PRIVACY POLICY
Last Updated: April 6, 2026
1. Introduction
Gauntlet Digital LLC ("Gauntlet," "we," "us," or "our") operates the Gauntlet mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the App.
By using Gauntlet, you agree to the collection and use of information in accordance with this policy. If you do not agree, do not use the App.
Gauntlet is intended for users in the United States who are 18 years of age or older.
2. Information We Collect
2.1 Information You Provide Directly
- Account Information: Name and email address when you create an account via Apple Sign In, Google Sign In, or email/password authentication. If you use Sign in with Apple with the "Hide My Email" feature, we receive an Apple-provided relay email address and treat it the same as any other email address. We do not attempt to discover your real email.
- Profile Information: Display name, bio, and any other information you choose to add to your profile.
- Squad & Competition Data: Squad names, membership, competition entries, Crucible matchup participation, and activity summaries within squads you belong to.
- Support Communications: Information you provide when contacting us for support.
2.2 Information from Third-Party Services
- Apple HealthKit: With your explicit permission, we read workout data including activity type, duration, distance, calories burned, heart rate, step counts, and exercise minutes. We never write data to HealthKit. We do not sell or use HealthKit data for advertising.
- Strava: With your authorization, we access workout activity data including activity type, duration, distance, pace, and elevation through the Strava API. We access only the scopes you explicitly authorize.
2.3 Information Collected Automatically
- Device Information: Device model, operating system version, and unique device identifiers.
- Push Notification Tokens: Device tokens for delivering push notifications you have opted into.
- Crash and Diagnostic Data: We use Sentry to collect crash reports, error logs, and performance data to identify and fix technical issues. We do not configure Sentry to capture health or fitness data.
2.4 Referral Program Data
When you participate in Gauntlet's referral program:
- Invite Links: Links you share contain opaque identifiers (UUIDs) for your account, competitions, or squads. These links are shared outside the App via your device's native share sheet.
- Referral Records: We store which accounts you referred and their referral status (signed up, activated). If someone signs up through your link, their display name is visible to you in your referrals dashboard.
We do not access your device contacts, phone number, or address book for referral purposes.
2.5 Information We Do NOT Collect
- We do not collect profile photos (this feature is not currently available).
- We do not collect body measurements, weight, or biometric health data beyond workout activity metrics.
- We do not access your device camera, microphone, or contacts.
- We do not collect financial or payment information.
- We do not operate in-app messaging or chat; no message content is collected.
3. How We Use Your Information
We use the information we collect to:
| Purpose | Legal Basis |
|---|---|
| Provide and maintain the App | Contract performance |
| Create and manage your account | Contract performance |
| Calculate rankings, leaderboards, and competition results | Contract performance |
| Run Crucible squad matchups and tier/division ranking | Contract performance |
| Track streaks, achievements, and progression | Contract performance |
| Enable squad creation, management, and social features | Contract performance |
| Process referral program participation and rewards | Contract performance |
| Send push notifications (competition updates, reminders, squad activity) | Consent |
| Diagnose crashes and fix technical issues | Legitimate interest |
| Comply with legal obligations | Legal obligation |
We do not use your data for:
- Selling to third parties
- Advertising or ad targeting
- Building advertising profiles
- Behavioral analytics or product tracking
- Any purpose incompatible with those listed above
4. How We Share Your Information
4.1 Information Visible to Other Users
Certain information is visible to other users by design:
- Public Profile: Display name, tier/division rank, and achievements.
- Competition Data: Your results and leaderboard positions within competitions you join.
- Squad Activity: Your squad membership and activity within squads you belong to.
- Crucible Data: Your individual contribution scores within your squad's weekly Crucible matchups.
- Friends Feed: Your activity is visible to users on your friends list.
- Referral Visibility: If you sign up through another user's referral link, your display name is visible to that referrer in their referrals dashboard.
4.2 Service Providers
We share information with third-party service providers who perform services on our behalf:
| Provider | Purpose |
|---|---|
| Supabase | Database hosting, authentication, and file storage (hosted on AWS in the United States) |
| Sentry | Crash reporting and error diagnostics |
| Expo / EAS | App build, update distribution, and push notification routing |
| Apple Push Notification Service (APNs) | Final delivery of push notifications to your device |
| Strava | Fitness activity data sync via API (only with your explicit authorization) |
| Authentication via Google Sign-In | |
| Apple | Authentication via Sign in with Apple |
These providers are contractually obligated to protect your information and use it only for the services they provide to us.
4.3 Referral Links
When you share an invite link, the link contains opaque UUIDs that recipients and any intermediary platforms (messaging apps, email clients, social media) may process. We do not control how third-party platforms handle URLs shared through them.
4.4 Legal Requirements
We may disclose your information if required by law or in response to valid requests by public authorities (e.g., a court order or government agency).
4.5 Business Transfers
If we are involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.
4.6 No Sale of Personal Information
We do not sell, rent, or trade your personal information to third parties. This includes California residents under the CCPA/CPRA.
5. Data Storage and Security
5.1 Storage Location
Your data is stored on Supabase infrastructure hosted on Amazon Web Services in the United States.
5.2 Security Measures
We implement appropriate technical and organizational measures including:
- Encryption in transit (TLS/SSL) and at rest
- Row-level security (RLS) policies on all database tables
- Secure authentication via Apple Sign In and bcrypt-hashed passwords
- Access controls limiting access to personal data
5.3 Data Retention
- Account Data: Retained while your account is active. Upon account deletion, your personal data is deleted within 30 days.
- Competition Records: Upon account deletion, 1-on-1 competitions you participated in are deleted entirely. In multi-participant or squad competitions, your participation record is removed and the competition continues without you — your data is not retained in anonymized form.
- Crash and Diagnostic Data: Retained by Sentry for up to 90 days.
- Referral Records: Retained while your account is active; deleted upon account deletion.
6. Your Rights and Choices
Regardless of your location, you have the right to:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information.
- Delete your account and associated personal data through Settings > Account > Delete Account.
- Withdraw Consent for HealthKit access through your iPhone's Settings > Health > Data Access & Devices.
- Disconnect Strava at any time through App settings.
- Opt Out of Push Notifications through your device settings.
To submit a data access or correction request, contact us at legal@joingauntlet.com.
California Residents — CCPA/CPRA
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and disclose.
- Delete your personal information.
- Opt Out of Sale: We do not sell personal information, but you may submit a request confirming this.
- Non-Discrimination: We will not discriminate against you for exercising your rights.
To exercise these rights, contact us at legal@joingauntlet.com.
7. Apple HealthKit Data — Special Provisions
In compliance with Apple's HealthKit guidelines:
- HealthKit data is used solely to provide competition scoring, rankings, and activity tracking features within the App.
- HealthKit data is never used for advertising, marketing, or data mining.
- HealthKit data is never sold to third parties, including data brokers, advertising platforms, or information resellers.
- HealthKit data is never disclosed to third-party services, including our crash reporting service (Sentry).
- HealthKit data is never stored in iCloud or any unsecured storage mechanism.
- You can revoke HealthKit access at any time through your iPhone's Settings > Health > Data Access & Devices.
8. Data Breach Notification
In the event of a data breach affecting your personal information, we will notify you without undue delay and within the timeframes required by applicable law. Notification will be sent to the email address associated with your account.
9. Children's Privacy
Gauntlet is intended for users 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected information from a user under 18, we will delete that account and its associated data promptly. To report an underage account, contact us at legal@joingauntlet.com.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Sending an email to the address associated with your account at least 14 days before changes take effect
- Posting the updated policy in the App
- Updating the "Last Updated" date at the top of this document
Your continued use of the App after changes take effect constitutes acceptance of the updated policy.
11. Contact Us
Gauntlet Digital LLC
Email: legal@joingauntlet.com
Address: 1112 E Magdalena Dr, Tempe, Arizona 85283