Privacy Policy

1. Data We Collect

1.1 Account Data

When you create an account, we collect:

• Email address (used for authentication)
• Display name, username, first name, last name, and ring name
• Avatar photo (uploaded by you, compressed to 400px wide, and stored on our servers)
• Role selection: boxer, coach, or both

You may optionally provide: bio, city, gender, fighting stance, years of experience, and fight record (wins, losses, draws). Fight records are self-reported and not verified by Clinchr.

1.2 Fitness & Workout Data

We collect data about your workouts, including: workout type (bag work, sparring, pad work, shadow boxing, running, weight training, jump rope, and others), duration per type, total duration, calories burned, distance, date and time, notes, title, indoor/outdoor setting, and visibility preference (public, friends-only, or private).

You may also upload workout photos (compressed to 1200px wide before storage) and videos (up to 50MB). We track your current and longest workout streaks.

When logging a coached workout, we collect session type, focus areas, and skill level.

1.3 Location Data

Your profile may include a city name, latitude, and longitude, selected through a city picker — not through continuous GPS tracking. This data is used to sort gyms and coaches by proximity using the Haversine formula. Raw coordinates are never displayed to other users; only your city name is shown.

The App may request coarse device location to power the "nearby gyms" search feature. This is optional and you can deny the permission at the device level.

1.4 Social Data

We collect data arising from your social interactions in the App: friend connections (requests, acceptances, blocks), kudos (likes) on workouts, comments on workouts (up to 500 characters), referral codes and referral tracking, QR codes for friend adding (containing your user ID only), and your blocked user list.

1.5 Gym Data

We store your gym memberships (up to 3 gyms as a boxer, 5 as a coach) and your workout history at each gym. Gym page view analytics — including total views, viewer gender breakdown, top viewer cities, and daily view counts — are collected and visible only to the gym owner.

1.6 Coach Data

If you use the App as a coach, we collect your coach profile information: specialties, certifications, hourly rate, bio, phone number, website, and Instagram handle. We also track coach-student relationships and coached session logs. Coach page view analytics are visible only to the coach themselves.

1.7 Device & Technical Data

We collect your Expo push notification token and device type to deliver push notifications. If crash reporting is active, Sentry may collect crash reports including stack traces, device information, and app version for debugging purposes.

1.8 Payment Data

Clinchr does not collect or store credit card numbers, bank details, or payment credentials. All payments are processed through Apple App Store or Google Play Store native in-app purchase systems. We store only your subscription tier status (free or premium) on your user profile.

2. How We Use Your Data

We use your data to:

• Provide and operate the App, including workout logging, social features, leaderboards, and achievements
• Authenticate your account and deliver push notifications
• Display gym and coach search results sorted by proximity
• Enable social interactions: friend connections, kudos, comments, and referrals
• Provide gym owners with page analytics and management tools
• Enable coach-student relationships and coached session tracking
• Track and display streaks, leaderboards, and achievements
• Diagnose crashes and improve app stability (via Sentry)
• Process subscription status for premium features
• Enforce rate limits and safety measures

We do not use your data for advertising or sell it to third parties.

3. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Contract performance (Art. 6(1)(b) GDPR): Processing necessary to provide the App's services as described in our Terms of Service — including account management, workout logging, social features, and subscription management.
• Legitimate interest (Art. 6(1)(f) GDPR): Crash reporting and app stability monitoring, fraud prevention, and enforcing rate limits.
• Consent (Art. 6(1)(a) GDPR): Optional data such as location access for nearby gym search, Strava integration, and optional profile fields. You may withdraw consent at any time through your device settings or within the App.

4. Data Sharing & Third-Party Services

We share data with the following third-party services as necessary to operate the App:

• Supabase (EU-hosted) — backend, database, authentication, and file storage. Stores all user data, workout data, and uploaded media.
• Google Places API — used for gym search, city autocomplete, and gym photos. Gym photos retrieved from Google are downloaded once and re-hosted on our own servers; Google is not contacted on subsequent views.
• Strava (optional) — if you choose to connect your Strava account, we use OAuth to import boxing and fitness workouts. Token exchange happens server-side; client secrets never touch your device. Access tokens and refresh tokens are stored in encrypted device storage.
• Apple / Google — in-app purchase processing for premium subscriptions. All payment processing is handled by their systems; we receive only purchase confirmation.
• Sentry (optional) — crash reporting. Collects crash data, stack traces, and device information for debugging.
• Expo Push Notification Service — delivers push notifications using tokens stored in our database.

We do not sell your data. We do not use advertising trackers.

5. Data Storage & Security

All user data is stored on Supabase servers located in the European Union. Uploaded photos and media are stored in Supabase Storage (EU region).

We apply the following measures to protect your data: encrypted connections (HTTPS/TLS), compressed image uploads to reduce exposure surface, server-side token handling for third-party integrations, and rate limits on user actions to prevent abuse.

6. Data Retention

Your data is retained for as long as your account is active. When you delete your account, all data is permanently and irreversibly removed, including: your profile, workouts, kudos, comments, notifications, friendships, achievements, avatar files, workout media files, and coach or gym ownership records. There is no soft-delete or recovery period.

If you held gym ownership, the gym becomes claimable by others upon your account deletion.

7. Your Rights Under GDPR

As a user, you have the following rights:

• Right to access: You can export all your data (profile, workouts, achievements, friendships, kudos, comments) as a JSON file via "Export My Data" in Settings.
• Right to deletion: You can delete your account from Settings at any time. This permanently removes all your data using cascading deletes. This action is irreversible.
• Right to rectification: You can edit your profile information and workout data at any time within the App.
• Right to data portability: Covered by the JSON data export feature.
• Right to restrict processing: You may contact us at [email protected] to request restriction of processing.
• Right to object: You may object to processing based on legitimate interest by contacting [email protected].
• Right to lodge a complaint: You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or another relevant supervisory authority.

To exercise any of these rights, contact us at [email protected].

8. Cookies & Tracking

Clinchr is a native mobile application and does not use cookies. We do not use advertising trackers. Sentry is used for crash reporting only and does not track user behavior.

9. Children's Privacy

Clinchr is available to users aged 12 and older. We do not knowingly collect personal data from children under the age of 12. If you believe a child under 12 has created an account, please contact us at [email protected] and we will promptly delete the account and associated data.

For users between 12 and 16 years of age in the EU, parental or guardian consent may be required under applicable law. By allowing a minor to use the App, the parent or guardian agrees to this Privacy Policy on the minor's behalf.

10. International Data Transfers

All primary data storage is within the European Union (Supabase, EU region). Where third-party services process data outside the EU (such as Sentry or Google), they do so under appropriate safeguards including Standard Contractual Clauses (SCCs) or equivalent mechanisms as required by GDPR.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the App or by other appropriate means. Your continued use of the App after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or your personal data, contact us at:

Email: [email protected]
Website: clinchr.app