Privacy Policy

Last Updated: December 2025

1. Introduction

Welcome to Wette ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a safe experience on our platform. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application and website (the "Service").

2. Information We Collect

We collect information you provide directly to us and information collected automatically:

  • Account Information: When you create an account, we collect your email address, username, and profile picture.
  • User Content: We collect photos and videos you upload to verify your habits and challenges.
  • Usage Data: We collect data on your interactions with the Service, such as challenge history, friends lists, and app preferences.
  • Device Information: We automatically collect device identifiers, operating system version, app version, device type, and unique device identifiers to ensure compatibility and improve our Service.
  • Camera and Microphone: We access your device's camera and microphone only when you explicitly grant permission to record proof videos or take photos for challenge verification. We do not access these features in the background.
  • Location Data: For running challenges, we may collect location data if you grant permission. This data is used solely to verify running activities and is not used for tracking or advertising purposes. You can disable location services at any time in your device settings.

3. AI Image Analysis

Our Service uses Artificial Intelligence (AI) to verify your habit completions. Specifically, we use OpenAI's Vision API to analyze user-uploaded images.

  • Processing: When you submit a photo for verification, it is securely transmitted to OpenAI for analysis. The AI analyzes the image to detect specific objects or environments (e.g., gym equipment) to verify your activity.
  • Data Handling: OpenAI processes these images to provide the analysis service. According to OpenAI's policies, data sent via their API is not used to train their models by default, and images are not permanently stored by them after processing.
  • No Biometrics: We do not use the AI to identify individuals or extract biometric data. The analysis is strictly limited to verifying the context of the image (e.g., "Is this a gym?").

4. How We Use Your Information

We use the collected information to:

  • Provide and maintain the Service.
  • Verify your challenge progress using AI analysis.
  • Facilitate social interactions between you and your friends.
  • Send you technical notices, updates, and support messages.

5. Data Sharing and Disclosure

We do not sell your personal data. We differ from ad-supported platforms; our model is built on user utility. We may share detailed data only in the following limited circumstances:

  • Service Providers: With third-party vendors (like OpenAI for image analysis and Supabase for database hosting) who need access to such information to carry out work on our behalf.
  • Legal Requirements: If required to do so by law or in response to valid requests by public authorities.

6. Your Rights

You have the right to access, correct, or delete your personal information. You can delete your account and all associated data directly within the app settings at any time. Upon deletion, your personal information is removed from our active databases.

  • Access: You can access your personal data through your account settings.
  • Correction: You can update your profile information at any time through the app settings.
  • Deletion: You can delete your account and all associated data through the app settings. Deletion is permanent and cannot be undone.
  • Data Portability: You have the right to receive a copy of your personal data in a structured, commonly used format. To request your data export, please contact us at hello@supering.io with the subject line "Data Export Request."

7. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

  • Active Accounts: We retain your data while your account is active and for up to 30 days after account deletion to allow for account recovery.
  • Challenge Data: Challenge history and verification images are retained for the duration of the challenge and up to 90 days after challenge completion for dispute resolution purposes.
  • Legal Requirements: We may retain certain information as required by law or for legitimate business purposes, such as fraud prevention or compliance with legal obligations.
  • Automatic Deletion: After the retention period expires, your data is automatically deleted from our active databases. Some anonymized or aggregated data may be retained for analytics purposes.

8. Cookies and Tracking Technologies

Our Service uses minimal tracking technologies:

  • Essential Cookies: We use essential cookies and local storage to maintain your session, remember your preferences, and ensure the Service functions properly.
  • Analytics: We may use analytics tools to understand how users interact with our Service. This data is aggregated and anonymized.
  • No Advertising Tracking: We do not use cookies or tracking technologies for advertising purposes. We do not sell your data to advertisers.
  • Managing Cookies: You can manage cookie preferences through your device or browser settings. Note that disabling essential cookies may affect Service functionality.

9. Data Security

We implement industry-standard security measures to protect your personal information:

  • Encryption: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security) encryption.
  • Secure Storage: Your data is stored on secure servers provided by Supabase, which implements robust security measures including encryption at rest.
  • Access Controls: We limit access to your personal information to authorized personnel who need it to provide the Service. All access is logged and monitored.
  • Authentication: We use secure authentication methods, including password hashing and secure session management.
  • Regular Security Audits: We conduct regular security assessments and updates to protect against vulnerabilities.

Despite our efforts, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence:

  • Supabase: Our database and storage services are provided by Supabase, which may store data in various regions. Supabase complies with applicable data protection laws and provides data residency options.
  • OpenAI: Images sent for AI verification are processed by OpenAI, which may process data in the United States. OpenAI has committed to not using API data for training models by default.
  • Safeguards: We ensure that appropriate safeguards are in place for international data transfers, including standard contractual clauses and compliance with applicable data protection laws.

11. Children's Privacy

Our Service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16.

  • Age Requirement: You must be at least 16 years old to use our Service. If you are between 16 and 18, you represent that you have your parent's or guardian's permission to use the Service.
  • COPPA Compliance: We comply with the Children's Online Privacy Protection Act (COPPA). If we learn that we have collected personal information from a child under 16, we will delete that information immediately.
  • Parental Rights: If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@supering.io.

12. Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

  • Notification: Notify affected users within 72 hours of becoming aware of the breach, where feasible and as required by applicable law.
  • Information Provided: Our notification will include a description of the breach, the types of information affected, steps we are taking to address the breach, and recommendations for protecting your information.
  • Regulatory Reporting: We will report breaches to relevant data protection authorities as required by applicable law.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You have the right to request information about the categories and specific pieces of personal information we collect, use, and disclose.
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out: We do not sell your personal information. If we were to sell personal information in the future, you would have the right to opt-out.
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
  • Exercising Your Rights: To exercise your CCPA rights, please contact us at hello@supering.io with the subject line "CCPA Request."

14. EU/UK Privacy Rights (GDPR)

If you are located in the European Union or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process your personal data based on your consent, contract performance, legal obligations, and legitimate interests.
  • Right to Access: You have the right to access your personal data and receive information about how it is processed.
  • Right to Rectification: You have the right to correct inaccurate or incomplete personal data.
  • Right to Erasure: You have the right to request deletion of your personal data under certain circumstances.
  • Right to Restrict Processing: You have the right to restrict how we process your personal data in certain situations.
  • Right to Data Portability: You have the right to receive your personal data in a structured, machine-readable format.
  • Right to Object: You have the right to object to processing of your personal data based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority.

To exercise your GDPR rights, please contact us at hello@supering.io.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

  • Notification: We will notify you of material changes by posting the updated Privacy Policy on this page and updating the "Last Updated" date.
  • Material Changes: For material changes, we will provide additional notice through the app or via email, where appropriate.
  • Continued Use: Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.
  • Review: We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: hello@supering.io
  • Subject Lines: Please use specific subject lines for faster processing:
  • Privacy Inquiry - for general privacy questions
  • Data Export Request - to request your data
  • CCPA Request - for California privacy rights
  • GDPR Request - for EU/UK privacy rights