Privacy Policy

Last updated: April 8, 2026

PE Galyna Bayik ("Walking Country", "we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use the Walking Country mobile application ("App"), including its localized versions (Walking America, Walking Britain, Walking Holland, Walking France, Walking Deutschland, Walking Italia, Walking España, and others).

This policy complies with the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, the California Consumer Privacy Act (CCPA/CPRA), and other applicable data protection laws.

1. Data Controller

PE Galyna Bayik is the data controller responsible for your personal data under applicable data protection laws.

Email: contact@walkingcountry.app

2. Guest Mode

The App can be used without creating an account ("Guest mode"). In Guest mode, we collect only the minimum data necessary to provide the service:

• Health and activity data from Apple Health (with your consent)
• A locally generated guest identifier stored on your device
• Device information for crash reporting

In Guest mode, social features (following users, posting workouts) are not available. If you later create an account, your guest data is linked to your new account.

3. Data We Collect

3.1 Account Information

When you create an account via Sign in with Apple, we collect:

• First name and last name
• Email address (as provided by Apple — may be a private relay address)
• Country (based on your selection or device region)
• Profile avatar photo (if you choose to upload one)

3.2 Health & Activity Data (Apple HealthKit)

With your explicit consent, we read the following data from Apple HealthKit:

• Step count
• Walking and running distance
• Active energy burned (calories)
• Standing hours
• VO2 max
• Workout sessions (type, distance, duration, heart rate)
• Flights climbed

We access HealthKit data in read-only mode. We never write data to Apple Health. Your step count is transmitted to our servers to display your ranking on leaderboards. All other HealthKit data is processed locally on your device unless you choose to post a workout.

We never sell, share with advertisers, or use HealthKit data for advertising purposes. This data is completely isolated from any advertising services in the App.

3.3 User-Generated Content

• Workout photos you choose to upload
• Workout posts visible to other users on your profile

3.4 Technical & Device Data

We automatically collect certain technical data through our third-party service providers:

• Firebase Crashlytics: Crash logs, stack traces, device model, OS version, app version, installation UUID
• Firebase Cloud Messaging: Push notification token (FCM token), device model, OS version, language, timezone
• Firebase Remote Config: Installation ID, device metadata
• Firebase App Check: Device attestation tokens for API security

3.5 Advertising Data

If you choose to watch a rewarded ad (to earn bonus leaderboard steps), Google AdMob may collect:

• Advertising identifier (IDFA, only with your consent via Apple's App Tracking Transparency prompt)
• IP address
• Device information
• Ad interaction data

No health or activity data is ever shared with advertising services.

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases as defined by Article 6 of the GDPR:

• Consent (Art. 6(1)(a)): For accessing Apple HealthKit data, sending push notifications, and personalized advertising. You can withdraw consent at any time through the App settings or your device settings.
• Contract Performance (Art. 6(1)(b)): To provide you with the App's core services, including your account, leaderboards, achievements, activity tracking, and social features.
• Legitimate Interest (Art. 6(1)(f)): For crash reporting, app improvement, fraud prevention (App Check), and ensuring the security of our services. We have assessed that these interests do not override your fundamental rights and freedoms.

5. How We Use Your Data

We use your personal data to:

• Display your daily, weekly, monthly, and yearly activity statistics
• Calculate your Activity Score based on the last 30 days of activity data
• Rank you on global and country leaderboards using your step count
• Track and award achievements based on milestones you reach
• Display your profile, name, and workout posts to other users (unless your profile is set to private)
• Enable social features: following other users and viewing their profiles
• Send push notifications about achievements and daily reminders (with your consent)
• Display optional rewarded advertisements via Google AdMob
• Monitor app stability and fix crashes via Firebase Crashlytics
• Prevent fraud and secure our API via Firebase App Check

6. Data Sharing & Third Parties

We do not sell your personal data to anyone. We share data with the following third-party processors, each bound by data processing agreements:

6.1 Google Firebase

• Firebase Authentication: Manages Sign in with Apple login. Receives your Apple ID token, name, and email.
• Firebase Cloud Functions: Processes leaderboard rankings, achievements, and user profiles on our backend servers.
• Firebase Cloud Storage: Stores avatar photos and workout images you upload.
• Firebase Crashlytics: Receives crash reports and device information for app stability.
• Firebase Cloud Messaging: Delivers push notifications to your device.
• Firebase Remote Config: Delivers app configuration and A/B test parameters.

Google processes data under their Firebase Privacy Policy.

6.2 Google AdMob

If you watch a rewarded ad, Google AdMob may collect device identifiers and ad interaction data. No health, activity, or personal profile data is shared with AdMob. Google processes this data under their Privacy Policy.

6.3 Apple

• Apple HealthKit: Health data is accessed with your permission via the HealthKit framework. Apple does not receive your health data through our App.
• Sign in with Apple: Apple facilitates authentication. We receive only the data you authorize (name, email).
• App Attest / DeviceCheck: Apple verifies your device's authenticity for API security. No personal data is shared.

6.4 Other Users

If your profile is public, other users can see your first name, last name, avatar, step count, country, leaderboard rank, and posted workouts. You can set your profile to private at any time to hide your full name and workout photos from other users.

7. International Data Transfers

Your data is processed on Google Cloud servers, which may be located outside the European Economic Area (EEA), including in the United States. When data is transferred outside the EEA or UK, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Google's compliance with relevant data transfer frameworks

You can request a copy of the applicable safeguards by contacting us at contact@walkingcountry.app.

8. Data Retention

We retain your personal data for as long as your account is active. Specific retention periods:

• Account data: Retained until you delete your account
• Activity and leaderboard data: Retained until you delete your account
• Workout posts and photos: Retained until you delete the individual workout or your account
• Crash reports: Retained for 90 days by Firebase Crashlytics
• Guest mode data: Stored locally on your device. Server-side guest data is retained until you clear the app or uninstall

When you delete your account, all personal data associated with it (profile, activity history, workout photos, social connections) is permanently deleted from our servers within 30 days. Some anonymized, aggregated data may be retained for statistical purposes.

9. Your Rights

9.1 Rights for All Users

Regardless of where you are located, you can:

• Delete your account and all associated data directly within the App (Profile → Settings → Delete Account)
• Revoke Apple Health access at any time in your device Settings
• Set your profile to private to hide personal information from other users
• Opt out of push notifications in your device Settings
• Opt out of personalized advertising by declining the App Tracking Transparency prompt, or in your device Settings → Privacy → Tracking

9.2 Rights Under the GDPR (EEA & UK Users)

If you are located in the European Economic Area or the United Kingdom, you have the following rights under the GDPR:

• Right of Access (Art. 15): Request a copy of all personal data we hold about you
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data
• Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
• Right to Restriction (Art. 18): Request that we limit processing of your data in certain circumstances
• Right to Data Portability (Art. 20): Request your data in a structured, commonly used, machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interest, including profiling
• Right to Withdraw Consent (Art. 7): Withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal
• Right Not to be Subject to Automated Decision-Making (Art. 22): We do not make decisions based solely on automated processing that produce legal effects concerning you. The Activity Score and leaderboard rankings are informational features only.

To exercise any of these rights, contact us at contact@walkingcountry.app. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority:

• Netherlands: Autoriteit Persoonsgegevens
• France: CNIL
• Germany: Your state-level data protection authority (BfDI)
• Italy: Garante per la protezione dei dati personali
• Spain: AEPD
• United Kingdom: ICO

9.3 Rights Under the CCPA/CPRA (California Users)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of your personal information
• Request correction of inaccurate personal information
• Opt out of the sale or sharing of personal information (we do not sell your data)
• Not be discriminated against for exercising your privacy rights

Health data from Apple HealthKit is considered "Sensitive Personal Information" under the CPRA. We use it only to provide the App's core fitness tracking and leaderboard features, and never for advertising.

10. Account Deletion

You can delete your account at any time directly within the App by going to Profile → Settings → Delete Account. Account deletion permanently removes:

• Your profile information (name, email, avatar, country)
• All activity and leaderboard history
• All posted workouts and associated photos
• All social connections (followers and following)
• All achievement progress
• Your Firebase Authentication account

Deletion is processed within 30 days. This action is irreversible.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Firebase App Check to verify the authenticity of requests to our backend
• Access controls limiting who can access personal data
• Regular review of our security practices

While we take reasonable precautions, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

12. Children's Privacy

The App is not directed at children. We do not knowingly collect personal data from children under 13 years of age (or under 16 in the EEA, where required by member state law). If we learn that we have collected personal data from a child below the applicable age, we will delete that data promptly. If you believe a child has provided us with personal data, please contact us at contact@walkingcountry.app.

13. Advertising & Tracking

The App includes optional rewarded advertisements provided by Google AdMob. You are never required to watch ads — they are entirely voluntary (used to earn bonus leaderboard steps).

Before any tracking occurs for personalized advertising, the App will display Apple's App Tracking Transparency (ATT) prompt asking for your permission. You can decline, and you will still see ads — they will simply not be personalized.

You can change your tracking preference at any time in your device Settings → Privacy & Security → Tracking.

Health and activity data from Apple HealthKit is never used for advertising or shared with ad networks under any circumstances.

14. Push Notifications

With your consent, we send push notifications about:

• Newly unlocked achievements
• Daily activity reminders

You can manage or disable notifications at any time in the App settings or your device Settings → Notifications.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the App or by other appropriate means before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

For material changes affecting the legal basis of processing or the categories of data collected, we will seek your renewed consent where required by law.

16. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or have a complaint, please contact us:

PE Galyna Bayik
Email: contact@walkingcountry.app

We aim to respond to all requests within 30 days.