The data behind your climb.

Everyrank is operated from India. For the purposes of the EU/UK GDPR and India’s Digital Personal Data Protection Act, 2023 (DPDP), everyrank is the data fiduciary / controller responsible for the personal data described in this policy.

For any privacy request (access, correction, deletion, objection, portability, or a general question), reach us at support@everyrank.app. We read every message.

Everyrank is for people aged 13 and over. We don’t knowingly collect personal data from children under 13. Accounts discovered to belong to users under 13 are deleted promptly.

If you are between 13 and 17, you need consent from a parent or legal guardian to use the service. If you believe a child has shared data with us, contact support@everyrank.app and we will remove it.

You give us:

• Account basics: name, email, sign-in method (Google, Apple, email)
• Display handle and avatar
• Activity data: steps, distances, routes, listens, rides, social actions, whichever apps you use
• Support conversations and feedback

Your device gives us (only with permission):

• Location: active-session only, used for distance and route tracking
• Motion and fitness: from Apple Health or Google Fit integrations
• Music service connections: Spotify, Apple Music, where applicable
• Notification tokens
• Device type, operating system, app version

Collected automatically:

• Usage events: screens visited, actions taken, session length, crash reports
• Web log data: IP address, browser type, referrer URLs
• Approximate location derived from IP address (city-level), used for abuse detection and regional availability

We do not knowingly collect special categories of personal data (e.g. racial or ethnic origin, political opinions, religious beliefs, health data outside of activity tracking). Do not upload any such data to everyrank.

We use personal data to:

• Run the core service: activity tracking, XP calculation, rank placement, leaderboards
• Deliver features: notifications, reminders, friend challenges, season events
• Account security: verification, suspicious-activity alerts
• Service quality: bug fixes, performance, feature development
• Fraud and abuse detection: identifying manipulation, cheating, bot activity
• Communication: service updates, security notices

Lawful bases (GDPR / UK GDPR). For users in the EU, EEA, or UK, we rely on the following lawful bases to process your personal data:

• Contract: running the service you signed up for (Art. 6(1)(b))
• Legitimate interests: securing the service, preventing fraud and abuse, analyzing aggregate usage to improve features (Art. 6(1)(f))
• Consent: device permissions (location, motion, notifications), non-essential cookies and analytics, marketing communications (Art. 6(1)(a))
• Legal obligation: responding to valid legal process, meeting regulatory requirements (Art. 6(1)(c))

You can withdraw consent at any time, see Your rights and Permissions below. Withdrawal does not affect processing that already happened.

We use a small number of cookies and similar technologies (local storage, device identifiers) on the website and inside the apps.

• Essential: required to keep you signed in, remember your theme, and keep the service secure. These always run.
• Analytics: anonymized product analytics via PostHog and anonymized page views via Vercel Analytics. Used to improve the service.
• Preferences: remember interface choices like theme and locale.

We do not use advertising cookies or sell cookie data to ad networks. Where required by law, non-essential cookies are loaded only after you give consent. You can clear cookies and local storage from your browser or device settings at any time.

PostHog collects anonymized product analytics to help us understand how features are used. Vercel Analytics collects anonymized page views on the website. Neither is linked to your personal content, and neither is sold for advertising.

You can request analytics deletion at any time by contacting support@everyrank.app.

We do not sell, rent, or trade your personal data.

Limited sharing occurs in four cases:

• Leaderboards are public by design. Your display handle, rank, avatar, and summary stats are visible to other users within each app.
• Service providers (cloud hosting, analytics, authentication, mapping, music services) process data on our behalf under contract and only as needed to deliver the service.
• Legal compliance: in response to valid legal process, or to protect the rights, safety, and property of everyrank, our users, or the public.
• Corporate transactions: if everyrank is involved in a merger, acquisition, reorganization, or sale of assets, personal data may transfer to the successor entity. We will notify you before your data becomes subject to a different privacy policy.

We rely on a small set of trusted providers:

• Cloud infrastructure: Vercel, Firebase
• Authentication: Google, Apple
• Analytics: PostHog, Vercel Analytics
• Music service APIs: where you connect one
• Mapping providers: for activity routes
• Email delivery: for account and transactional messages

Each operates under its own privacy terms. We are not responsible for their independent practices, but we select partners with care and contract them to protect your data.

We use industry-standard protections: encrypted transport (TLS/SSL), secure authentication, access controls, and regular reviews. No system is perfectly secure, but we treat this seriously.

You also play a role: use a strong password, keep your device secured, and sign out of shared devices.

If a breach puts your data at meaningful risk, we notify affected users and the relevant authorities, in accordance with India’s Digital Personal Data Protection Act, 2023, the GDPR (where applicable), and any other law we are required to honor. Notification will describe the nature of the breach, likely impact, and steps you can take to protect yourself.

• Active accounts: data retained while the account exists
• Deleted content: removed from active systems within 30 days
• Deleted accounts: associated data removed within 30 days; encrypted backups expire within 90 days
• Anonymized aggregates: may be kept indefinitely for analytics and integrity purposes
• Legal holds: we may retain data longer where required to comply with law, respond to legal claims, or protect our rights

Across every jurisdiction we serve, you can:

• Access and edit your profile and connected apps
• Export your data (best-effort, some historical data may not be exportable)
• Delete individual activities, photos, or connections
• Delete your entire account, any time, from in-app settings
• Opt out of product analytics by contacting support
• Revoke device permissions from your phone’s settings
• Contact us with any privacy question at support@everyrank.app

India (DPDP Act, 2023). You have the right to confirm what personal data is being processed, obtain a summary of that processing, correct and erase inaccurate or no-longer-necessary data, nominate another person to exercise your rights in the event of your death or incapacity, and file a grievance with us. Unresolved grievances may be escalated to the Data Protection Board of India.

European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR). You have the right to access, rectify, erase, restrict processing, object to processing (including processing based on legitimate interests), data portability, and withdraw consent. You also have the right to lodge a complaint with your local supervisory authority, for example, the Information Commissioner’s Office (UK), the Irish Data Protection Commission, or the supervisory authority in your member state.

California (CCPA / CPRA). You have the right to know what personal information we collect, use, disclose, and retain; the right to delete personal information; the right to correct inaccurate personal information; and the right to opt out of the sale or sharing of personal information. We do not sell or share personal information as those terms are defined under the CPRA. We will not discriminate against you for exercising your rights.

To exercise any right, email support@everyrank.app. We may need to verify your identity before acting. We will respond within the time frame required by your applicable law, generally 30 days, extendable for complex requests.

Each device permission we request is optional. You can revoke any of them from device settings without losing your account.

• Location: active-session only, for distance and route tracking
• Motion and fitness: for accurate step and workout counts
• Photos and camera: for avatar and activity photos
• Notifications: reminders, challenges, season updates
• Music services: for listen tracking in MusicRank

Some browsers offer a Do Not Track (DNT) setting. There is no universal industry standard for how DNT signals should be interpreted, so everyrank does not currently respond to them.

That said, we do not track you across third-party websites for advertising purposes and we do not sell personal information. Analytics described in this policy apply regardless of DNT.

Everyrank operates from India. If you use the service from outside India, your data is transferred to and processed in India and wherever our service providers operate (for example, the United States and the European Union).

Where required, we rely on appropriate safeguards, including Standard Contractual Clauses approved by the European Commission and equivalent protections under the UK and Indian frameworks, to keep your data protected no matter where it travels.

Everyrank uses automated systems to compute XP, place ranks, generate leaderboards, and detect manipulation. These systems do not make legal or similarly significant decisions about you in the sense of GDPR Art. 22.

If an automated integrity system flags your account, you can appeal the decision to a human by contacting support@everyrank.app.

We post updates here with the revised effective date. Material changes trigger email or in-app notification at least 15 days before they take effect. Continued use after the effective date means you accept the updated policy. If you don’t accept the changes, your remedy is to stop using the service and delete your account.