TIRO — Privacy Policy
TIRO is operated by an independent developer (“we”, “us”). This policy explains what information TIRO uses, why, and what choices you have. We designed TIRO to keep your step history and game records primarily on your device; optional online features (leaderboard, friends) use a small set of data stored with Supabase and Sign in with Apple as described below.
This text is for transparency. It is not legal advice.
1. What TIRO is
TIRO is a walking survival game that reads step count from Apple Health to run a live countdown. Core gameplay, run history, and settings can work without an account on our servers. If you choose to use the leaderboard (monthly rankings, following others, or related social features), we process additional data in the cloud as set out in section 3.
2. Data we do not sell
We do not sell your personal information. We do not use advertising SDKs in the app, and we do not build a profile about you for ad targeting.
If we ever add analytics or ads, we will update this policy and, where required, your in-app notice before the change.
3. Information we process
3.1 On your iPhone (local)
- Step data (HealthKit). We read step count and related HealthKit permissions you grant so we can count steps for your active run and for past runs, only as needed to run the app. This data stays on the device unless you also use the optional cloud features below (we do not upload your full step log or all Health data).
- Game and settings data. We store your runs, difficulty, and preferences locally (SwiftData) on the device. If you do not use the leaderboard, that information does not leave the device in normal operation, except for standard iCloud/device backups managed by Apple under your own account settings.
- Notifications. If you allow notifications, the system may hold scheduled local reminders (for example, when a run is predicted to end). We do not send marketing push in V1.
3.2 If you use the leaderboard (optional — Supabase)
The leaderboard is opt-in from inside the app. If you use it, we use Supabase (managed PostgreSQL and authentication) in the Supabase, Inc. EU/US region bound to the project you connect to. Typical categories of data we store there include:
| Data | Purpose |
|---|---|
| Account identifier | A Supabase Auth user id. You may use an anonymous session, or Sign in with Apple to recover the same profile on a new phone. |
| Display name (username) | A public 3–16 character handle shown on leaderboards, friend search, and related screens. It must be unique. |
| Country / region (optional display) | A coarse region (for example for country leaderboards) if you set it. |
| Location (optional — “Nearby” mode) | If you turn on Nearby, we store coarse, rounded location used only to show approximate distance-based ranking; we do not publish your exact address or location. You can turn this off in the app. |
| Game mirror rows | A summary of mirrored runs: difficulty, time alive, step totals, status, and related fields needed to show the monthly board — not your full Health step stream. |
| Social graph (follows) | Who you follow and who may follow you, to power Friends and inbox features. |
| Invites and referrals | If you share an invite link, we store which profile (if any) referred a new user when they join the leaderboard, so we can create mutual follows and reward the inviter in-app (for example time added to a run). |
| Gifts / rewards | Optional gift rows (type and value, such as bonus time) tied to your profile until you claim them in the app. |
Username moderation. We may block, remove, or replace usernames that violate our rules (for example via automated denylists or manual report handling) to keep the public board safe. That processing is part of running the service.
Apple Sign in with Apple (optional). If you use it, Apple processes authentication according to your Apple ID settings and Apple’s privacy terms. We only receive the identifiers and tokens that Apple makes available to us to link or restore your account.
We use row-level security in the database so, by design, each authenticated user can only write their own profile and related rows, unless we document a server-side exception. Do not use the app if you are uncomfortable with the above when the leaderboard is enabled.
3.3 Support and email
If you email us (for example via a support address shown in the app or on our website), we use your address and the content of the message to respond. We do not use that correspondence for marketing unless you ask us to.
4. Apple’s role
- App Store, iOS, Health, Sign in with Apple: Apple’s processing is governed by Apple and your device settings. TIRO’s access to Health data is controlled by the permissions you grant in Settings → Health → TIRO (or equivalent on your device).
- We do not control iOS backups or iCloud; see Apple’s documentation for how device backups work.
5. Legal bases (EEA, UK, Switzerland, and similar)
Where GDPR-style rules apply, we rely on:
- Contract / steps necessary to provide the service — to run the game, sync an optional account, and show leaderboards you ask for.
- Legitimate interests — to keep the service secure, moderate public usernames, fix bugs, and comply with law, balanced against your rights.
- Consent where required — for example, Health access and location (Nearby) are requested in the system and in-app flows, and you can change or withdraw those permissions in iOS Settings at any time.
Withdrawing Health access or leaving the leaderboard may mean some features no longer work as intended; we explain that in the app where relevant.
6. Retention and deletion
- Local data remains on the device until you delete the app or erase data, subject to your own backups.
- Leaderboard / Supabase data: if you use Leave the leaderboard (or equivalent) in the app, we delete your profile and related mirrored data from our Supabase project as that flow is implemented, and we sign you out. If you also use Sign in with Apple, you can manage the Apple side from Apple ID settings. Residual backups or logs in Supabase or our tooling may persist for a limited period for security, abuse prevention, and legal reasons, then are deleted on a routine cycle.
Exact retention windows in infrastructure can change; we will not keep your data longer than reasonably needed for the purposes in this policy unless a legal obligation requires longer storage.
7. Security
We use industry-standard transport encryption (TLS) to our backend and access controls in the app and database. No method of transmission or storage is 100% secure; you use the service at your own reasonable risk, as with any app.
8. International transfers
Supabase and Apple may process data in the EEA, UK, US, and other countries where they operate. Where required, we accept standard contractual clauses or other mechanisms our processors offer. See their privacy documentation for details.
9. Your rights
Depending on where you live, you may have the right to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent where processing is based on consent. You may also have the right to lodge a complaint with a supervisory authority.
How to exercise your rights: contact us at the email below. We will respond within a reasonable time, and we may need to verify your request (for example, to avoid deleting another person’s account). If we cannot fulfil a request, we will explain why, including any legal override.
California (CCPA/CPRA): we do not sell or share personal information for cross-context behavioural advertising in V1. You may have additional rights; contact us as below.
10. Children
TIRO is not directed at children. We do not knowingly collect personal information from children under 13 (or the age of digital consent in your region). If you are a parent or guardian and believe we have collected such information, contact us and we will delete it.
11. Third-party services and changes
- Sub-processors in V1 include, at minimum, Supabase (data hosting and Auth) and Apple (device, App Store, Health, and Sign in with Apple, as applicable). Links in the app to other sites (for example, a help page) are governed by those sites’ own policies.
- We may update this policy when the product, law, or our processors change. The “Effective date” at the top will change, and, where the change is material and the law requires it, we will also give in-app or App Store notice. Continued use after the effective date means you accept the updated policy, except where a stricter rule applies by law.
12. Contact
Privacy and data questions: [your email — e.g. privacy@tiro.babavc.com or a shared support@].
General app support: [same or different email as shown in TIRO Settings or the marketing site.]
Operator (replace with the legal name you use on the App Store and in contracts; required for some jurisdictions), e.g.:
TIRO, operated by [Full name or company name, street, country] — [contact email].