Privacy Policy

Effective June 13, 2026

This Privacy Policy explains how Strut ("Strut," "we," "us," or "our") collects, uses, stores, and shares information when you use the Strut mobile app and related services (the "Service"). Strut is operated by an individual developer based in the United States. By using Strut, you agree to the practices described here.

Strut helps you build a daily walking habit by letting you block distracting apps until you hit your step goal, and by competing and connecting with friends. Some of these features — accounts, friends, leaderboards, challenges, and notifications — require us to store and process data on servers. This policy describes exactly what that involves.

We never sell your personal data, and we never use your health or fitness data for advertising or any form of data mining.

Who Is Responsible for Your Data

The Strut developer is the "data controller" for the purposes of the EU/UK General Data Protection Regulation (GDPR) and the equivalent "business" under the California Consumer Privacy Act (CCPA/CPRA). You can reach us using the contact details at the bottom of this policy.

Information We Collect

Account & profile information

When you create a Strut account, we collect and store:

Health & fitness data

With your permission, Strut reads your step count from Apple HealthKit. We use it to track progress toward your daily goal, power your streaks, and — if you use social features — to keep your leaderboards and challenges up to date. To make streaks, leaderboards, and challenges work across sessions and between friends, your daily and weekly step totals and whether you met your goal are stored on our servers, associated with your account.

Social & activity data

If you use Strut's social features, we store the data needed to make them work: your friends list, friend requests you send and receive, "nudges" you send or receive, and the challenges you create, join, and your progress within them.

Contacts (optional)

If you choose to find friends from your contacts, Strut accesses your device contacts only to match the email addresses of people you know against existing Strut accounts, so you can connect with them. This happens only when you initiate it. We do not upload, store, or build a database of your contacts.

Notifications & device token

If you enable notifications, we store a push notification token from Apple Push Notification service so we can deliver reminders and social alerts (for example, when a friend nudges you or invites you to a challenge). You can disable notifications at any time in iOS Settings.

Subscription status

In-app purchases and subscriptions are processed entirely by Apple through StoreKit. We never receive or store your payment card or billing information. We store only which subscription products are active on your account so we can unlock premium features.

Usage analytics

We use Google Firebase Analytics to understand how the app is used and to improve it — for example, which onboarding steps people complete, when goals are met, and which features are used. These events are tied to an analytics identifier and may include coarse, non-precise information. We do not collect your precise location, and Strut does not use the Advertising Identifier (IDFA) or any cross-app/web tracking.

Stored on your device only

Some information never leaves your device: the specific apps you select to block (handled by Apple's Screen Time / Family Controls framework as opaque, OS-managed tokens that even we cannot read), and certain local preferences and caches stored using Apple's UserDefaults and Keychain.

How We Use Your Information

Service Providers We Share Data With

We do not sell your data. We share it only with the infrastructure providers that operate the Service on our behalf, and only as needed to run Strut:

ProviderPurposeData involved
Google Firebase (Google LLC)Authentication, database (Firestore), cloud functions, push messaging, and analyticsAccount, profile, health/activity totals, social graph, device token, usage events
Apple Inc.Sign in with Apple, App Store purchases (StoreKit), HealthKit, and push delivery (APNs)Authentication, subscription status, device token
Google (Google Sign-In)Optional sign-in methodEmail and basic profile from your Google account

These providers process data under their own privacy and security commitments. We encourage you to review Firebase's privacy information and Apple's Privacy Policy.

What We Do NOT Collect

Data Retention

We keep your account and associated data for as long as your account is active. Daily step history is retained to power your streaks and history views. When you delete your account (see below), we delete your profile, step history, social graph, and pending requests. Aggregated or anonymized analytics that cannot identify you may be retained.

Deleting Your Account and Data

You can delete your account at any time from Profile > Settings > Delete Account inside the app. This permanently removes your profile, your stored step history, your friend connections, and your pending friend requests, and deletes your authentication record. This action cannot be undone. If you need help, contact us using the details below.

Your Privacy Rights

Depending on where you live, you may have the right to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent. California residents have rights under the CCPA/CPRA, including the right to know, delete, and opt out of "sale" or "sharing" (note: we do not sell or share your data for cross-context behavioral advertising). To exercise any of these rights, use the in-app account deletion tool or contact us. We will not discriminate against you for exercising your rights.

Legal Bases for Processing (EEA/UK)

Where GDPR applies, we process your data on the following bases: performance of a contract (to provide the features you sign up for), consent (for HealthKit access, contacts access, and notifications, which you grant through iOS permission prompts and can revoke), legitimate interests (to secure, maintain, and improve the Service), and legal obligation where applicable.

Data Security

Data in transit is encrypted using industry-standard TLS. Access to your stored data is restricted by server-side security rules so that, in general, only you and the friends you connect with can access the data relevant to your shared features. Sensitive on-device values are stored in the iOS Keychain. No method of transmission or storage is 100% secure, but we work to protect your information using reasonable safeguards.

International Data Transfers

Our service providers (Google and Apple) may process and store data in the United States and other countries. Where required, these transfers are governed by appropriate safeguards such as Standard Contractual Clauses.

Children's Privacy

Strut is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, please contact us and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, notify you in the app. Your continued use of Strut after changes take effect constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or how Strut handles your data, contact us at hello@getstrut.app.