sector.fit← Back to home

Privacy Policy

Effective date: March 28, 2026

Sector Fit ("we", "our", or "us") operates the Sector Fit mobile application (the "App"). This Privacy Policy explains what data we collect, why we collect it, how we use it, and the rights you have over your information. By using the App you agree to the practices described here.

1. Information We Collect

1.1 Account Information

When you register we collect:

  • ·Email address (for email/password accounts)
  • ·Username (chosen by you, visible to other users)
  • ·Password (stored as a bcrypt hash — we never store your plaintext password)
  • ·OAuth profile data if you sign in with Google, Apple, or Strava (name, profile picture URL, provider ID)

1.2 Location Data

The App collects precise GPS coordinates only while you are recording an activity. Location data is used to:

  • ·Calculate the distance and route of your run or walk
  • ·Detect which map sectors you traverse
  • ·Apply pace and distance validation (e.g. 42 km daily limit)
  • ·Attribute sector contributions to your group

We do not collect location data in the background. Location access is granted by you when starting an activity and stops when the activity ends or the app is closed.

1.3 Activity Data

  • ·Activity type (run or walk), start time, end time, duration
  • ·Distance and pace for each session
  • ·GPS route coordinates
  • ·Sectors traversed and kilometres contributed per sector

1.4 Group & Social Data

  • ·Groups you create or join (group name, color, mantra, membership role)
  • ·Leaderboard rankings and km contributed statistics

1.5 Device & Technical Data

  • ·App version and operating system
  • ·Device type (iOS / Android) — used for crash reporting and compatibility
  • ·Anonymous usage events sent to Plausible Analytics (no cookies, no cross-site tracking — see §4)

2. How We Use Your Information

  • ·Provide and operate the App (account management, activity tracking, sector maps)
  • ·Calculate and display leaderboards, sector control, and group statistics
  • ·Validate activity integrity (pace checks, daily distance limits) to ensure fair play
  • ·Send transactional notifications (account actions, group invitations) — no marketing emails without consent
  • ·Diagnose errors and improve performance
  • ·Comply with legal obligations under GDPR and LGPD

3. Legal Basis for Processing (GDPR)

If you are in the European Economic Area we process your data under:

  • ·Contractual necessity — to deliver the service you signed up for
  • ·Legitimate interests — fraud prevention, app security, and aggregate analytics
  • ·Legal obligation — where required by applicable law
  • ·Consent — for optional features (e.g. email marketing, if ever introduced)

4. Third-Party Services

Mapbox

We use Mapbox to render interactive maps inside the App. Your device communicates with Mapbox tile servers to display map imagery. Mapbox may receive your approximate location to serve the correct map tiles. See Mapbox's Privacy Policy.

Plausible Analytics

We use Plausible Analytics (self-hosted) to collect anonymous, aggregate usage statistics. Plausible does not use cookies and does not collect any personally identifiable information or track users across sites.

OAuth Providers

If you sign in with Google, Apple, or Strava, those providers share limited profile data with us (name, email, profile picture, provider ID). Each provider has its own privacy policy governing how they handle your data.

We do not sell or rent your personal data to any third party.

5. Data Storage & Security

5.1 Server-Side Storage

  • ·Your data is stored on Google Cloud Platform (GCP) servers
  • ·All data in transit is encrypted using TLS 1.2+
  • ·Passwords are stored as bcrypt hashes and never in plaintext
  • ·Access to production data is restricted to authorised personnel only

5.2 On-Device Storage

  • ·The App uses Hive (a local NoSQL database) to cache activity data offline
  • ·Authentication tokens are stored in platform secure storage (Keychain on iOS, Keystore on Android)
  • ·Consent preferences are stored in SharedPreferences

6. Data Retention

  • ·Account data is retained for as long as your account is active
  • ·Activity data (GPS routes, sector contributions) is retained indefinitely to maintain leaderboard accuracy
  • ·When you delete your account all personal data is permanently and immediately deleted
  • ·Anonymised, aggregated statistics (e.g. total sector km) may be retained after deletion

7. Your Rights

Depending on your jurisdiction you may have the following rights. To exercise any of them email us at lucas@sector.fit.

  • ·Access — request a copy of the personal data we hold about you
  • ·Correction — ask us to correct inaccurate or incomplete data
  • ·Deletion — request erasure of your account and associated data
  • ·Data portability — receive your activity data in a machine-readable format
  • ·Restriction — ask us to pause processing your data in certain circumstances
  • ·Objection — object to processing based on legitimate interests
  • ·Withdraw consent — where processing is based on consent, withdraw it at any time

You can also delete your account directly from the App (Settings → Account → Delete Account). Deletion is immediate and permanent — all your data is removed straight away.

8. Children's Privacy

The App is not directed at children under 13 years of age (or 16 in jurisdictions where that applies). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top and, for material changes, notify you via an in-app notice or email. Your continued use of the App after the update constitutes acceptance of the revised policy.

10. Contact

Questions, concerns, or requests regarding this Privacy Policy should be directed to:

Sector Fit

Email: lucas@sector.fit

Website: sector.fit