PushArena — Privacy Policy
Effective Date: [Effective Date]
This Privacy Policy explains how PushArena, Inc. ("PushArena", "we", "us", or "our") collects, uses, shares, and protects your personal information when you use the PushArena iOS application (the "Service"). It complies with the Apple App Store guidelines, the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and the U.S. Children's Online Privacy Protection Act (COPPA).
The short version. We process your camera feed and pose data entirely on your device — no video, photos, or skeleton data ever leave your phone. We do not see which specific apps you choose to block (Apple gives us an opaque token). We do collect your email, display name, exercise stats, and battle history to operate your account and the Service.
Table of Contents
- Who We Are & Scope
- Information We Collect
- Information We Do Not Collect
- How We Use Your Information
- Legal Bases (GDPR)
- Sharing & Third-Party Services
- International Data Transfers
- Data Retention
- Your Rights (GDPR, CCPA, & More)
- Children's Privacy (COPPA)
- Security
- Push Notifications & Permissions
- Do Not Track / Global Privacy Control
- Changes to This Policy
- Contact
1. Who We Are & Scope
The "data controller" for the purposes of GDPR and the "business" for the purposes of the CCPA is:
- PushArena, Inc., a Delaware corporation.
- Contact: [email protected]
This Policy applies to the PushArena iOS app and any related online services we provide. It does not apply to third-party apps or websites that we link to from inside PushArena.
2. Information We Collect
2.1 Account Information
- Email address (from Apple Sign-In or Google Sign-In).
- Display name ("Hunter name") — visible to other users in duels and leaderboards.
- Avatar gender (used to render your in-app character).
- Age range (under 18 / 18–24 / 25–29 / 30–40 / 40+) — collected during onboarding to personalize your program. We do not collect exact date of birth.
2.2 Onboarding Answers
- Categorical list of distracting apps you want to reduce (e.g., "TikTok", "Instagram").
- Your stated goals, "why is it hard to quit" answers, and current vs. target screen-time hours.
2.3 Exercise & Activity Data
- Rep counts, exercise type (push-up or squat), session duration, and calorie estimates.
- Streaks, daily-quest progress, level, rank (E to S), and XP.
- Battle data: opponent IDs, rep counts during the battle, and win/loss outcome.
2.4 Screen-Time & App-Blocking Data
- Screen-time budget values you enter yourself.
- An opaque ActivitySelectionToken from Apple's FamilyControls framework, which lets us block your chosen apps. We never see the specific app names.
2.5 Device & Technical Information
- iOS version, device model, app version, and locale.
- App-event diagnostics (crash logs, performance traces, error messages).
- Pseudonymous identifiers used by analytics (a randomly generated user ID).
- Push notification token (if you grant notification permission).
2.6 Subscription & Purchase Information
- Transaction IDs and entitlement status from Apple In-App Purchase, relayed through RevenueCat.
- We never see your payment card number — Apple handles all payment data.
3. Information We Do Not Collect
To set expectations clearly, the following is never sent off your device or stored by PushArena:
| Category | Status |
|---|---|
| Raw camera video, photos, or images | Not collected — processed on-device, discarded immediately. |
| Body-pose skeleton data from MediaPipe | Not collected — processed on-device, discarded immediately. |
| Names of apps you blocked | Not collected — Apple only gives us an opaque token. |
| Per-app raw screen-time numbers | Not collected — Apple does not expose them to us. |
| Contacts, location, microphone audio, browsing history | Not collected. |
| Apple HealthKit data | Not collected. |
| Payment card number or full card data | Not collected — handled by Apple. |
4. How We Use Your Information
We use the information we collect to:
- Create and operate your PushArena account, and authenticate you across devices.
- Run the core gameplay: counting reps, awarding XP, unlocking apps after exercises, and managing streaks and quests.
- Match you with opponents in duels, display leaderboards, and show battle history.
- Provide your screen-time progress dashboards.
- Process and manage your PushArena Pro subscription.
- Send push notifications you have opted in to (streak reminders, daily quests, battle results).
- Improve and debug the Service through anonymous/pseudonymous analytics and crash reports.
- Detect, prevent, and respond to fraud, abuse, and security incidents.
- Comply with legal obligations.
We do not sell your personal information, and we do not use it for cross-context behavioral advertising or to train third-party advertising models.
5. Legal Bases (GDPR)
If you are in the European Economic Area, United Kingdom, or Switzerland, we process your personal data on the following legal bases:
- Performance of a contract — to provide the Service you signed up for (account, gameplay, subscription).
- Legitimate interests — to keep the Service secure, prevent abuse, debug crashes, and improve the product in a way that does not override your privacy rights.
- Consent — for optional permissions you grant (camera, push notifications), and for analytics where required by local law. You may withdraw consent at any time.
- Legal obligation — to comply with laws and respond to lawful requests.
6. Sharing & Third-Party Services
We share limited information with the following service providers, who process it on our behalf under contractual confidentiality and security obligations:
| Provider | What it does & what it receives |
|---|---|
| Apple | App Store distribution, In-App Purchase (payment + subscription), Sign in with Apple (auth token), FamilyControls (opaque app-block token), Push Notification Service (APNs token). |
| Sign in with Google (auth token + the email/name you choose to share). | |
| Supabase | Authentication and database hosting (US/EU regions). Stores your account, profile stats, battle history, friend list, and settings. |
| RevenueCat | Subscription management. Receives a pseudonymous app user ID, transaction IDs, and entitlement status. |
| PostHog | Product analytics. Receives pseudonymous event data (screens viewed, exercises completed, battles played) tied to a random user ID — no PII. |
| Sentry (if enabled) | Crash and error reporting. Receives device model, iOS version, app version, and stack traces. |
We may also share information when required by law, in response to valid legal process, or to protect the rights, safety, and property of PushArena, our users, or the public. If PushArena is acquired or merged, your information may be transferred to the successor entity, subject to this Policy.
Other users will see your display name and rep counts in duels, battle history, and leaderboards. Choose a display name that does not reveal personal information.
7. International Data Transfers
PushArena and many of our service providers are based in the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S. and other countries where our providers operate. Where required by law, we rely on safeguards such as the EU Standard Contractual Clauses and the UK International Data Transfer Addendum to protect transfers from the EEA/UK to countries that have not received an adequacy decision.
8. Data Retention
- Account data — retained while your account is active.
- Account deletion — when you delete your account from the settings screen (or by emailing us), we remove your profile, exercise data, and battle history within 30 days. Residual copies may remain in encrypted backups for up to 90 days.
- Subscription & transaction records — retained as long as required by tax, accounting, and consumer-protection laws (typically up to 7 years).
- Analytics & crash data — pseudonymous and retained on a rolling basis (typically up to 12 months).
- Camera & pose data — never retained. Processed on-device in real time and discarded.
9. Your Rights (GDPR, CCPA, & More)
Depending on where you live, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information.
- Delete your personal information ("right to be forgotten").
- Restrict or object to certain processing (including direct marketing).
- Portability — receive a copy of your data in a structured, machine-readable format.
- Withdraw consent at any time for processing based on consent.
- Non-discrimination for exercising any of these rights (CCPA).
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, email [email protected]. We will respond within the timeframes required by applicable law (typically 30 days under GDPR; 45 days under CCPA, extendable). We may need to verify your identity before fulfilling certain requests.
9.1 CCPA — Categories Collected
In the past 12 months, we have collected the following categories of personal information from California residents: identifiers (email, pseudonymous IDs), commercial information (subscription/transaction records), internet or other electronic network activity information (in-app events), inferences (level, rank), and audio/visual information processed only on-device (camera for pose detection, never transmitted).
We do not sell personal information and we do not share it for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA.
10. Children's Privacy (COPPA)
PushArena is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are between 13 and 17, you should only use PushArena with the permission of a parent or legal guardian.
If we become aware that we have collected personal information from a child under 13 without verified parental consent, we will delete it promptly. Parents or guardians who believe a child under 13 has provided us with personal information can contact [email protected] to request deletion.
11. Security
We use industry-standard technical and organizational measures to protect your information, including encryption in transit (TLS) and at rest, access controls on our backend, and reputable infrastructure providers. No system is 100% secure, however, and we cannot guarantee absolute security. Please use a strong sign-in method and notify us immediately at [email protected] if you suspect any unauthorized access to your account.
12. Push Notifications & Permissions
PushArena requests the following iOS permissions:
- Camera — required for on-device pose detection during exercises. Frames are processed locally and never leave your device.
- Notifications — optional. Used for streak reminders, daily quests, and battle results.
- Screen Time / Family Controls — required to block distracting apps. We receive only an opaque token, not the list of apps you selected.
You can change these permissions at any time in iOS Settings > PushArena.
13. Do Not Track / Global Privacy Control
PushArena does not deliver behavioral advertising and we do not respond to Do Not Track (DNT) browser signals, since the Service is a native iOS app. If you have enabled the Global Privacy Control (GPC) on a related web property of ours, we honor it as a CCPA opt-out signal where applicable.
14. Changes to This Policy
We may update this Privacy Policy from time to time. If we make a material change, we will provide reasonable advance notice through an in-app message or email before the change takes effect. The "Effective Date" at the top of this Policy will always reflect the latest version.
15. Contact
For questions, requests, or complaints about this Policy or your information, contact us at:
- General support & privacy requests: [email protected]
- Legal entity: PushArena, Inc., Delaware, USA
[Last updated: [Effective Date]]