Alexis Guay
Alexis Guay
Présentation
Blog
Culture Web JavaScript Performances Web
Projets
Localio AG7-Project Weather Map MIW Classroom
Me contacter
Compte Linkedin : Alexis Guay
Adresse Mail : guay.alexis7@gmail.com
Compte github : ag7-alexis

Privacy Policy

BiomeSteps — « Every step grows your world. »

Last updated: June 14, 2025

1. Who we are

This privacy policy applies to the BiomeSteps mobile application, published by:

2. Scope

This policy describes how we collect, use, store, and protect your personal data when you use the BiomeSteps app on iOS and Android.

3. Data we collect

3.1 Account data

  • Email address
  • Password (stored securely, never in plain text)
  • Unique user identifier

3.2 Profile data

  • Username
  • Avatar / chosen character
  • Year of birth (optional)
  • Country (optional)

3.3 Health and activity data

BiomeSteps accesses only your step count, via Apple Health (iOS) or Health Connect (Android). We do not read other health data (heart rate, sleep, location, etc.). BiomeSteps does not write anything to Apple Health.

Synchronized step data includes:

  • Step count per time range
  • Data source (Apple Health, Health Connect, device sensor)
  • Platform (iOS / Android)
  • Technical source identifier (to prevent duplicates)

3.4 Game data

  • Plant progress (accumulated steps, stage, status)
  • Active biome and plant collection
  • Step sync history
  • Monthly eligibility for the real tree goal (Premium users)

3.5 Subscription data

  • Premium status (free / active / expired)
  • RevenueCat customer identifier
  • Payments are processed by Apple (App Store) or Google (Play Store); we do not store your payment card details

3.6 Technical and analytics data

  • Aggregated usage events (onboarding, harvests, paywall, health permissions)
  • Device type, app version, operating system
  • Analytics identifier (linked to your account once signed in)

We do not send raw health data to our analytics tools.

4. Purposes and legal bases (GDPR)

PurposeLegal basis
Account creation and managementContract performance
Step sync and game progressionContract performance + consent (health data)
Premium subscription managementContract performance
Anti-fraud (monthly step validation)Legitimate interest
Product analytics (app improvement)Legitimate interest
Legal obligationsLegal obligation

5. Processors and recipients

We use the following service providers, who process your data on our behalf:

  • Supabase — database hosting, authentication, storage
  • PostHog — product analytics (US servers — standard contractual clauses)
  • RevenueCat — in-app subscription management
  • Apple — App Store, Apple Health (step reading)
  • Google — Play Store, Health Connect (step reading)

We do not sell your personal data to third parties.

6. Anti-fraud

For the monthly goal of 200,000 steps (Premium feature — real tree), we apply server-side checks: detection of abnormal volumes (e.g. more than 50,000 steps/day), deduplication of syncs, verification of data source. These checks may result in a « flagged » status without automatically blocking your in-game progress.

7. Retention period

  • Account and profile: as long as the account is active, then deleted within 30 days of request
  • Step data: retained while the account is active; monthly aggregates for tree eligibility
  • Analytics: 24 months maximum
  • Accounting data (subscriptions): 10 years (legal obligation)

8. Your rights

Under the GDPR, you have the following rights:

  • Access — obtain a copy of your data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your account and data
  • Portability — receive your data in a structured format
  • Objection — object to processing based on legitimate interest (analytics)
  • Withdraw consent — revoke health access via iOS/Android settings; this blocks main progression
  • Restriction — request suspension of processing

To exercise your rights: guay.alexis7@gmail.com. Response within 30 days. You may also lodge a complaint with your local supervisory authority (e.g. CNIL in France).

9. Security

We implement appropriate technical and organizational measures: encryption in transit (HTTPS/TLS), secure authentication, restricted data access, RLS (Row Level Security) policies on the database.

10. Transfers outside the EU

Some processors (notably PostHog, hosted in the United States) may process your data outside the European Union. These transfers are governed by the European Commission’s Standard Contractual Clauses or equivalent safeguards.

11. Minors

BiomeSteps is not intended for children under 16 without parental consent. If you believe a minor has submitted data to us, contact us for deletion.

12. Changes

We may update this policy. In case of significant changes, we will notify you via the app or by email. The last updated date appears at the top of this page.

13. Contact

For any questions regarding your personal data:

Alexis Guay
guay.alexis7@gmail.com

Sur cette pagePrivacy Policy1. Who we are2. Scope3. Data we collect3.1 Account data3.2 Profile data3.3 Health and activity data3.4 Game data3.5 Subscription data3.6 Technical and analytics data4. Purposes and legal bases (GDPR)5. Processors and recipients6. Anti-fraud7. Retention period8. Your rights9. Security10. Transfers outside the EU11. Minors12. Changes13. Contact
Temps de lecture : 3 minutes