1. home
  2. legal
  3. privacy

Privacy Policy

Effective Date: January 1, 2025

Last Updated: January 1, 2025

1. Introduction

Welcome to grnyte DEMO, a secure boulder topo and session tracker. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our application.

This is a hobby project, not a commercial service. However, we take your privacy seriously and comply with applicable data protection laws including the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

2. Contact Information

Data Controller: grnyte Development Team
Email: info@grnyte.rocks
Contact for Privacy Matters: grnyte Development Team

3. Information We Collect

3.1 Account Information

  • Email address (for account creation and authentication)
  • Username (for identification within the app)
  • Password (encrypted and stored securely)

3.2 Climbing Data

  • Climbing ascents and session logs
  • Notes about climbing routes and areas
  • Photos and videos you upload
  • Location data for climbing areas (when provided by you)
  • Route grades and difficulty ratings

3.3 Technical Information

  • IP address
  • Browser type and version
  • Device information
  • Usage patterns and app interactions
  • Log files and error reports

4. How We Use Your Information

  • Service Provision: To provide and maintain the climbing tracker functionality
  • Authentication: To verify your identity and secure your account
  • Data Storage: To save your climbing progress and statistics
  • Communication: To respond to your inquiries and provide support
  • Technical Maintenance: To troubleshoot issues and improve app performance
  • Security: To protect against unauthorized access and maintain data integrity

5. Legal Basis for Processing (GDPR)

  • Consent: You have given clear consent for us to process your personal data for the specified purposes
  • Legitimate Interest: Processing is necessary for our legitimate interests in providing the service
  • Contract Performance: Processing is necessary to provide the services you've requested

6. Data Sharing and Third Parties

6.1 Service Providers

We use the following third-party services:

  • Supabase: Database hosting and authentication (see Supabase Privacy Policy)
  • Nextcloud: File storage for photos and videos (if configured)
  • Vercel: Application hosting and delivery

6.2 External Integrations

The app may link to external climbing platforms:

  • 8a.nu
  • 27crags
  • theCrag

These links are provided for convenience. We do not share your data with these platforms unless you explicitly choose to do so.

6.3 No Sale of Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

7. Data Storage and Security

  • Encryption: All data is transmitted using HTTPS encryption
  • Access Controls: Only authorized users can access your personal climbing data
  • Database Security: Supabase provides enterprise-grade security for data storage
  • Regular Backups: Data is regularly backed up to prevent loss

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. You can request deletion of your account and all associated data at any time.

  • Account Data: Retained until account deletion
  • Climbing Logs: Retained until account deletion
  • Log Files: Automatically deleted after 30 days

9. Your Rights

Under GDPR and other privacy laws, you have the following rights:

9.1 Access (Article 15 GDPR)

Request a copy of all personal data we hold about you.

9.2 Rectification (Article 16 GDPR)

Request correction of inaccurate or incomplete data.

9.3 Erasure (Article 17 GDPR)

Request deletion of your personal data ("right to be forgotten").

9.4 Portability (Article 20 GDPR)

Request a copy of your data in a machine-readable format.

9.5 Objection (Article 21 GDPR)

Object to processing based on legitimate interests.

9.6 California Rights (CCPA)

California residents have additional rights under the CCPA, including the right to opt-out of the sale of personal information (though we don't sell data).

10. Cookies and Tracking

We use essential cookies for authentication and app functionality. We do not use tracking cookies for advertising or analytics without your consent. See our Cookie Policy for more details.

11. International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including the United States. We ensure appropriate safeguards are in place for international transfers as required by applicable data protection laws.

12. Children's Privacy

This service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

  • Email: info@grnyte.rocks
  • Subject: Privacy Policy Inquiry

15. Supervisory Authority

If you believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with your local data protection supervisory authority.

This Privacy Policy is part of our commitment to transparency and data protection. As a hobby project, we strive to maintain the highest standards of privacy and security for our users.