Privacy Policy

We collect only what is necessary to provide the Service:

• Phone number. Used to authenticate you via one-time passcode (OTP).
• Name. Optional display name you choose to set in the app.
• Location. Used only when you have an active event registration. Your device monitors a geofence around the event venue to automatically start a Live Activity when you arrive. Location data is processed on-device and is not stored on our servers.
• Device push token. Used to deliver session reminders and event announcements to your device.
• Event registrations. Records of which track events you have registered for and which run group you selected.
• Crash and performance data. Anonymised diagnostic information collected via Sentry to help us identify and fix bugs. This data is not linked to your identity.

• To authenticate you and maintain your session.
• To show you the schedule and session reminders for events you are registered for.
• To send push notifications about session timing and organiser announcements.
• To send SMS messages for urgent announcements, only if you have opted in to SMS notifications in the app settings.
• To detect venue arrival and start a Live Activity on your device.
• To improve the reliability and performance of the Service.

We do not use your data for advertising, do not build profiles for third-party marketing, and do not sell your personal information to anyone.

We share limited data with the following third parties solely to operate the Service:

• Twilio. Your phone number is shared with Twilio to deliver OTP verification codes and, if you opt in, SMS announcements from event organizers. Twilio's privacy policy is available at twilio.com/legal/privacy.
• Apple Push Notification service (APNs). Your device push token is used to route notifications through Apple's infrastructure.
• Sentry. Anonymised crash and performance data is sent to Sentry for error monitoring. No personally identifiable information is included.

We retain your account data for as long as your account is active. You may delete your account at any time from the Settings screen in the app. Deletion permanently removes your profile, event registrations, device tokens, and all other data associated with your account.

You have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Delete your account and all associated data via the app or by contacting us.
• Opt out of SMS notifications at any time in app settings.
• Withdraw location permission at any time in your device settings.

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

All data is transmitted over HTTPS. Authentication tokens are stored securely in your device's Keychain. We do not store location data on our servers.

We may update this policy from time to time. We will notify you of material changes by updating the effective date above. Continued use of the Service after changes constitutes acceptance of the updated policy.

Questions or requests regarding this policy can be sent to privacy@gridcall.app.