Privacy Policy

Last updated: 31/03/2026 · Version 1.0

    Summary: Climbify only collects the data necessary to provide you with the
    service. We do not sell your data or share it with third parties for advertising purposes.
  

1. Data Controller

CLIMBIFY
Contact email: Climbify

2. Data we collect and why

Name, username and email — required to create and manage your account (legal basis: performance of a contract, Art. 6.1.b GDPR).
Country — to set the app's default language (legal basis: performance of a contract, Art. 6.1.b GDPR).
Profile picture (avatar) — optional, to personalise your account (legal basis: consent, Art. 6.1.a GDPR).
Activity data (boulders climbed, attempts, points, leagues) — required for the core functionality of the app (legal basis: performance of a contract, Art. 6.1.b GDPR).
Push notification token — to send you alerts about leagues, achievements and news from your favourite climbing gym. You can revoke this at any time in your device settings (legal basis: consent, Art. 6.1.a GDPR).
Date and version of acceptance of this policy — to demonstrate your consent in compliance with Art. 7.1 GDPR (legal basis: legal obligation, Art. 6.1.c GDPR).

3. Who do we share your data with?

We use Supabase (hosted in the European Union) as our database and storage platform. It acts as a data processor and is subject to a Data Processing Agreement in accordance with the GDPR.

We do not sell or share your data with third parties for advertising or commercial purposes.

4. How long do we keep your data?

Your data is kept for as long as you maintain an active account. If you delete your account, all your data is permanently erased within a maximum of 30 days. Consent records (gdpr_consents) are automatically deleted in cascade when the account is removed.

5. Your rights

As a user you have the right to:

Access — find out what data we hold about you.
Rectification — correct inaccurate data.
Erasure — delete your account and all your data via Settings → Delete account.
Portability — receive your data in a structured, machine-readable format.
Objection and restriction — object to certain processing activities.
Withdraw consent — at any time, without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at . You also have the right to lodge a complaint with your local supervisory authority. In Spain, this is the AEPD. In other EU countries, please contact your national data protection authority.

6. Security

All communications between the app and our servers are encrypted using HTTPS/TLS. Passwords are stored using secure hashing and are never stored in plain text.

7. Changes to this policy

If we make material changes to this Privacy Policy, we will notify you within the app and ask you to accept the new version before continuing.