Privacy Policy

Thank you for using ClimbPin. We understand the importance of your personal information and health data. This Privacy Policy explains how ClimbPin ("the App", "we", "us", or "our") collects, uses, and protects your information when you use our iOS app and Apple Watch extension.

By using ClimbPin, you agree to this Privacy Policy. If you do not agree, please stop using and uninstall the App.

1. Information We Collect

ClimbPin is a local-first application. Your core climbing data is stored on your device. Some optional features (such as gym submission and iCloud backup) require network connectivity and account sign-in, but your training data never leaves your device by default.

1.1 Sensor & Health Data

• Source: Apple Watch sensors, HealthKit
• Data: Heart rate, calories burned, workout duration, elevation changes, acceleration data
• Note: We do not access HealthKit data until you grant permission

1.2 Training Records

• Source: Your input within the App
• Data: Session dates, route names, grades, completion status, notes, locations, and photos you choose to add

1.3 Body Metrics & Preferences

• Source: Your input
• Data: Age, sex, resting heart rate, preferred grading system, app settings

1.4 Diagnostic Logs

• Data: Anonymous technical logs for troubleshooting sync and performance issues
• Note: These contain no personally identifiable information

1.5 Purchase Records

• Source: In-app purchases (Apple StoreKit)
• Data: Tip count, cumulative amount, and last tip date (local statistics)
• Note: Payment processing is handled entirely by Apple. We do not collect any payment card numbers or Apple ID information

1.6 Account & Gym Data

• Source: Apple Sign-In, gym information you submit within the App
• Data: Email and display name associated with your Apple ID (obtained only on first sign-in), gym name, address, GPS coordinates, notes
• Note: Sign-in is optional and only required for gym submission. Login credentials are securely stored in device Keychain

We DO NOT collect: Contacts, messages, microphone recordings, advertising identifiers, or location data (unless you manually enter it for a route).

2. How We Use Your Information

All data processing happens locally on your device for the following purposes:

• Core Features: Collect sensor data on Watch, sync to iPhone, calculate training metrics (TRIMP, heart rate zones, route progress), and display in Logbook, Dashboard, and Project views
• Data Export: Generate CSV/JSON files when you request export for personal backup or sharing
• Troubleshooting: Use anonymous logs to diagnose sync or performance issues
• Purchase Records: Record tip count and amount locally, used only to display thank-you messages
• Account & Gym: Verify your identity for the gym submission feature, and upload gym information to the cloud for other climbers to search and use

We DO NOT use your data for advertising, profiling, automated decision-making, or any purpose unrelated to climbing training.

3. Permissions

ClimbPin requests the following permissions only when needed:

Permission	Purpose	Required
HealthKit (Read/Write)	Read/write workouts, heart rate, energy data	Optional
Motion & Fitness	Collect Watch sensor data (altimeter)	Optional
Photo Library	Attach photos to routes or sessions	Optional
Location (When In Use)	Add location to routes	Optional

You can revoke any permission at any time in iOS Settings > Privacy & Security. Denying a permission may limit related features but will not affect other functionality.

4. Data Sharing & Disclosure

We DO NOT sell, rent, or share your personal information with advertisers, analytics providers, or other third parties.

Data may only be shared in these cases:

1. Your Export/Share Actions: When you export CSV/JSON files, you control where to save or share them. ClimbPin does not automatically upload these files.
2. HealthKit Sync: With your permission, workout data is written to Apple Health, governed by Apple's privacy policy. You can manage or delete this data in the Health app.
3. Gym Submission: When you submit gym information, it is uploaded to our cloud service (Supabase, servers located in Mumbai, India) for other users to search. Approved gym information is visible to all users. You can edit your submitted gyms within the App; to delete, please contact us.
4. iCloud Backup: If you enable iCloud backup, training records (including timestamps, elevation, routes, and statistics) are synced to your Apple iCloud private database, accessible only by your iCloud account. Photos sync identifiers only by default; enabling "Backup Original Photos" uploads photo originals. You can disable this feature at any time in Settings.

When using the gym submission feature, your gym data is transferred to overseas servers (India). iCloud backup data storage location is determined by Apple. Other than these, we do not proactively transfer data across borders or publicly disclose personal information.

5. Data Storage & Security

• Storage Location: Data is stored locally on your device (iPhone database, Watch cache, UserDefaults, Keychain) and optionally in HealthKit. When using gym submission, gym data is stored on cloud servers; when using iCloud backup, training records are stored in Apple iCloud.
• Security Measures: We rely on iOS/watchOS system-level encryption, app sandboxing, and Face ID/Touch ID protection. Watch-iPhone communication is encrypted by Apple.
• Retention: You control how long data is kept. Delete individual records, clear Projects, revoke HealthKit access, or uninstall the App to remove all local data. We do not retain deleted information.
• Error Handling: If data corruption or sync failure is detected, the system rolls back operations to prevent unauthorized copying or leakage.

6. Your Rights

You have the following rights regarding your personal data:

Right	How to Exercise
Access & Correction	View or edit records in Logbook, Session Detail, and Project pages; update body metrics in Settings
Deletion	Delete individual records, remove Projects, clear Logbook, or uninstall the App; delete Health data in Apple Health
Data Portability	Export CSV/JSON files from Settings
Withdraw Consent	Revoke HealthKit, Photos, or Location permissions in system Settings or the App
Lodge a Complaint	Contact us via email; we will respond within 15 business days
Account & Gym Data	Sign out to clear local credentials; edit submitted gyms; request account and gym data deletion via email

If you believe your rights have been violated, you may also file a complaint with your local data protection authority.

7. Children's Privacy

ClimbPin is designed for adults and experienced climbers. We do not knowingly collect data from children under 13.

Health and body metrics are considered sensitive personal information and are only processed with your explicit consent.

8. Policy Updates

We may update this Privacy Policy due to feature changes, legal requirements, or business needs. Updates will be communicated through:

• The "About" section in App Settings
• Our official website
• App update release notes

For significant changes (expanded permissions, new data types), we will seek your explicit consent. If you disagree with updates, you may stop using and uninstall the App.

9. Contact Us

If you have questions, suggestions, or complaints about this Privacy Policy or your personal data, please contact us:

Email: [email protected]

We will acknowledge receipt within 2 business days and provide a response or solution within 15 business days. To protect your information security, we may request identity verification before processing your request.

© 2026 ClimbPin. All rights reserved.