Privacy Policy

Privacy Policy

Goals Inc.
Effective Date: June 23, 2025
Last Updated: June 23, 2025

Introduction

Goals Inc. ("we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Goals mobile application (the "App") and related services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. This Privacy Policy applies to all users of our Services, including users aged 13 and older.

Information We Collect

Personal Information You Provide

  • Account Information: Name, email address, date of birth, username, password

  • Profile Information: Fitness goals, activity preferences, partner matching preferences

  • Payment Information: Billing address, payment method details (processed securely by Stripe)

  • Stake Information: Financial commitment amounts, charity preferences, donation history

  • Communication Data: Messages with support team, feedback, survey responses

Health and Fitness Data

  • Apple HealthKit Integration: Activity data, workout information, steps, calories burned, exercise minutes

  • Goal Tracking Data: Weekly activity targets, achievement records, progress metrics

  • Partner Activity Data: Shared accountability metrics with your matched partner

Automatically Collected Information

  • Device Information: Device type, operating system, unique device identifiers, mobile network information

  • Usage Data: App features accessed, time spent in app, interaction patterns, crash reports

  • Location Data: General location information for time zone and regional compliance purposes

  • Analytics Data: Performance metrics, user engagement statistics (collected via third-party analytics services)

Third-Party Data

  • Authentication Data: Information from Supabase authentication services

  • Payment Processing Data: Transaction records and verification data from Stripe

  • Marketing Data: Email engagement metrics, push notification interactions

How We Use Your Information

Primary Service Functions

  • Account Management: Creating and managing your user account, authentication, password recovery

  • Fitness Goal Tracking: Processing Apple HealthKit data to verify weekly activity goals

  • Social Accountability: Matching you with accountability partners, sharing agreed-upon progress data

  • Financial Stakes: Processing stake payments upon goal failure, facilitating charitable donations

  • Communication: Sending service-related notifications, goal reminders, and partner updates

Service Improvement

  • Analytics and Performance: Understanding app usage patterns, identifying bugs, improving user experience

  • Customer Support: Responding to inquiries, troubleshooting issues, providing technical assistance

  • Safety and Security: Detecting fraud, preventing unauthorized access, maintaining data security

Legal Compliance

  • Regulatory Requirements: Complying with applicable laws, regulations, and legal processes

  • Age Verification: Ensuring users meet minimum age requirements (13+)

  • Financial Compliance: Meeting payment processing and charitable donation regulations

Information Sharing and Disclosure

With Your Consent

  • Accountability Partners: Sharing agreed-upon fitness progress data with your matched partner

  • Charitable Organizations: Donating stake amounts to your selected charities (Goals Inc. as donor of record)

Service Providers

  • Stripe: Payment processing, subscription management, financial transaction security

  • Supabase: Authentication services, database management, user account security

  • Apple HealthKit: Health data integration and verification (data remains on your device)

  • Analytics Providers: App performance metrics, user engagement analytics (anonymized data)

  • Email Service Providers: Transactional emails, service notifications, password resets

Legal Requirements

  • Law Enforcement: When required by law, court order, or government request

  • Safety Protection: To protect rights, property, or safety of users, the public, or Goals Inc.

  • Business Transfers: In connection with merger, acquisition, or sale of business assets

Aggregated Data

We may share aggregated, non-personally identifiable information for research, analytics, or marketing purposes.

Data Processing Legal Bases (GDPR)

For users in the European Union, we process your personal data based on the following legal grounds:

  • Consent: For marketing communications, analytics, and optional features

  • Contract Performance: To provide Services, process payments, and fulfill agreements

  • Legitimate Interests: For security, fraud prevention, and service improvement

  • Legal Obligation: For compliance with applicable laws and regulations

Children's Privacy (COPPA Compliance)

Age Requirements

  • Minimum age for account creation is 13 years

  • Users aged 13-17 require parental consent for certain data processing activities

  • Parents may review, modify, or delete their child's personal information

Parental Rights

Parents of users under 18 may:

  • Review personal information collected from their child

  • Request deletion of their child's personal information

  • Refuse to permit further collection or use of their child's information

  • Contact us at [PARENT_EMAIL] for assistance

Limited Data Collection

For users under 18, we limit data collection to what is necessary for core service functions and do not use their information for advertising or marketing purposes.

Apple HealthKit Compliance

Health Data Usage

  • Health data is used solely for fitness goal verification

  • Data is not stored in iCloud or on our servers

  • Health data is never used for advertising or sold to third parties

  • You maintain full control over what health data is shared with the App

Data Access Requirements

  • Explicit permission required for each type of health data accessed

  • You can revoke health data access permissions at any time through iOS Settings

  • Health data processing complies with Apple's HealthKit Review Guidelines

Medical Disclaimers

The App does not provide medical advice and is not intended for medical diagnosis or treatment. Consult healthcare providers before beginning any fitness program.

International Data Transfers

Global Operations

As a global service, your information may be transferred to and processed in countries other than your country of residence, including the United States.

Data Protection Safeguards

We implement appropriate safeguards to protect your information during international transfers:

  • Standard contractual clauses approved by relevant authorities

  • Adequacy decisions where available

  • Additional security measures for sensitive data

Data Retention

Retention Periods

  • Account Data: Retained while your account is active plus 7 years for legal compliance

  • Health Data: Not stored on our servers; remains on your device

  • Payment Data: Retained per Stripe's retention policies and legal requirements

  • Analytics Data: Aggregated data retained for up to 3 years

  • Marketing Data: Retained until you opt out or request deletion

Deletion Procedures

Upon account deletion, we will:

  • Remove personal information from active databases within 30 days

  • Maintain aggregated, non-identifiable data for analytics

  • Retain certain information as required by law or for legitimate business purposes

Your Privacy Rights

Access and Control

  • Data Access: Request a copy of your personal information

  • Data Correction: Update or correct inaccurate information

  • Data Deletion: Request deletion of your personal information

  • Data Portability: Receive your data in a machine-readable format

  • Processing Restrictions: Limit how we process your information

Communication Preferences

  • Email Opt-out: Unsubscribe from marketing emails via links in emails

  • Push Notifications: Disable notifications through device settings

  • Account Settings: Manage privacy preferences within the App

Exercising Your Rights

To exercise your privacy rights, contact us at [PRIVACY_EMAIL] or through the App settings. We will respond to requests within 30 days.

Data Security

Security Measures

  • Encryption: Data encryption in transit and at rest

  • Access Controls: Limited access to personal information on need-to-know basis

  • Regular Audits: Security assessments and vulnerability testing

  • Staff Training: Privacy and security training for all personnel

Third-Party Security

Our service providers maintain industry-standard security practices:

  • Stripe: PCI DSS Level 1 compliance for payment processing

  • Supabase: SOC 2 Type 2 compliance for data management

  • Apple HealthKit: End-to-end encryption for health data

Incident Response

In case of a data breach, we will:

  • Notify affected users within 72 hours where required by law

  • Implement immediate containment measures

  • Cooperate with relevant authorities

  • Provide updates throughout the incident response process

Cookies and Tracking Technologies

Types of Technology Used

  • Essential Cookies: Required for basic app functionality

  • Analytics Cookies: Usage statistics and performance monitoring

  • Preference Cookies: Storing user settings and preferences

Third-Party Analytics

We use analytics services to understand app usage:

  • Data is anonymized and aggregated

  • You can opt out of analytics through app settings

  • Analytics providers have their own privacy policies

Updates to This Privacy Policy

Notification of Changes

  • We will notify users of material changes via email or in-app notification

  • Continued use of Services after changes constitutes acceptance

  • Previous versions are archived and available upon request

Regular Reviews

This Privacy Policy is reviewed annually and updated as needed to reflect:

  • Changes in legal requirements

  • New service features or data practices

  • User feedback and privacy best practices

Geographic Considerations

California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected

  • Right to delete personal information

  • Right to opt out of sale of personal information

  • Right to non-discrimination for exercising privacy rights

European Union Residents (GDPR)

EU residents have specific rights under the General Data Protection Regulation:

  • Right to access and portability

  • Right to rectification and erasure

  • Right to restrict processing

  • Right to object to processing

  • Right to lodge complaints with supervisory authorities

Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate.

Contact Information

Privacy Inquiries

Email: support@goalsapp.co

General Support
Website: https://goalsapp.co/support

Acknowledgment

By using the Goals app, you acknowledge that you have read and understood this Privacy Policy and agree to be bound by its terms.

This Privacy Policy was last updated on [06.23.2025].