Home

Privacy Policy

Last updated: March 13, 2026

1. Introduction

FitClash ("we", "our", "us") operates the website at fitclash.app. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

Account Data (signed-in users)

When you sign in with Google, we receive:

  • Your name and email address (from Google OAuth)
  • A unique Google account identifier

We do not receive or store your Google password.

Anonymous Usage Data (participants)

Participants who submit scores without signing in are identified by a device token stored in their browser's local storage. We collect:

  • Display name (chosen by the participant)
  • Scores submitted to challenges
  • Device token (generated locally, not linked to identity)

Automatically Collected Data

We may collect standard web server logs including:

  • IP address
  • Browser type and version
  • Pages visited and timestamps

3. How We Use Your Data

  • To provide and operate the Service (display leaderboards, manage challenges)
  • To authenticate your account via Google OAuth
  • To associate challenges and scores with your account
  • To monitor and improve the Service
  • To detect and prevent abuse

We do not sell your data to third parties. We do not use your data for advertising.

4. Data Storage & Security

Your data is stored in a PostgreSQL database hosted on Railway (cloud infrastructure). We use encrypted connections (HTTPS/TLS) for all data in transit. Session tokens are stored as secure, HTTP-only cookies.

While we take reasonable measures to protect your data, no system is 100% secure. Use the Service at your own risk.

5. Cookies & Local Storage

We use:

  • Session cookies — to keep you signed in (HTTP-only, secure, same-site)
  • Local storage — to store device tokens for anonymous participation and local activity history

We do not use tracking cookies or third-party analytics cookies.

6. Third-Party Services

  • Google OAuth — for authentication. Google's privacy policy applies to data processed by Google.
  • Railway — for hosting infrastructure.
  • Sentry — for error tracking and monitoring (may receive anonymized error data).

7. Your Rights

You may:

  • Delete your scores — remove any score you've submitted using the delete option on the challenge page
  • Delete your challenges — remove challenges you've created from your dashboard
  • Request account deletion — email us to have your account and associated data permanently deleted
  • Clear local data — clear your browser's local storage to remove device tokens and activity history

8. Children's Privacy

FitClash is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected on this page with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance.

10. Contact

For privacy-related questions or data deletion requests, contact us at [email protected].