Privacy Policy

Last updated: January 11, 2025

1. Introduction

Carve ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our fitness tracking application and website (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Waitlist Registration: Email address, consent timestamp, and IP address for verification purposes
  • Account Information: Name, email, profile photo (when app launches)
  • Fitness Data: Workouts, exercises, personal records, body measurements, photos (optional)

2.2 Automatically Collected Information

  • Usage Data: Pages visited, features used, time spent, interactions
  • Device Information: Device type, operating system, browser type, IP address
  • Analytics: Aggregated, anonymized usage statistics via Plausible Analytics (privacy-first, no cookies)

3. How We Use Your Information

We use your information for the following purposes:

  • Provide the Service: Enable core features like workout tracking, progress visualization, and social features
  • Waitlist Management: Send launch notifications and early access invitations
  • Improve the Service: Analyze usage patterns to enhance features and user experience
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Communication: Send important updates, security alerts, and support messages
  • Legal Compliance: Comply with legal obligations and enforce our Terms of Service

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • With Your Consent: When you explicitly opt-in to public profiles or social features
  • Service Providers: Third-party vendors who assist in operating the Service (Supabase for database, Vercel for hosting, Plausible for analytics)
  • Legal Requirements: If required by law, court order, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)
  • Public Features: Data you choose to make public (leaderboards, public profiles) is visible to other users

5. Your Privacy Rights (GDPR & CCPA)

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure ("Right to be Forgotten"): Request deletion of your data
  • Data Portability: Receive your data in a machine-readable format
  • Withdraw Consent: Opt-out of waitlist or delete your account anytime
  • Object to Processing: Object to certain types of data processing

To exercise these rights, contact us at privacy@carve.wiki. We will respond within 30 days.

6. Data Retention

We retain your data for the following periods:

  • Waitlist Data: Until you verify your email or request deletion (whichever comes first)
  • Account Data: Until you delete your account + 30 days for backup retention
  • Workout Data: Until account deletion (you can export your data before deleting)
  • Analytics: Aggregated, anonymized data retained for up to 2 years

7. Security

We implement industry-standard security measures to protect your data:

  • End-to-end encryption for data in transit (HTTPS/TLS)
  • Encrypted database storage via Supabase
  • Row-level security (RLS) policies to prevent unauthorized access
  • Regular security audits and updates
  • Bot protection via Cloudflare Turnstile

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Cookies and Tracking

We use minimal tracking technologies:

  • Essential Cookies: Required for authentication and security (cannot be disabled)
  • Analytics: Plausible Analytics (privacy-first, no cookies, no cross-site tracking)
  • No Third-Party Advertising: We do not use advertising cookies or share data with ad networks

9. Children's Privacy

The Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@carve.wiki.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure adequate safeguards are in place (such as Standard Contractual Clauses) to protect your data in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Material changes will be communicated via email or in-app notification. Your continued use of the Service after changes indicates acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

13. Third-Party Services

Our Service uses the following third-party providers:

← Back to Home