Privacy Policy for PicklePulse dApp

1. Information We Collect

PicklePulse collects information to provide and improve our services, offering you a personalized and secure experience. We collect two main types of data:

a) On-Chain Data (Public & Immutable on Solana Blockchain):

This data is directly recorded on the Solana blockchain and is inherently public, transparent, and immutable. It includes:

• Performance Milestones: Verifiable records of significant achievements or progress within the app.
• Points Earned: Summaries of points accumulated from calories burned, verified on-chain.
• Duel Outcomes: Results of head-to-head competitions, including winner identification.
• Cryptocurrency Wagers: Details of SOL or USDC wagers placed and distributed in Duel Mode.
• User Wallet Addresses: Your Solana wallet address, necessary for on-chain interactions and transactions.

b) Off-Chain Data (Stored Securely on Backend Systems):

This data is stored on our secure backend systems (Firestore) and is not publicly accessible on the blockchain. It includes:

• Authentication Data: Information provided by Privy for social logins (e.g., Google, Apple IDs) or derived from your Solana wallet connection, used solely for authentication purposes. This typically includes a unique user ID and basic profile information (e.g., username, email if provided by social login).
• Detailed Workout Data: Granular data synced from your connected health platforms:
  • From Android's Health Connect: Duration of activity, estimated calories burned, heart rate data, step counts, and other relevant activity metrics, with your explicit permission.
  • From Apple Health: Duration of activity, active energy burned, heart rate data, step counts, and other relevant activity metrics.
• App Usage Data: Information about how you interact with the dApp, such as features used, session duration, and preferences. This helps us improve the user experience.

2. How We Collect Your Information

• Directly from You: When you connect your Solana wallet or log in via social accounts using Privy.
• From Health Platforms (with your consent): When you explicitly grant the PicklePulse mobile application permission to access your device's health data (e.g., via Health Connect on Android or Apple Health on iOS). This data is then securely sent to our backend.
• Through dApp Interaction: As you use PicklePulse, certain interactions (e.g., completing a duel, achieving a milestone) trigger the recording of on-chain data.

3. How We Use Your Information

We use the collected information for the following purposes:

• To Provide and Maintain PicklePulse: Delivering the core functionalities of the dApp, including performance tracking, point calculation, and duel management.
• To Enable Duel Mode: Facilitating head-to-head competitions, managing wagers, and distributing prizes securely via smart contracts.
• To Personalize Your Experience: Providing personalized insights, dashboards, and visualizations of your pickleball performance.
• To Improve and Optimize PicklePulse: Analyzing usage patterns and feedback to enhance existing features and develop new ones.
• For Security and Fraud Prevention: Protecting the integrity of the dApp, preventing unauthorized access, and ensuring fair play in Duel Mode.
• For Compliance: Fulfilling legal obligations and enforcing our terms of service.

4. Data Storage and Security

• On-Chain Data: Stored permanently and immutably on the Solana blockchain. While transparent, the data is pseudonymous (linked to your wallet address, not directly to your real-world identity unless you choose to link it).
• Off-Chain Data: Stored securely in Firestore, a NoSQL database provided by Google Cloud. Firestore employs robust security measures, including encryption at rest and in transit. Our backend services are deployed on Google Cloud Platform (GCP), leveraging its security infrastructure.
• Health Data: We implement strict access controls and encryption for all health data synced from your device's health platform (Health Connect or Apple Health). We only request the minimum necessary permissions to provide the dApp's features.
• Privy: Privy handles the secure management of your authentication credentials, ensuring your social and wallet logins are protected.

5. Data Sharing and Disclosure

We are committed to protecting your privacy. We do not sell your personal data to third parties for marketing purposes.

On-Chain Data:

As blockchain data is public by design, any information recorded on the Solana blockchain (e.g., wallet address, duel results, points, wager details) will be publicly visible and accessible by anyone.

Off-Chain Data:

• Service Providers: We may share off-chain data with trusted third-party service providers (e.g., cloud hosting providers, analytics services if implemented) who assist us in operating PicklePulse. These providers are contractually obligated to protect your data and use it only for the purposes for which we disclose it to them.
• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).
• Business Transfers: In the event of a merger, acquisition, or asset sale, your personal data may be transferred as part of the transaction. We will notify you before your personal data is transferred and becomes subject to a different Privacy Policy.

6. Your Data Rights

You have certain rights regarding your off-chain data:

• Access: You can request access to the off-chain personal data we hold about you.
• Rectification: You can request that we correct any inaccurate or incomplete off-chain data.
• Erasure (Right to be Forgotten): You can request the deletion of your off-chain data. Please note that on-chain data, by its nature, cannot be deleted.
• Withdraw Consent: You can withdraw your consent for PicklePulse to access your health data at any time through your device's health app settings (e.g., in Health Connect or Apple Health).
• Data Portability: You may request to receive your off-chain data in a structured, commonly used, and machine-readable format.

To exercise these rights, please contact us using the information provided in the "Contact Us" section below.

7. Third-Party Services

PicklePulse integrates with and relies on several third-party services:

• Solana Blockchain: The underlying decentralized network.
• Privy: For user authentication (social logins and wallet connections).
• Health Connect (on Android): For syncing health data from Android devices.
• Apple Health (on iOS): For syncing health data from iOS devices.
• Firestore (Google Cloud): For off-chain data storage.

Please review the privacy policies of these third-party services to understand their data practices.

8. Children's Privacy

PicklePulse is not intended for use by individuals under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information from our servers.

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.