared — only the computed step score and your chosen display name.

4c. Legal Disclosure

We may disclose information if required by law, court order, or to protect the safety of users or the public.

4d. No Third-Party AI

We do not send your personal data or health data to any third-party artificial intelligence service. If we ever add AI-powered features that require sharing data with an AI provider, we will obtain your explicit consent before doing so.

5. Data Retention & Deletion

Your Firestore data (challenge and event records) is retained for as long as your account is active. You may delete your account at any time from within the App:

  • Open the App → SettingsDelete Account.
  • You will be asked to re-authenticate with Google to confirm your identity.
  • All Firestore records associated with your user ID are permanently deleted immediately.
  • Your Firebase Authentication account is deleted immediately.
  • Local preferences (step goals, theme settings) stored on your device are cleared.

HealthKit data is stored by Apple on your device and is not under our control. To remove it, go to the iOS Health app → your profile → Apps → StepToFit → Delete All Data from "StepToFit".

Crash log data retained by Firebase Crashlytics is deleted after 90 days.

6. HealthKit-Specific Commitments

In accordance with Apple's requirements for apps using HealthKit:

  • Health and fitness data obtained through HealthKit is used only to provide health and fitness services to you.
  • HealthKit data is never used for advertising, marketing, or data mining.
  • HealthKit data is never shared with third parties for any purpose other than improving your in-app experience (e.g., showing your score to fellow challenge participants).
  • We do not write fabricated or inaccurate step data back to HealthKit.
  • We do not store HealthKit data in iCloud. Cloud storage uses Firebase (Google infrastructure) only.

7. Data Security

We implement the following security measures:

  • All data transmitted between the App and Firebase is encrypted using TLS/HTTPS.
  • Firebase Firestore security rules restrict access so that each user can only read and write their own records.
  • Authentication uses Firebase Auth with Google Sign-In (OAuth 2.0). We do not store passwords.
  • On-device HealthKit data is protected by iOS's Data Protection framework (encrypted at rest, inaccessible while device is locked).

Despite these measures, no system is 100% secure. We encourage you to use a strong device passcode and keep iOS updated.

8. Your Rights & Choices

Revoking Health Data Access

You can revoke HealthKit access at any time in iOS Settings → Privacy & Security → Health → StepToFit. The App will continue to function without health data, but step-tracking features will be unavailable.

Account Deletion

You may permanently delete your account and all associated data from Settings → Delete Account inside the App.

Data Access & Correction

To request a copy of the data we hold about you, or to correct inaccurate information, contact us at mayur@dnyantra.com.

California Residents (CCPA)

We do not sell personal information. California residents have the right to know what data we collect, request deletion, and opt out of any sale (which we do not conduct).

European Users (GDPR)

If you are located in the European Economic Area, you have rights including access, rectification, erasure, restriction, portability, and objection. Our lawful basis for processing health data is your explicit consent (granted when you authorise HealthKit access). Contact us to exercise these rights.

9. Children's Privacy

The App is not directed at children under 13 years of age. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it promptly.

10. Third-Party Links

The App may contain links to external websites (e.g., the App Store, Firebase documentation). We are not responsible for the privacy practices of those sites.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top and, where appropriate, notify you within the App. Continued use of the App after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

We aim to respond to all privacy-related requests within 30 days.