Privacy Policy

This Privacy Policy explains how Wyreframe Labs Private Limited (“Wyreframe Labs”, “GFN”, “we”, “us”, or “our”) collects, uses, shares, and protects information about you when you use the GFN mobile application (the “App”) and the website at gfn.app(together, the “Service”).

We are based in Bangalore, India. We have written this policy to be clear and human-readable, and to meet our obligations under India’s Digital Personal Data Protection Act, 2023 (the “DPDP Act”), the EU and UK General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA/CPRA”), and the privacy requirements of the Apple App Store and Google Play.

The short version. GFN turns walking into a global leaderboard. To do that, we need your step count, a username, and a rough idea of where you are in the world. We do not sell your personal data. We do not show third-party advertising inside the App. You can delete your account and your data at any time.

Contents

Who we are
Information we collect
How we use your information
Health & fitness data
Location information
Contacts & finding friends
How we share information
International data transfers
Data retention
Your rights
Account deletion
Children
Security
Cookies & analytics
Changes to this policy
Grievance officer & contact

1. Who we are

The data controller for the Service is Wyreframe Labs Private Limited, a company incorporated in India and registered in Bangalore, Karnataka. References in this policy to “we” mean Wyreframe Labs Private Limited.

2. Information we collect

2.1 Information you provide

Account details — your phone number (used for one-time-password sign-in), username, display name, and optional profile photo.
Profile information — anything you choose to add to your profile, including bio, country, and connected social handles.
Club content — clubs you create or join, posts and comments you publish in clubs, and join requests you send.
Support correspondence — messages you send us by email or via in-app feedback.

2.2 Information collected automatically

Step and activity data — daily step counts and related activity metrics, read from Apple HealthKit (iOS) or Google Health Connect (Android) only after you grant permission. See Section 4 for details.
Approximate location— derived from your device’s location services, used to detect your current city for city, country, and global leaderboards. See Section 5 for details.
Device and technical data — device model, operating system version, App version, language, time zone, IP address, and crash logs.
Usage data — which screens you view and which features you use, in aggregate form.

2.3 Information from other sources

Contacts— only if you choose to enable the “Find friends” feature. See Section 6.
Marketing attribution — if you arrived from a marketing campaign, our advertising partners may share an identifier so we can measure campaign effectiveness.

3. How we use your information

We use your information to:

create and operate your account, including secure sign-in;
calculate and display leaderboards (between friends, your city, your country, and the world) and award tier badges based on your activity;
let you create clubs, post in clubs, follow friends, and discover other users;
send transactional notifications (for example, a join request was accepted) and, only with your consent, marketing messages;
detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms of Service — including detecting fake or manipulated step counts;
measure how our App is used so we can fix bugs and improve features;
comply with our legal obligations.

Legal bases (GDPR/UK GDPR). We process your personal data on the basis of (i) performance of our contract with you to deliver the Service; (ii) your consent, where required (for example, for HealthKit/Health Connect access, contacts access, marketing notifications, and certain analytics); (iii) our legitimate interests in operating, securing, and improving the Service, where those interests are not overridden by your rights; and (iv) compliance with legal obligations.

Lawful purposes (DPDP Act). We process personal data for the specified purposes set out above, on the basis of your consent or a legitimate use permitted by the DPDP Act, including the provision of services you have requested.

4. Health & fitness data

GFN is a fitness app. With your permission, we read your daily step count from Apple HealthKit on iOS or Google Health Connect on Android. We treat this as sensitive personal data and apply additional protections:

We only request the specific permissions we need — primarily steps, and where applicable, distance and active energy.
We neveruse HealthKit data for advertising or share it with advertising partners. This is also a requirement of Apple’s HealthKit framework.
You can revoke health permissions at any time from your device’s system settings (Settings → Privacy & Security → Health on iOS; Settings → Apps → Health Connect on Android).
Step totals are stored on our servers so we can compute leaderboards across days and surface them to other users in the form of rankings and aggregated totals (for example, “your city walked X million steps today”).

5. Location information

GFN uses your approximate location to determine which city, country, and regional leaderboards you appear on. We do not track or store your precise GPS trail.

Your city is auto-detected from a coarse location reading and a reverse-geocoding lookup. You cannot manually edit your city — this is intentional, to keep leaderboards honest.
If you travel, your active city updates dynamically. Your record as a founder or founding member of a previous city remains tied to that city forever.
You can revoke location permission at any time from your device’s system settings. If you do, leaderboards that depend on a city will show as unavailable.

6. Contacts & finding friends

The “Find friends” feature is optional. If you enable it, we read your device contacts solely to check which of them are already on GFN so we can suggest friends to you.

We hash phone numbers before sending them to our servers and we discard contacts that do not match an existing GFN user.
We do not contact, market to, or otherwise message people in your contact list who are not GFN users.
You can disable contacts access at any time from your device’s system settings.

7. How we share information

We share personal data only as described below.

Other GFN users. Your username, profile photo, tier badge, and step-based ranking are visible to other users by design — that is the point of a leaderboard. You can set an alias and configure profile privacy in Settings.
Service providers (data processors). We use trusted vendors who process personal data on our behalf and only on our instructions. These currently include:
- Supabase — our database, authentication, and storage backend (data hosted in the European Union);
- Google Firebase & Google Ads — solely for measuring marketing campaigns and acquisition analytics;
- Twilio (or equivalent) — to deliver one-time passwords by SMS;
- Apple Push Notification service / Firebase Cloud Messaging — to deliver push notifications;
- Sentry or equivalent — to receive crash reports.
Legal and safety. We may disclose information to law enforcement, regulators, or other parties if required by law, in response to valid legal process, or where we believe in good faith it is necessary to protect the rights, property, or safety of GFN, our users, or the public.
Business transfers. If Wyreframe Labs is involved in a merger, acquisition, financing, or sale of assets, personal data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

We do not sell your personal dataand we do not “share” it for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA.

8. International data transfers

Wyreframe Labs is based in India. Our service providers may process your data in the European Union, the United States, and other jurisdictions. Where we transfer personal data out of the European Economic Area, the United Kingdom, or other regulated jurisdictions, we rely on appropriate safeguards — including the European Commission’s Standard Contractual Clauses — to protect that data.

9. Data retention

We keep personal data only for as long as we need it for the purposes described in this policy:

Account data is kept for as long as your account is active.
Step and activity history is kept for as long as your account is active so we can show your historical performance and tier progression.
Crash logs and security logs are kept for up to 90 days.
When you delete your account, we delete or anonymise your personal data within 30 days, except where we are legally required to retain it (for example, fraud or security records).

10. Your rights

Subject to applicable law, you have the right to:

access the personal data we hold about you;
correct personal data that is inaccurate or incomplete;
deleteyour personal data (the “right to be forgotten”);
port your personal data to another service;
object to or restrict certain processing, including direct marketing;
withdraw consent at any time, where we rely on consent;
nominate another person to exercise these rights on your behalf in the event of your death or incapacity (DPDP Act);
lodge a complaint with a supervisory authority — for example, the Data Protection Board of India under the DPDP Act, your local EU/UK data protection authority, or the California Privacy Protection Agency.

To exercise any of these rights, write to hello@prtcl10.com. We will respond within the timeframes required by applicable law.

11. Account deletion

You can delete your GFN account at any time from Settings → Account → Delete accountinside the App. This permanently removes your profile, your posts, and your activity history. Some content you contributed to public clubs may remain visible in anonymised form (for example, “former member”).

If you cannot access the App, email hello@prtcl10.com from the address tied to your account and we will process the deletion within 30 days.

12. Children

GFN is not directed to children under the age of 13, and we do not knowingly collect personal data from children under 13. In jurisdictions where the age of digital consent is higher (for instance, certain EU member states and India under the DPDP Act, where users under 18 are treated as children), we require verifiable parental consent before processing the personal data of a child. If you believe a child has provided us with personal data without the appropriate consent, please contact us and we will delete it.

13. Security

We use industry-standard technical and organisational measures to protect personal data, including encryption in transit (TLS), encryption at rest, role-based access controls, audit logging, and regular security reviews. No system is perfectly secure; if we ever learn of a security breach that affects your personal data, we will notify you and the relevant regulators in accordance with applicable law.

14. Cookies & analytics

Our website uses a small number of strictly necessary cookies and privacy-friendly analytics to understand which pages people visit. We do not use third-party advertising cookies on the website. The mobile App does not use cookies; it uses standard mobile SDKs from Apple, Google, and Supabase to provide its functionality.

15. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Effective” date at the top and, where required by law, notify you in the App or by email before the changes take effect. Continued use of the Service after the effective date means you accept the updated policy.

16. Grievance officer & contact

Under India’s Information Technology Rules, we are required to designate a Grievance Officer to address user complaints. You can contact our Grievance Officer at hello@prtcl10.com.

For all other privacy questions, you can reach us at the same address or by post:

Wyreframe Labs Private Limited
Bangalore, Karnataka, India
Email: hello@prtcl10.com