Privacy Policy – Level Up!

What we collect and why

Account info Your email address and hashed password (never stored in plain text), or basic Google account info if you use Google Sign-In — so you can log in and your data stays yours. If you sign in with Google, your email is stored to verify you have already accepted the Terms of Service so you are not prompted again on future logins.
Profile Your chosen username and profile picture — so you have an identity on the leaderboard and in the app. Your username, level, XP, and profile picture are visible to other users on the leaderboard.
Food logs Food names, macros, calories, serving sizes, and the dates you logged them — so the app can track your nutrition and fuel the gamification system.
Nutrition goals Your calorie, protein, carbs, fat, and weight goal preferences — so the app can show you progress toward your personal targets.
Calorie Calculator inputs Age, height, weight, sex, and activity level — used only for the in-app calculation and never stored on our servers.
Game progress Your XP, level, daily login streak, and achievement progress — to power the levelling system, leaderboard, and badges.
Location GPS coordinates while the Explore tab is open — to find nearby points of interest and confirm you are physically close enough to check in. Never accessed in the background.
Explore history Which points of interest you have visited, their categories, how many times you have visited each one, and when — to track achievements like visiting new categories and returning to the same spots.
Reminders The messages and scheduled times you set — so the app can deliver your notifications at the right time.
Push notification tokens A device token (FCM) per device — so reminders can actually reach your phone.
App preferences Your chosen theme color and timezone offset — so your settings are restored when you reopen the app.
Usage data Page views and in-app events via Firebase Analytics and Google Analytics (GA4) — to understand how the app is used so it can be improved.
Advertising data On Android, the app shows rewarded ads served by Google AdMob. AdMob may collect your device's advertising ID, IP address, and ad interaction data to serve and measure ads. You can opt out of personalized ads at any time in your device settings under Google > Ads.

Third parties

Firebase / Google Authentication, push notifications, and analytics.
Supabase Database storage for your account and app data.
Render Hosts the backend server that processes your requests.
Upstash Redis cache used to speed up food search results.
FatSecret API Food search queries are sent to FatSecret to return nutritional data.
OpenFoodFacts API Barcode scans are sent to OpenFoodFacts to look up product information.
Google AdMob Serves rewarded ads on Android. AdMob may collect device identifiers and ad interaction data to serve and measure ads. See Google's Privacy Policy for details.

Your personal data is never sold to third parties — including for California residents under CCPA. Google AdMob may use your advertising ID for ad personalization, which you can disable in your device settings. Firebase Analytics and Google Analytics (GA4) are used within the app to understand usage patterns — see Google's Privacy Policy for how they handle that data independently.

International data transfers

Our third-party services (including Supabase, Render, Upstash, Firebase, and FatSecret) may process your data on servers located in the United States or other countries outside the EEA. Each of these providers acts as a data processor on our behalf, and where required we have entered into or rely on their standard Data Processing Agreements (DPAs). Supabase and Firebase both offer DPAs that include Standard Contractual Clauses (SCCs) for EEA data transfers. We have reviewed these providers' compliance posture and are satisfied they provide adequate protection.

Cookies and local storage

The web version of Level Up! may use cookies or browser local storage to maintain your login session, remember your theme preference, and store app state between sessions. These are strictly functional — no advertising or tracking cookies are set directly by this app. Google Analytics may set its own cookies; see Google's Privacy Policy for details.

Data retention

Your data is kept for as long as your account is active. If you delete your account, your data is removed from our servers within 30 days. Leaderboard data (username, level, XP, profile picture) is removed from other users' views when your account is deleted. Google Analytics event data is retained for 2 months and user data for 14 months by default, per Google's settings — see their policy for details.

Data breaches

In the event of a data breach that affects your personal data, we will notify affected users promptly and, where required by law, report the breach to the relevant supervisory authority within 72 hours of becoming aware of it.

Legal basis for processing (GDPR)

If you are in the European Economic Area (EEA), we process your data under the following legal bases:

Contract performance Account info, food logs, game progress, reminders, and push notification tokens — necessary to provide the app's core features.
Legitimate interest Usage analytics via Firebase and Google Analytics — to understand how the app is used and improve it. This does not outweigh your privacy rights.
Consent Location data — only accessed while the Explore tab is open and only after you grant permission. You can revoke this at any time in your device settings. Personalized advertising via AdMob — you can opt out at any time in your device settings under Google > Ads.

Age requirement

Level Up! is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child under 13 has provided us with their data, please contact us at n1ch0lasd4k1s@gmail.com and we will delete it promptly.

Your rights

Edit your profile Update your username, profile picture, and goals at any time from the app.
Delete entries Remove individual food logs and reminders from within the app.
Delete your account You can delete your account and all associated data from the account deletion page or by emailing n1ch0lasd4k1s@gmail.com.
Access your data You can request a copy of the personal data we hold about you by emailing n1ch0lasd4k1s@gmail.com.
Data portability You can request your data in a structured, machine-readable format by emailing us.
Object to processing You can object to processing based on legitimate interest at any time. We will stop unless we have compelling grounds to continue.
Withdraw consent Where processing is based on consent (e.g. location), you can withdraw it at any time in your device settings without affecting the lawfulness of prior processing.

If you are in the EEA and believe we are handling your data unlawfully, you have the right to lodge a complaint with your local data protection authority.

Contact

Questions or deletion requests can be sent to n1ch0lasd4k1s@gmail.com.