privacy

# Privacy Policy

Last updated: [DATE]

This policy explains how Notch Interfaces Inc. ("Notch", "we", "us"), registered at 750 Manhattan Ave, Brooklyn, NY, 11222, handles personal data in the Notch mobile app, the Notch sensors, and wearnotch.com (together, the "Service").

Contact for any privacy question or request: connectwearnotch.com

## 1. Who is the data controller

Notch Interfaces Inc. is the data controller for personal data processed through the Service.

## 2. What we collect

Account data
- Email address, display name, password hash (or Apple / Google sign-in identifier)
- Optional profile photo

Profile and training data you enter
- Age or date of birth, sex, height, body weight, training experience, goals
- Workouts, exercises, sets, reps, loads, rest periods, session notes

Sensor and motion data
- Orientation and motion signals from Notch sensors (quaternions, accelerometer, gyroscope, magnetometer)
- Derived metrics such as rep count, range of motion, velocity, tempo, joint angles
- Sensor identifiers, firmware version, battery level, calibration data

Device and diagnostic data
- Device model, OS version, app version, locale, time zone
- Crash reports, error logs, performance traces
- Bluetooth connection state (used only to pair with your sensors)

Usage data
- Screens opened, features used, session length, in-app events

Social data (only if you use social features)
- Friend or group membership, challenge participation, results shared with people you choose

Health data (only if you enable it)
- With your explicit permission, we read and/or write workout, heart rate, and body measurement data to Apple HealthKit. [Delete this section entirely if HealthKit is not enabled in the beta build.]

We do not collect video or images of you. We do not use cameras for movement tracking.

We do not knowingly collect data from anyone under 16 (or the minimum age in your country). [Adjust to your actual age gate.]

## 3. Why we process it, and on what legal basis

| Purpose | Data used | Legal basis (GDPR) |
|---|---|---|
| Create and run your account | Account data | Contract |
| Deliver core features: rep detection, form feedback, training history, personalized advice | Profile, training, sensor data | Contract |
| Personalize training recommendations using automated analysis | Profile, training, sensor data | Contract |
| Social features, challenges, leaderboards | Social data, selected results | Contract, your choice to opt in |
| Keep the app stable and secure | Device, diagnostic, usage data | Legitimate interest |
| Improve the product and the movement models | Usage data, pseudonymized or aggregated sensor data | Legitimate interest, or consent where required |
| Beta testing communications and support | Account data, diagnostics | Legitimate interest, contract |
| Marketing email | Email address | Consent, withdrawable at any time |

Health and biometric-adjacent data is special category data under GDPR Article 9. Where that applies, we process it on the basis of your explicit consent, which you give in-app and can withdraw at any time.

## 4. Automated recommendations

Notch analyzes your sensor and training data to generate training recommendations and feedback. These recommendations are informational and do not produce legal or similarly significant effects. Notch is not a medical device and does not diagnose, treat, or prevent any condition. Consult a qualified professional before starting or changing a training program.

## 5. Who we share data with

We do not sell personal data. We do not share it with data brokers. We do not use it for third-party advertising.

Processors acting on our instructions:
- Google Firebase (authentication, database, hosting, Crashlytics, Analytics), Google Ireland Ltd / Google LLC
- Amazon Web Services (hosting and storage), [region]
- [PostHog Cloud EU, if enabled: product analytics and session replay]
- [Apple, for TestFlight distribution and crash reports]
- [Email or support provider, if any]
- [Payment provider, if any]

Other recipients:
- People you explicitly share with inside the app (friends, groups, challenges)
- Authorities, where required by law
- A buyer or successor, in a merger or acquisition, subject to this policy

Health data obtained from Apple HealthKit is never shared with third parties for advertising, marketing, or data mining, and is never sold. It is used only to deliver features you asked for.

## 6. International transfers

Data is stored in [EU / EEA region, specify]. Where a processor transfers data outside the EEA, the transfer relies on the European Commission's Standard Contractual Clauses or an adequacy decision. Copies of the safeguards are available on request.

## 7. How long we keep it

- Account, training and sensor data: for as long as your account is active
- After account deletion: erased or anonymized within [30] days, except where law requires longer retention
- Crash and diagnostic logs: [90] days
- Backups: purged on the normal backup cycle, up to [35] days
- Beta build data: [deleted at the end of the beta program, or retained if you continue to the public release]

## 8. Deleting your account and your data

You can delete your account and all associated data from inside the app: [Settings > Account > Delete account]. Deletion is permanent. You can also email [privacy@wearnotch.com] and we will action the request within 30 days.

## 9. Your rights

If you are in the EEA or UK, you have the right to access, rectify, erase, restrict, and port your data, to object to processing based on legitimate interest, and to withdraw consent at any time. Exercise any of these by emailing [privacy@wearnotch.com]. You also have the right to complain to your supervisory authority, for example [NAIH, Hungary: naih.hu].

If you are in California, you have the right to know, delete, correct, and opt out of sale or sharing. We do not sell or share personal information as those terms are defined by the CCPA/CPRA.

## 10. Security

Data is encrypted in transit with TLS and at rest by our hosting providers. Access to production data is restricted to authorized personnel. Passwords are stored as salted hashes. No system is perfectly secure, and we cannot guarantee absolute security.

## 11. Cookies and the website

wearnotch.com uses [strictly necessary cookies only / necessary cookies plus, with your consent, analytics cookies]. You can manage your choice through the consent banner. [Remove or edit to match the real site.]

## 12. Beta testing

If you take part in the Notch beta through TestFlight, Apple collects and processes installation, usage, and crash information under Apple's own privacy policy. Beta builds may log additional diagnostic data to help us fix defects. Beta data is handled under this policy.

## 13. Changes

We will post any change here and update the date at the top. Material changes will be notified in-app or by email before they take effect.

## 14. Contact

Notch Interfaces Inc.
750 Manhattan Ave, Brooklyn, NY, 1122
connect@wearnotch.com