PRIVACY POLICY

Effective date: February 10, 2026

PeakFit ("we," "us," or "our") operates the PeakFit mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this policy, please do not use the Service.

1. Information We Collect

1.1 Information You Provide to Us

• Account Information: When you create an account, we collect your phone number for authentication via one-time passcode (OTP). You may also provide a display name, profile photo, and bio.
• Profile Information: Any additional information you choose to add to your profile, including your fitness interests, clubs you join, and gear you track.
• User Content: Activities you record and share, comments, kudos, and other content you post to the Service.
• Communications: If you contact us for support, we collect the information you provide in those messages.

1.2 Information Collected Automatically

• Location Data: When you record an activity, we collect GPS data to map your route and calculate distance, pace, and elevation. Location data is only collected while you are actively recording an activity, unless you grant background location permission for live tracking features. You can revoke location permissions at any time through your device settings.
• Device Information: We collect device type, operating system version, unique device identifiers, and app version to provide and improve the Service.
• Usage Data: We collect information about how you interact with the Service, including features used, pages viewed, and actions taken (e.g., starting a recording, giving kudos).
• Health and Fitness Data: With your permission, we may access health and fitness data from your device's health platform (Apple Health, Google Fit), including heart rate, calories burned, and step count. This data is only accessed with your explicit consent and is never sold to third parties.

1.3 Information from Third Parties

• Connected Services: If you choose to connect third-party services (e.g., wearable devices, other fitness platforms), we may receive activity data from those services in accordance with their respective privacy policies and your authorization.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Create and manage your account
• Record and display your fitness activities, including routes, stats, and achievements
• Enable social features such as the activity feed, kudos, comments, clubs, and leaderboards
• Calculate and display your stats, personal records, and leaderboard positions
• Track gear usage and provide retirement recommendations
• Send you push notifications about activity from friends, achievements earned, and leaderboard updates (you can manage notification preferences in the app)
• Provide customer support and respond to your inquiries
• Analyze usage patterns to improve and optimize the Service
• Detect, prevent, and address technical issues, fraud, or abuse
• Comply with legal obligations

3. How We Share Your Information

3.1 Public Information

By default, the following information is visible to other users of the Service: your display name, profile photo, activities you share publicly, club memberships, achievements, and leaderboard positions. You can control the visibility of individual activities by setting them to private before or after posting.

3.2 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing — for example, when you choose to share an activity to an external social media platform.

3.3 Service Providers

We may share your information with third-party service providers who perform services on our behalf, including:

• Cloud hosting and infrastructure (e.g., Supabase, Vercel)
• Map rendering and geolocation services (e.g., Mapbox)
• Analytics services to understand app usage
• Email delivery services for transactional communications

These service providers are contractually obligated to use your information only as necessary to provide services to us and in accordance with this policy.

3.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal requests by public authorities (e.g., a court order or subpoena). We may also disclose information when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate fraud.

3.5 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via in-app notification or email before your information becomes subject to a different privacy policy.

3.6 What We Never Do

• We never sell your personal information to third parties.
• We never sell your health, fitness, or location data.
• We never use your data for targeted advertising from third-party ad networks.

4. Data Storage and Security

Your data is stored on secure servers provided by our cloud infrastructure partners. We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication via one-time passcodes
• Access controls limiting employee access to user data
• Regular security reviews and updates

While we take reasonable measures to protect your information, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements).

Activity data you have shared publicly may persist in other users' feeds even after account deletion, but will be disassociated from your identity.

6. Your Rights and Choices

6.1 Account and Profile

You can update or correct your account information at any time through the app's settings. You can delete your account by contacting us or through the app's account settings.

6.2 Activity Privacy

You can set individual activities as private so they are not visible to other users. You can also configure a default privacy setting for all new activities.

6.3 Location Data

You can disable location permissions for the app through your device settings at any time. Note that GPS tracking is required for core activity recording functionality.

6.4 Push Notifications

You can manage or disable push notifications through your device settings or within the app's notification preferences.

6.5 Data Export

You can request a copy of your personal data by contacting us at the email address listed below. We will provide your data in a commonly used, machine-readable format within 30 days of your request.

6.6 Data Deletion

You can request deletion of your personal data by deleting your account or contacting us. Upon receiving a verified deletion request, we will delete your data within 30 days, subject to the retention requirements described in Section 5.

7. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from the laws of your country. By using the Service, you consent to the transfer of your information to such countries. We ensure that appropriate safeguards are in place to protect your information in accordance with this policy.

9. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect about you and how it is used
• Request deletion of your personal information
• Opt out of the sale of your personal information (note: we do not sell personal information)
• Not be discriminated against for exercising your privacy rights

To exercise any of these rights, please contact us using the information provided below.

10. European Privacy Rights (GDPR)

If you are a resident of the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR), including the right to:

• Access, correct, or delete your personal data
• Object to or restrict the processing of your personal data
• Data portability — receive your data in a structured, machine-readable format
• Withdraw consent at any time where processing is based on consent
• Lodge a complaint with a supervisory authority

Our legal basis for processing your information includes: performance of a contract (providing the Service), your consent (location data, health data), and our legitimate interests (improving the Service, preventing fraud).

11. Third-Party Links and Services

The Service may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy within the app and updating the "Effective date" at the top of this page. For significant changes, we will provide additional notice (such as an in-app notification or email).

Your continued use of the Service after any changes to this policy constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy, your data, or your privacy rights, please contact us:

• Email: legal@peakfit.ai

This privacy policy was last updated on February 10, 2026.