Privacy Policy

1. Introduction

Welcome to Walko ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our corporate step challenge platform.

By using Walko, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

When you create an account, we collect:

• Email address
• Full name
• Company name and domain
• User role (admin or member)

2.2 Health and Activity Data

Important: We collect step count data, which is considered health-related information under GDPR and other privacy laws. This includes:

• Daily step counts
• Screenshots from fitness tracking apps
• Challenge participation data
• Entry dates and timestamps

2.3 Payment Information

We use Stripe to process payments. We store only:

• Stripe customer ID
• Subscription status and tier
• Billing period information

Note: We do not store credit card numbers. All payment processing is handled securely by Stripe.

2.4 Automatically Collected Information

• IP address
• Browser type and version
• Device information
• Usage data and analytics
• Log files

3. How We Use Your Information

We use your information to:

• Provide and maintain the Walko platform
• Create and manage your account
• Process step challenge submissions
• Generate leaderboards and challenge results
• Process payments and manage subscriptions
• Send administrative communications (e.g., password resets, subscription updates)
• Improve our services and develop new features
• Comply with legal obligations
• Detect and prevent fraud or abuse

4. How We Share Your Information

4.1 Within Your Company

Your step data and leaderboard rankings are visible to other members of your company who participate in the same challenges. Company admins can view all challenge data for their company.

4.2 Third-Party Service Providers

We share information with trusted service providers who help us operate our platform:

• Supabase: Database hosting and authentication (USA)
• Stripe: Payment processing (USA/Europe)
• Google Gemini AI: Screenshot analysis for step counting (USA)
• Cloudflare: CDN and hosting services (Global)

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental request, or to protect our rights and safety.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new owner. We will notify you before your information becomes subject to a different privacy policy.

5. Data Retention

We retain your information for different periods depending on the type:

• Account data: Until you delete your account
• Step data: Until you delete your account or request deletion
• Screenshots: Until you delete your account
• Billing records: 7 years (legal requirement for tax purposes)
• Anonymized analytics: Indefinitely

6. Your Privacy Rights

Under GDPR (for EU users) and other privacy laws, you have the following rights:

To exercise these rights, please contact us at privacy@walko.app

7. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit (TLS/SSL)
• Encryption at rest for database and storage
• Row-level security in our database
• Regular security audits
• Access controls and authentication
• Secure backup systems

Important: No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Deleting Your Account

To delete your account and exercise your Right to be Forgotten under GDPR, please email us at privacy@walko.app with the following information:

We will verify your identity and process your request within 7 business days (up to 30 days as permitted by GDPR). You will receive a confirmation email once completed.

What gets deleted:

• Your personal information will be permanently deleted
• All your step entries will be removed
• Your screenshots will be deleted from our storage
• Your leaderboard entries will be removed
• Your authentication account will be deleted
• Billing records will be anonymized but retained for 7 years (legal requirement for tax compliance)

Important: If you are the last admin of your company, you must either transfer admin rights to another user first or contact us to discuss company account closure.

9. Exporting Your Data

To export all your personal data and exercise your Right to Data Portability under GDPR, please email us at privacy@walko.app with the following information:

We will verify your identity and send your data export within 7 business days (up to 30 days as permitted by GDPR).

Your export will include:

• Profile information (name, email, role)
• All step entries with dates and step counts
• Links to your screenshots
• Challenge participation history
• Company information
• Subscription information (if applicable)
• Statistics (total steps, challenges participated, etc.)

The export will be provided in JSON format (machine-readable) and sent to your registered email address. The download link will be available for 7 days.

10. Children's Privacy

Walko is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@walko.app

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from your country.

When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• EU-US Data Privacy Framework compliance (where applicable)
• Standard contractual clauses approved by the European Commission
• Service providers certified under recognized security standards

12. Cookies and Tracking

We use essential cookies to maintain your session and remember your login. These cookies are necessary for the platform to function and cannot be disabled.

We do not currently use advertising or tracking cookies. If we add analytics or marketing cookies in the future, we will update this policy and obtain your consent where required.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new policy on this page
• Updating the "Last updated" date
• Sending an email notification for significant changes

Your continued use of Walko after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

For EU users, you also have the right to lodge a complaint with your local data protection authority.