Privacy Policy for Sapiens Rank

Last Updated: 30/05/2026

At Sapiens Rank, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how and why we process your data when you use our app, in compliance with the General Data Protection Regulation (GDPR) and other applicable laws.

1. Information We Collect

  • Email address: Used for authentication and account management.
  • Display name: The name or username you choose during onboarding, shown on the leaderboard.
  • Age and country: Collected during onboarding to personalise your ranking experience.
  • Health & fitness data: With your explicit permission, we read the following metrics from Apple HealthKit: resting heart rate, heart rate variability (HRV), sleep duration and stages, daily steps, active calories burned, and stand hours. These data points are processed entirely on your device to compute a daily score (an integer from 0 to 100). Only this computed score — never the raw health data — is transmitted to our servers.
  • Device token: A Firebase Cloud Messaging (FCM) token, stored to send you push notifications if you grant permission.
  • User identifier: A pseudonymous UUID assigned by our authentication provider (Supabase) to link your profile and scores.

2. How We Use Your Data

  • Authentication: To create and secure your account.
  • Score calculation: To compute your daily wellness score from your HealthKit data, entirely on-device.
  • Leaderboard: To display your rank alongside other users (by display name and country).
  • Push notifications: To send you daily reminders or rank updates, if you opt in.

We do not use your data for advertising, profiling, or any purpose other than providing the core features of the app.

3. Health Data

Sapiens Rank accesses Apple HealthKit data solely to calculate your daily wellness score on your device. Raw health metrics are never uploaded to our servers and are never shared with third parties. You can revoke HealthKit access at any time in Settings → Privacy & Security → Health → Sapiens Rank.

4. Third-Party Services

We use the following trusted processors to deliver our service:

  • Supabase: Our backend provider. Stores your profile (name, age, country), daily scores, and device token. Data is hosted in the EU. See Supabase's Privacy Policy.
  • Firebase Cloud Messaging (Google): Used exclusively to deliver push notifications. Only your FCM device token is shared with Firebase; no personal data or health data is involved. See Firebase's Privacy Policy.

These providers act on our behalf and do not use your data for advertising or profiling.

5. Legal Basis for Processing

  • Contract: To provide core services (account, leaderboard, score calculation).
  • Consent: For optional features — HealthKit access and push notifications. You may withdraw consent at any time.
  • Legitimate interests: To maintain the security and integrity of our platform.

6. Data Retention

Account and score data is retained while your account is active.
Device tokens are refreshed automatically and deleted when you uninstall the app or revoke notification permissions.
You may request deletion of your account and all associated data at any time.

7. International Data Transfers

Firebase (Google) may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards such as the European Commission's Standard Contractual Clauses are in place to protect your data.

8. Your Rights

Under GDPR, you have the following rights:

  • Access – to know what data we hold about you.
  • Rectification – to correct inaccurate information.
  • Erasure – to request deletion of your data.
  • Restriction – to limit certain processing.
  • Data Portability – to receive a copy of your data in a machine-readable format.
  • Objection – to object to processing based on legitimate interests.
  • Withdrawal of Consent – at any time, for consent-based processing (HealthKit, notifications).

To exercise your rights, contact us at contact@pommef.com. You also have the right to lodge a complaint with your local Data Protection Authority.

9. Security

We implement technical and organisational measures to protect your personal data, including encryption in transit (TLS), row-level security on our database, and secure authentication via Supabase Auth.

10. Children's Privacy

Our app is not intended for children under 13. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

11. Push Notifications

With your consent, we may send push notifications (e.g. daily score reminders, rank changes). You can manage or disable these at any time in your device settings.

12. Changes to This Policy

We may update this Privacy Policy when necessary. Any updates will be posted here with a revised "Last Updated" date. Where required by law, we will notify you of significant changes in-app.

13. Contact Us

If you have any questions about this Privacy Policy or your data rights, please contact us:

Email: contact@pommef.com