Privacy Policy

1. Introduction

Welcome to Reborn. Protecting your personal data and privacy is central to everything we do. This policy explains precisely what data we collect, why we collect it, how long we keep it, and how you can delete it.

This policy applies to the Reborn mobile application (iOS) and all associated backend services accessible at reborn.dpdns.org.

2. Data We Collect

Account data

• Profile: Username, email address, age range, profession.
• Authentication: Apple ID identifier (when using Sign in with Apple). We never receive or store your Apple password.

Friend-matching data (hashed)

Activity and progression data

• Completed routines, streaks, Hexagon scores, level, and total points.
• Challenge completion signals ("routine_completed") — not your raw health metrics.

Health data

We do not store your raw health data. When Reborn accesses Apple HealthKit (e.g., step count for physical challenges), all processing happens locally on your device. Our servers only receive a binary success/failure signal for challenge validation.

Technical data

• Server logs (IP address, request timestamps) — retained for 30 days for security and debugging.
• Anonymized usage statistics to improve the app.

3. How We Use Your Data

• To create and maintain your account.
• To match you with friends already on Reborn (via the SHA-256 hash system described above).
• To track your progression and display your stats within the app.
• To send you in-app notifications about challenges and activity (if you grant permission).
• To improve Reborn through anonymized analytics.

4. Data Retention

We retain your account data and progression data for as long as your account is active. If you delete your account:

• All profile data, progression data, and friend connections are permanently deleted within 30 days.
• SHA-256 hashes used for friend matching are discarded immediately after matching — they are never stored long-term.
• Server logs (IP, timestamps) are automatically purged after 30 days regardless of account status.

5. Deleting Your Data

You can delete your account and all associated data at any time directly from within the app:

This action is irreversible and will permanently remove all data linked to your account from our servers within 30 days. You can also contact us at reborn.app.contact@gmail.com to request deletion manually.

6. Sharing and Third Parties

We do not sell, rent, or share your personal data with any third parties for commercial purposes.

Your data is never shared with advertisers, data brokers, or marketing platforms. The only external services we use are:

• Apple (Sign in with Apple): Authentication only. Governed by Apple's own Privacy Policy.
• Apple Push Notification Service (APNs): For sending notifications. We send a device token and notification content; no personal data is transmitted beyond what is necessary.

7. Security

• All data is transmitted over HTTPS/TLS.
• Passwords (when applicable) are hashed with bcrypt.
• Email/phone hashing uses SHA-256 — irreversible by design.
• Our servers are located in the European Union.

8. Your Rights

Under GDPR (and equivalent regulations), you have the right to:

• Access the data we hold about you.
• Correct inaccurate data.
• Delete your data (see Section 5).
• Object to processing.
• Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at reborn.app.contact@gmail.com.

9. Children

Reborn is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via the app or by email. Continued use of Reborn after an update constitutes acceptance of the revised policy.

11. Contact

For any privacy-related question or request, contact us at:
reborn.app.contact@gmail.com