Privacy Policy

Arise is a fitness gamification application. Protecting user privacy and handling personal data transparently is a core priority. This Privacy Policy explains what data is collected, how it is used, stored, and protected.

1. Data Collected

Account Information

• Name and email address (via Google Sign-In or Apple Sign-In)
• Profile identifier (unique user ID)
• Profile picture URL (from Google/Apple account)

Fitness & Activity Data

• Exercise completion data (push-ups, sit-ups, squats, running distance)
• Daily quest progress and history
• Streak data and training statistics
• Running data from Apple HealthKit (distance, with explicit user permission)

Game Data

• Level, XP, and ranking information
• Inventory, equipped items, and purchase history
• Guild membership and social interactions
• Battle Pass progression
• Friends list and challenge history

Location Data

• GPS location data (only while using Arise, with explicit user permission)
• Running distance tracked via GPS during running quests

Location data is used exclusively to measure running distance for quest completion. Location is not tracked in the background and is never used for advertising purposes.

Purchase & Subscription Data

• In-app purchase transaction identifiers (provided by Apple)
• Subscription status, product type, and expiration date
• Purchase environment (sandbox or production)

Arise does not have access to payment methods or billing details. All payments are processed securely by Apple through the App Store.

Technical Data

• Device push notification token (FCM token, for sending notifications)
• Device type and operating system version
• App version

Screen Time & Discipline Mode Data

• The list of apps selected to restrict via the Discipline Mode feature
• Whether Discipline Mode is enabled or disabled
• Daily quest completion status (used to determine whether restrictions should be active)

Important: Discipline Mode uses Apple's Screen Time API (Family Controls & Managed Settings frameworks). The selection of restricted apps is handled entirely by Apple's system and never leaves the device. Arise does not have access to the names or identifiers of the apps chosen for restriction. Only the user's preference for whether Discipline Mode is enabled is stored on the server.

2. How Data Is Used

• Core functionality: Providing daily quests, tracking progress, leveling system, guild features, leaderboard, and shop.
• Social features: Friend system, guild management, trading, challenges, and leaderboard rankings.
• Notifications: Sending push notifications for surprise quests, guild invitations, friend requests, and trade offers.
• Improvement: Analyzing aggregate, anonymized usage patterns to improve the app experience.
• Discipline Mode: Restricting access to selected apps until daily training is completed. This processing occurs entirely on the device using Apple's Screen Time API.

3. HealthKit Data

If permission is granted, Arise reads running/walking distance data from Apple HealthKit to automatically track running quests. Arise never writes data to HealthKit. HealthKit data is never shared with third parties, used for advertising, or stored on servers beyond what is necessary to record quest completion.

4. Screen Time & Discipline Mode

When Discipline Mode is enabled, Arise uses Apple's Screen Time API (Family Controls and Managed Settings frameworks) to restrict access to selected apps until daily training is completed. Regarding this feature:

• App selection is handled by Apple's native picker and the selected app tokens are stored only on the device.
• Arise never receives, transmits, or stores the identity of the apps chosen for restriction.
• The restriction shield is managed locally on the device and is automatically removed once the daily quest is completed.
• Discipline Mode can be disabled or app selection changed at any time in Settings.
• Screen Time authorization is required and can be revoked at any time through iOS Settings > Screen Time.

5. Data Sharing

Personal data is never sold, rented, or traded. Data is shared only in these limited cases:

• Public game data: User name, level, and XP appear on the public leaderboard and in guild member lists.
• Friends: Users added as friends can see name, level, achievements, and profile.
• Authentication providers: Google and Apple process sign-in according to their own privacy policies.
• Firebase (Google): Used solely for push notification delivery.

6. Data Storage & Security

User data is stored on secure server infrastructure located in Germany (EU). Encrypted connections, JWT-based authentication, and parameterized database queries are used to protect against unauthorized access. Passwords are never stored as authentication relies exclusively on OAuth providers (Google, Apple).

7. Data Retention

Data is retained for as long as the account is active. Upon account deletion, all personal data is permanently removed from servers within 30 days, including: profile information, game progress, inventory, social connections, and quest history.

8. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), users have the right to:

• Access: Request a copy of all personal data held.
• Rectification: Request correction of inaccurate personal data.
• Erasure: Request deletion of account and all associated data (available in Settings > Delete Account, or via the account deletion page).
• Data portability: Request data in a machine-readable format.
• Objection: Object to processing of personal data.

To exercise any of these rights, contact: contact@arise-app.fr.

9. Children's Privacy

Arise is not directed at children under 13. Personal data from children under 13 is not knowingly collected. If a child has provided personal data, please reach out and it will be deleted promptly.

10. Advertising & Tracking

Arise does not use advertising identifiers (IDFA), does not display ads, and does not track users across other apps or websites. Arise does not participate in any advertising network or data broker program. Access to Apple's App Tracking Transparency (ATT) framework is not requested because no tracking is performed.

11. Third-Party Services

• Google Sign-In: Google Privacy Policy
• Apple Sign-In: Apple Privacy Policy
• Apple Screen Time API (Family Controls): Family Controls Documentation
• Firebase Cloud Messaging: Firebase Privacy

12. Changes to This Policy

This Privacy Policy may be updated from time to time. Significant changes will be communicated via in-app notification or email. Continued use of Arise after changes constitutes acceptance of the updated policy.

13. Contact

For any questions about this Privacy Policy or personal data:

Email: contact@arise-app.fr