Privacy Policy

Last updated: March 17, 2026

Introduction

Welcome to Upkeep ("we," "our," or "us"), operated by Imperial Engineering Labs Pvt Ltd. Upkeep is a step challenge app that helps you stay active and accountable with friends. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Upkeep mobile application and website at upkeep.social.

By using Upkeep, you agree to the practices described in this policy. If you do not agree, please do not use our services.

Data We Collect

Account Information

When you sign up through Apple Sign-In or Google Sign-In, we collect your name and email address as provided by the authentication provider. This is used for account management, communication, and identifying you within challenges.

Health and Fitness Data

With your explicit permission, we access the following data from Apple HealthKit (iOS) or Google Health Connect (Android):

  • Activity data: Daily step counts, distance walked/run, active energy burned, basal energy burned, exercise time, and workout sessions (type, duration, distance)
  • Heart data: Heart rate, resting heart rate, and heart rate variability (HRV). On iOS, walking heart rate is also collected.
  • Body measurements: Height and weight, used during onboarding to personalise challenge targets

Your health data is used solely for challenge verification, progress tracking, and personalising your experience. We never sell health data or share it with advertisers. Only your step counts and challenge progress are visible to other challenge participants. Raw health data such as heart rate, body measurements, and detailed activity breakdowns are never exposed to other users.

Location Data (Optional)

If you grant location permission, we may collect GPS data for anti-cheat verification purposes only. Location data is:

  • Collected only during active challenge verification, not continuously tracked
  • Used to verify that step activity is genuine
  • Never shared with other users or third parties
  • Completely optional -- you can deny or revoke location access at any time without affecting core app functionality

Challenge and Activity Data

We collect data related to your participation in challenges, including:

  • Challenge memberships and roles
  • Daily step counts submitted to challenges
  • Streaks, consistency scores, and rankings
  • Kudos and social interactions within challenges

This data is shared with other participants in your challenges so that everyone can track group progress and standings.

Device Information

We collect basic device information to ensure app compatibility and troubleshoot issues:

  • Device model and operating system version
  • App version
  • Push notification tokens (if notifications are enabled)

Usage Analytics

We use Firebase Analytics to understand how the app is used and to improve the experience. Analytics data is aggregated and does not include personally identifiable information. This includes screen views, feature usage patterns, and app performance metrics.

How We Use Your Data

Data Type Purpose
Account info (name, email) Account creation, login, profile display, communications
Health data (steps, distance, calories, heart rate, body measurements, workouts) Challenge verification, progress tracking, leaderboards, personalised targets
Location data (optional) Anti-cheat verification only
Challenge data Group rankings, streaks, scores, challenge management
Push notification tokens Challenge reminders, streak alerts, group updates
Device info App compatibility, debugging, support
Analytics App improvement, feature prioritization, performance monitoring

Data Sharing

We do not sell your personal data or health data. We share data only in the following limited circumstances:

With Other Challenge Participants

Your name, profile, step counts, streaks, and scores are visible to other members of challenges you join. This is essential for the social accountability features of Upkeep. Raw health data and location data are never shared with other users.

With Service Providers

We use trusted third-party services to operate Upkeep:

  • Amazon Web Services (AWS) -- Cloud infrastructure, data storage, and application hosting
  • Firebase (Google) -- Push notifications (FCM) and anonymized analytics
  • Apple HealthKit -- Health data access on iOS (data stays on-device until you sync)
  • Google Health Connect -- Health data access on Android (data stays on-device until you sync)

These providers process data on our behalf and are bound by their own privacy policies and our data processing agreements.

Legal Requirements

We may disclose your data if required by law, legal process, or government request, or to protect the rights, safety, or property of Upkeep, our users, or the public.

Data Storage and Security

Your data is stored on AWS servers in the ap-south-1 (Mumbai) region. We implement the following security measures:

  • Data encrypted at rest using AWS-managed encryption
  • Data encrypted in transit using TLS/HTTPS
  • JWT-based authentication with token rotation
  • Rate limiting on all API endpoints
  • Regular security reviews and dependency updates

While we take reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

Data Retention

  • Activity health data (step counts, heart rate, calories, workouts) is retained for the duration of active challenges plus 90 days after a challenge ends, then automatically deleted.
  • Profile health data (height, weight) collected during onboarding is retained as part of your account profile for as long as your account is active. You can request its deletion at any time.
  • Account data is retained for as long as your account is active.
  • Challenge history (scores, streaks, rankings) is retained for as long as your account is active.
  • Analytics data is aggregated and anonymized; individual session data is not retained long-term.

When you delete your account, all associated data is permanently removed from our servers within 30 days. To learn how to delete your account and what happens to your data, see our account deletion page.

Your Rights

You have the right to:

  • Access your data -- Request a copy of the personal data we hold about you.
  • Correct your account information -- Update or correct inaccurate account details such as your name or email. Health and fitness data is sourced directly from Apple HealthKit or Google Health Connect and cannot be manually modified through Upkeep.
  • Delete your data -- Request deletion of your account and all associated data. You can do this directly in the app under Settings, or by contacting us.
  • Revoke permissions -- Disable HealthKit/Health Connect access, location access, or push notifications at any time through your device settings.
  • Data portability -- Request your data in a machine-readable format.
  • Withdraw consent -- Withdraw consent for data processing at any time, though this may limit app functionality.

To exercise any of these rights, contact us at privacy@upkeep.social. We will respond to your request within 30 days.

Cookies and Tracking

The Upkeep mobile app does not use cookies. Our website at upkeep.social uses:

  • Google Analytics -- To understand website traffic and usage patterns. This uses cookies to distinguish unique visitors. You can opt out using browser settings or the Google Analytics Opt-out Browser Add-on.

We may use advertising cookies or conversion tracking pixels in connection with campaigns to promote Upkeep. These do not track your activity within the app and are never linked to your health data. See the Advertising section above for details.

Children's Privacy

Upkeep is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@upkeep.social and we will promptly delete that information.

Advertising

Upkeep may use third-party advertising services (such as Google Ads) to promote the app to new users. In connection with these services:

  • We may share limited device identifiers (such as advertising IDs) with advertising partners solely for the purpose of measuring the effectiveness of our campaigns (conversion tracking).
  • We do not display ads within the Upkeep app.
  • We do not sell, share, or provide your health data, step counts, or fitness information to any advertising partner.
  • Your health data is never used for ad targeting or profiling.

You can reset or limit your device's advertising identifier at any time through your device settings (iOS: Settings > Privacy > Tracking; Android: Settings > Google > Ads).

Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you through the app or by email. The "Last updated" date at the top of this page indicates when the policy was last revised.

Continued use of Upkeep after changes are posted constitutes your acceptance of the revised policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at: