Privacy Policy

Effective Date: June 25, 2026  ·  Last Updated: June 29, 2026


1. Introduction

Hekta ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect when you use the Hekta iOS application ("App"), how we use it, how we share it, and your rights regarding that information.

By using the App, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.

Hekta is operated by an individual developer based in Washington State, United States.


2. Information We Collect

2.1 Account Information (Apple or Google Sign-In)

Hekta supports Sign in with Apple and Sign in with Google. When you sign in, we receive and store:

2.2 Challenge and Activity Data

When you use the App, we store:

2.3 Device Information

2.4 Advertising Data (Google AdMob)

The free version of Hekta displays banner advertisements served by Google AdMob. With your permission, Hekta shows you personalized ads. The App asks for that permission through Apple's App Tracking Transparency prompt before accessing your device's Identifier for Advertising (IDFA), which AdMob uses to personalize and measure ads across other companies' apps and websites. If you decline, you still see ads, but they are not personalized and no IDFA is used.

To serve and measure those banners, the AdMob SDK may collect:

This data is collected and processed by Google under its own privacy policy, and we do not receive or control it. You can change your tracking choice at any time in iOS Settings under Privacy and Security, then Tracking. Turning tracking off returns your ads to non-personalized. To stop seeing ads entirely, which also stops the AdMob SDK from loading, remove ads through a Hekta Plus subscription or the one-time ad-removal purchase.

2.5 Subscription and Purchase Data

If you purchase a Hekta subscription, we store subscription entitlement records associated with your account, including:

Apple processes all payments and we do not have access to your payment card details, Apple ID password, or billing information. We use this data solely to grant and enforce subscription entitlements within the App.

2.6 Analytics and Diagnostics (Google Firebase)

Hekta uses Google Firebase to understand how the App is used and to keep it stable:

We do not use this data to track you across other companies' apps or websites.


3. Information We Do NOT Collect

To be explicit, Hekta does not collect or store:

All fitness metrics in Hekta (e.g., push-up counts, meditation minutes) are entered manually by you — we do not access any device sensors or Apple Health data.


4. How We Use Your Information

We use the information we collect to:

PurposeData Used
Authenticate your identity and maintain your accountProvider user identifier, internal Hekta user ID
Display your profile to group membersNickname, avatar
Sync your challenge progress across sessionsDaily logs, streak data, group membership
Send push notifications (reminders, streak alerts, group activity, cheers)APNs push token
Deliver only the notification types you've opted intoPush notification preferences
Enable group challenge features (progress sharing, activity feed)Logs, streaks, group membership, activity feed entries
Manage subscription entitlementsSubscription record (Apple original transaction ID, product, dates, status)
Serve advertisements to free usersHandled by AdMob (see Section 2.4)
Investigate abuse, enforce our Terms of Service, and protect usersAny relevant data
Improve and maintain the AppAggregated, de-identified usage patterns

We do not use your data for automated decision-making that produces legal or similarly significant effects.


5. How We Share Your Information

5.1 With Other Users (Group Challenges)

When you join a group challenge, the following is visible to all members of that group:

Do not include sensitive personal information in your nickname, challenge name, skip reason text, or any other free-text field.

5.2 Service Providers

We share data with the following third-party service providers who process data on our behalf:

ProviderPurposeData Shared
Supabase Cloud database and authentication backend All data stored in the App
Apple (Sign in with Apple, APNs, App Store / StoreKit) Authentication, push notification delivery, and subscription processing Provider user identifier, APNs push token, notification content, subscription transaction records
Google (Sign in with Google) Authentication when chosen Google account identifier, email address, and display name (if shared)
Google AdMob Advertising (free tier) See Section 2.4 — AdMob operates independently
Google Firebase (Analytics, Crashlytics) Usage analytics and crash/performance diagnostics In-app event names, internal Hekta user ID, crash and performance diagnostics (see Section 2.6)

Supabase processes data as our data processor and is contractually bound to process your data only as directed by us and in accordance with applicable privacy law.

5.3 Legal Requirements

We may disclose your information if required to do so by law, legal process, or government request, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a legal claim.

5.4 Sale and Sharing of Personal Data

We do not currently sell your personal data. If that ever changes, we will tell you in advance and, where the law requires it, ask for your consent or give you a way to opt out before we do.

Separately from the service providers in Section 5.2 who process data on our behalf, we share one category of data for advertising today. If you allow tracking through the App Tracking Transparency prompt, Google AdMob receives your device Identifier for Advertising (IDFA) to personalize the banner ads shown on the free tier (see Section 2.4). Under some privacy laws, including the California CPRA, sharing an advertising identifier to personalize ads across other companies' apps and websites is treated as cross-context behavioral advertising. You can stop this at any time by turning off tracking in iOS Settings under Privacy and Security, then Tracking, or by removing ads through Hekta Plus or the one-time ad-removal purchase.

5.5 Business Transfers

If Hekta is involved in a merger, acquisition, financing, reorganization, or sale of all or part of its assets, your personal data may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal data, and the data will remain subject to the commitments in this Privacy Policy unless you are told otherwise in advance.

5.6 Aggregated and De-identified Data

We may create and use aggregated or de-identified information that no longer identifies you, for example statistics showing which habits and challenges are most common across all users. We commit to maintaining and using this information only in de-identified form, and we will not attempt to re-identify it. Any public statistics we share are prepared so they do not identify an individual user or group.


6. Push Notifications

If you grant notification permissions, we store your APNs device token in our Supabase database to deliver:

To opt out: Go to iOS Settings > Notifications > Hekta and disable notifications, or adjust settings within the App. Disabling notifications does not delete your account or data.

When you delete your account, your APNs token is removed from our database.


7. Data Retention


8. Children's Privacy

Hekta is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 13, do not use the App.

If we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at hektachallenge@gmail.com.

This practice is in compliance with the Children's Online Privacy Protection Act (COPPA).


9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

California Residents (CCPA/CPRA): You have the right to know what personal information we collect, the right to delete your personal information, the right to opt out of the sale or sharing of your personal information, and the right not to be discriminated against for exercising these rights. As described in Section 5.4, the only sharing we do today is the personalized-ad IDFA sent to Google, which the CPRA treats as cross-context behavioral advertising. You can opt out of that sharing at any time by turning off tracking for Hekta through the App Tracking Transparency prompt or in iOS Settings under Privacy and Security, then Tracking.

To exercise any of these rights, contact us at hektachallenge@gmail.com. We will respond within 30 days.


10. Data Security

We take reasonable measures to protect your data:

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.


11. Third-Party Links and Services

The App integrates with third-party services (Supabase, Google AdMob, Apple). This Privacy Policy does not apply to those third parties' own data collection practices. We encourage you to review their privacy policies:


12. International Users

Hekta is operated from the United States. If you are accessing the App from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

European Users (GDPR): Our legal basis for processing your data is the performance of our contract with you (that is, providing the App). For personalized advertising on the free tier, our legal basis is your consent. In the European Economic Area and the UK, we collect that consent through a Google-certified consent form shown before any ad loads, in addition to Apple's App Tracking Transparency prompt. You can withdraw consent at any time in iOS Settings, which returns your ads to non-personalized, or remove ads entirely through Hekta Plus or the one-time ad-removal purchase. For usage analytics, our legal basis is your consent, which you can withdraw in the App's settings. You may have additional rights under GDPR including the right to lodge a complaint with your local supervisory authority.

If we ever sell or share your personal data beyond the practices described in this policy, our legal basis for that processing will be your explicit consent. We will collect that consent before any such sale or sharing, and you can withdraw it at any time.


13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this document. Material changes will be communicated through an in-app notice or a prompt at next app launch. Your continued use of the App after changes take effect constitutes your acceptance of the revised policy.


14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: hektachallenge@gmail.com

We will respond to privacy-related inquiries within 30 days.


This Privacy Policy was last updated on June 29, 2026.