PRIVACY POLICY FOR DRILITHON
Last Updated: September 11, 2025
Effective Date: September 11, 2025
==================================================================
1. INTRODUCTION
This Privacy Policy explains how we ("we," "our," or "us") collect, use, process, and protect your personal information when you use the mobile application Drilithon, available on iOS and Android platforms. This app is developed and operated by an independent developer.
App Information:
- App Name: Drilithon
- Package Name: com.oneminuteworkout.omw
- Version: 1.0.0
- Category: Health & Fitness
By downloading, installing, or using our app, you agree to the terms outlined in this Privacy Policy.
==================================================================
2. CONTACT INFORMATION
Data Controller: Tsur Drori (Individual Developer)
Address: Petach Tikva, Israel
Email: tsur@executiai.com
Website: https://www.linkedin.com/in/tsur-drori-a1632127/
For privacy-related inquiries, please contact: tsur@executiai.com
==================================================================
3. INFORMATION WE COLLECT
3.1 ACCOUNT INFORMATION
- Email address (required for account creation)
- Username (chosen by user)
- Full name (optional, for profile display)
- Profile avatar/photo (optional)
- Timezone (automatically detected or user-selected)
3.2 FITNESS AND WORKOUT DATA
- Workout completion records
- Exercise types performed (pushups, jumping jacks, plank, crunches, squats)
- Points earned from workouts
- Workout streaks and achievements
- Workout timestamps and frequency
- Daily, weekly, and all-time performance statistics
3.3 COMPETITIVE AND SOCIAL DATA
- Leaderboard rankings and scores
- Competition participation
- Public profile information (username, avatar)
3.4 ANALYTICS AND USAGE DATA
- App usage patterns and session duration
- Screen views and navigation patterns
- Feature usage statistics
- App performance and crash reports
- Device interaction events
3.5 DEVICE AND TECHNICAL INFORMATION
- Device type, model, and operating system
- App version and build information
- Device identifiers (for analytics purposes)
- Network connection information
- App performance metrics
3.6 AUTHENTICATION DATA
- Google account information (when using Google Sign-In)
- Authentication tokens and session data
- OAuth provider information
3.7 PAYMENT INFORMATION (FUTURE FEATURE)
- Subscription status and preferences
- Payment processing information (handled by RevenueCat)
- Purchase history and billing records
==================================================================
4. HOW WE COLLECT INFORMATION
4.1 DIRECT COLLECTION
- Information you provide when creating an account
- Data entered during app usage and workouts
- Profile information and preferences you set
4.2 AUTOMATIC COLLECTION
- Usage analytics and app interaction data
- Device and technical information
- Performance and error logging data
4.3 THIRD-PARTY SERVICES
- Google Sign-In authentication data
- Analytics service providers
- Cloud database services (Supabase)
==================================================================
5. LEGAL BASIS FOR PROCESSING (GDPR)
We process your personal data under the following legal bases:
5.1 CONTRACT PERFORMANCE
- Providing core app functionality
- Managing your account and profile
- Processing workout data and maintaining streaks
5.2 LEGITIMATE INTEREST
- App analytics and performance monitoring
- Security and fraud prevention
- Product development and improvement
5.3 CONSENT
- Marketing communications (where applicable)
- Optional data sharing features
- Non-essential analytics
5.4 LEGAL OBLIGATION
- Compliance with applicable laws
- Response to legal requests
==================================================================
6. HOW WE USE YOUR INFORMATION
6.1 CORE APP FUNCTIONALITY
- Create and manage your user account
- Record and track workout progress
- Calculate points, streaks, and achievements
- Generate personalized fitness insights
- Maintain leaderboard rankings
6.2 USER EXPERIENCE
- Personalize app content and recommendations
- Provide competitive features and rankings
- Enable social sharing of achievements
- Optimize app performance and usability
6.3 ANALYTICS AND IMPROVEMENT
- Analyze app usage patterns and trends
- Monitor app performance and reliability
- Identify and fix technical issues
- Develop new features and improvements
6.4 COMMUNICATION
- Send important account and service updates
- Provide customer support assistance
- Notify about app updates and new features
6.5 LEGAL AND SECURITY
- Protect against fraud and abuse
- Comply with legal obligations
- Enforce our terms of service
==================================================================
7. INFORMATION SHARING AND DISCLOSURE
7.1 PUBLIC INFORMATION
- Leaderboard displays (username, avatar, scores)
- Public profile information you choose to share
- Competitive rankings and achievements
7.2 SERVICE PROVIDERS
We share data with third-party service providers who assist in app operation:
- Supabase (Database and Backend Services)
Purpose: Data storage, user authentication, real-time updates
Data: Account info, workout data, app usage
Location: United States
Website: supabase.com
- RevenueCat (Subscription Management) [FUTURE FEATURE, not yet implemented]
Purpose: Payment processing and subscription management
Data: Subscription status, purchase information
Location: United States
Website: revenuecat.com
- Google (Authentication Services)
Purpose: User authentication via Google Sign-In
Data: Google account information, authentication tokens
Location: United States
Website: google.com
7.3 LEGAL REQUIREMENTS
We may disclose information when required by law, including:
- Response to legal process or government requests
- Protection of our rights and property
- Prevention of fraud or illegal activity
- Public safety or security concerns
7.4 BUSINESS TRANSFERS
In case of merger, acquisition, or sale of assets, user information may be transferred as part of the business transaction.
==================================================================
8. DATA SECURITY
We implement appropriate technical and organizational security measures:
8.1 TECHNICAL SAFEGUARDS
- Encryption of data in transit and at rest
- Secure database configurations and access controls
- Regular security updates and vulnerability assessments
- Secure authentication and session management
8.2 ACCESS CONTROLS
- Limited access to personal data on need-to-know basis
- Employee training on data protection requirements
- Regular review of access permissions
8.3 INCIDENT RESPONSE
- Monitoring for security breaches and unauthorized access
- Incident response procedures for data breaches
- Prompt notification of affected users and authorities when required
==================================================================
9. DATA RETENTION
We retain personal information for as long as necessary to provide services and comply with legal obligations:
9.1 ACCOUNT DATA
- Retained while account is active
- Deleted within 30 days of account deletion request
- Some data may be retained for legal compliance
9.2 WORKOUT AND FITNESS DATA
- Retained to maintain historical records and achievements
- Anonymized data may be retained for analytics purposes
9.3 ANALYTICS DATA
- Typically retained for 24-36 months
- Aggregated data may be retained indefinitely
==================================================================
10. INTERNATIONAL DATA TRANSFERS
Your information may be transferred to and processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place:
- Standard Contractual Clauses (EU)
- Adequacy decisions by relevant authorities
- Other lawful transfer mechanisms as available
==================================================================
11. YOUR PRIVACY RIGHTS
11.1 GDPR RIGHTS (EU USERS)
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Rights related to automated decision-making
11.2 CCPA RIGHTS (CALIFORNIA RESIDENTS)
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale of personal information
- Right to non-discrimination for exercising privacy rights
11.3 GENERAL RIGHTS (ALL USERS)
- Update your profile and account information
- Delete your account and associated data
- Control privacy settings within the app
- Contact us with privacy concerns
To exercise these rights, contact us at: tsur@executiai.com
==================================================================
12. CHILDREN'S PRIVACY (COPPA COMPLIANCE)
Our app is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13 years of age.
12.1 AGE VERIFICATION
- Users must confirm they are 13 or older to create an account
- We do not request age-specific information from users
12.2 PARENTAL CONCERNS
If you believe a child under 13 has provided personal information to us:
- Contact us immediately at tsur@executiai.com
- We will investigate and delete the information if confirmed
12.3 2025 COPPA UPDATES
In compliance with COPPA amendments effective June 23, 2025:
- Enhanced protection for children's personal information
- Stricter requirements for parental consent mechanisms
- Updated disclosure requirements for third-party data sharing
==================================================================
13. COOKIES AND TRACKING TECHNOLOGIES
Our app may use local storage and similar technologies:
13.1 LOCAL STORAGE
- Session data for app functionality
- User preferences and settings
- Offline data synchronization
13.2 ANALYTICS TRACKING
- App usage patterns and performance metrics
- Aggregated user behavior analysis
- Crash reporting and error tracking
13.3 AUTHENTICATION TOKENS
- Secure session management
- OAuth authentication data
- Single sign-on functionality
==================================================================
14. CALIFORNIA PRIVACY DISCLOSURES
For California residents under the California Consumer Privacy Act (CCPA):
14.1 CATEGORIES OF INFORMATION COLLECTED
- Identifiers: Email, username, device IDs
- Personal information: Name, profile data
- Internet activity: App usage, interactions
- Geolocation: Timezone information
- Commercial information: Subscription data (future)
14.2 BUSINESS PURPOSES
- Service provision and account management
- Security and fraud prevention
- Analytics and service improvement
- Customer support and communications
14.3 THIRD-PARTY SHARING
We do not sell personal information to third parties. We share information with service providers as described in Section 7.
14.4 YOUR CCPA RIGHTS
- Request disclosure of information categories and specific pieces
- Request deletion of personal information
- Opt-out of future sales (though we don't sell data)
- Non-discrimination for exercising rights
==================================================================
15. AUTOMATED DECISION-MAKING
We may use automated systems for:
15.1 PERSONALIZATION
- Workout recommendations based on history
- Achievement and milestone calculations
- Leaderboard ranking determinations
15.2 SECURITY
- Fraud detection and prevention
- Spam and abuse protection
- Account security monitoring
You have the right to request human review of automated decisions that significantly affect you.
==================================================================
16. DATA BREACH NOTIFICATION
In case of a data breach affecting your personal information:
16.1 USER NOTIFICATION
- We will notify affected users within 72 hours when feasible
- Notification will include nature of breach and recommended actions
- Updates will be provided as investigation progresses
16.2 AUTHORITY NOTIFICATION
- Relevant data protection authorities will be notified as required
- Cooperation with regulatory investigations and requirements
==================================================================
17. CHANGES TO THIS PRIVACY POLICY
17.1 UPDATES
We may update this Privacy Policy periodically to reflect:
- Changes in our data practices
- Updates to applicable laws and regulations
- New features or services offered
- User feedback and best practices
17.2 NOTIFICATION
- Users will be notified of material changes via app notification
- Updated policy will be posted with new effective date
- Continued use of the app constitutes acceptance of changes
17.3 VERSION HISTORY
- Previous versions available upon request
- Material changes will be highlighted in notifications
==================================================================
18. THIRD-PARTY SERVICES AND LINKS
Our app may contain links to or integrate with third-party services:
18.1 THIRD-PARTY PRIVACY POLICIES
- Google Services: policies.google.com/privacy
- Supabase: supabase.com/privacy
- RevenueCat: revenuecat.com/privacy (future integration)
18.2 OUR RESPONSIBILITY
- We are not responsible for third-party privacy practices
- Review third-party policies before using their services
- Report concerns about third-party services to us
==================================================================
19. REGIONAL SPECIFIC INFORMATION
19.1 EUROPEAN UNION USERS
- As an individual developer, no Data Protection Officer is required
- Right to lodge complaints with supervisory authorities
- Transfer mechanisms for data outside EU/EEA
19.2 UNITED KINGDOM USERS
- UK GDPR compliance measures
- Information Commissioner's Office (ICO) complaint procedures
- Post-Brexit data protection requirements
19.3 OTHER JURISDICTIONS
- Compliance with local data protection laws as applicable
- Specific rights and procedures as required by regional regulations
==================================================================
20. FREQUENTLY ASKED QUESTIONS
20.1 HOW LONG IS MY DATA STORED?
Account data is retained while your account is active and for 30 days after deletion. Workout data may be retained longer for historical records. see Delete Account Request page for more details.
20.2 CAN I USE THE APP WITHOUT PROVIDING DATA?
Basic functionality requires account creation with email. You can minimize data sharing through privacy settings.
20.3 HOW SECURE IS MY FITNESS DATA?
We use industry-standard encryption and security measures. However, no system is 100% secure.
20.4 CAN I DELETE SPECIFIC WORKOUTS?
Currently, individual workout deletion is not supported. You can request full account deletion. see Delete Account Request page for more details
20.5 IS MY LOCATION TRACKED?
We collect timezone information for accurate date calculations but do not track precise location.
==================================================================
This Privacy Policy is effective as of September 11, 2025. Your continued use of Drilithon constitutes acceptance of this policy and any future updates.
For questions, concerns, or to exercise your privacy rights, contact me at:
tsur@executiai.com
Tsur Drori - Independent Developer
Petach Tikva, Israel