Privacy Policy

Effective date: 2025-08-27

Privacy Policy for Galbi

Effective date: 2025-08-27

This Privacy Policy explains how Zakaria Kerkeb (“we”, “us”, “our”) collects, uses, and protects your information when you use the Galbi mobile application (the “App”).

  • Purpose. The App helps you view and manage personal health and activity metrics (e.g., heart rate, steps, energy, exercise minutes, distance, floors climbed, stand minutes) and related insights.
  • Controller. Zakaria Kerkeb, Sole Proprietor (Self-Employed), 4 Rue fréderic schneider, 75018 Paris, is responsible for your information. Contact: contact@kerkeb.com.
  1. Information We Collect
  • Account data: email, authentication and session data through our auth provider.
  • Profile and preferences: units (km/mi, kcal/kJ), time format, notification settings, privacy toggles (analytics, crash reports, insights).
  • Health data (via Apple HealthKit, only with your explicit permission):
    • Heart rate, step count, exercise minutes, active calories, walking/running distance, flights climbed, basal calories, stand minutes.
  • Device and usage data: in-app events and diagnostics when enabled, including crash logs (Sentry) and optional analytics.
  • Purchase data: subscription status and entitlements (RevenueCat), and, if applicable, payment metadata handled by Apple/Google or Stripe.
  • Notifications: push token and delivery status (if you enable notifications).
  1. How We Use Information
  • Provide core features: display metrics, compute summaries, show insights (e.g., “Rewind” stories), and personalize your dashboard.
  • Improve reliability and safety: diagnose issues, prevent abuse, and enhance performance.
  • Communications: send in‑app messages and push notifications you opt into (e.g., reminders, tips).
  • Subscriptions and payments: manage entitlements and purchases, verify receipts, and handle billing via platform providers or Stripe.
  • Legal compliance: meet legal, regulatory, and contractual obligations.
  1. HealthKit and Sensitive Data
  • HealthKit data is accessed only with your explicit consent and used solely to provide in‑app health features.
  • We do not use HealthKit data for advertising or sell this data to third parties.
  • You can review and revoke Health permissions at any time in the Apple Health app.
  1. Legal Bases (if applicable under GDPR/UK GDPR)
  • Contract: to provide the App and services you request.
  • Consent: HealthKit access, analytics, crash reporting, and notifications are opt‑in.
  • Legitimate interests: service security, fraud prevention, and product improvement.
  • Legal obligation: where required by law.
  1. Data Sharing
  • Service providers (processors) under contract, only as needed to deliver the App:
    • Hosting and database: [Hosting/Supabase/Cloud Provider].
    • Subscriptions: RevenueCat (entitlements/paywalls).
    • Payments: Apple/Google in‑app billing and/or Stripe (if used).
    • Crash reporting: Sentry (diagnostics).
    • Notifications: [Push Provider/Expo] (delivery).
  • We do not sell personal data. We disclose data if required by law or to protect rights, safety, and security.
  1. Data Storage and Retention
  • Data is stored in secure cloud infrastructure and on‑device caches to improve performance and offline access.
  • We retain data while your account is active and as needed for legitimate purposes (e.g., compliance, dispute resolution).
  • You may request deletion; see “Your Rights” below.

  1. International Transfers International Transfers. We store and process personal data within the EEA, the UK, and Switzerland and do not transfer personal data to countries outside these regions. If this changes, we will implement appropriate safeguards (e.g., EU Standard Contractual Clauses, UK Addendum/IDTA, Swiss clauses) and update this Policy accordingly.

  2. Your Choices and Rights

  • Health permissions: managed in the Apple Health app.
  • Preferences: in‑app “Preferences” to change units, notifications, and privacy toggles (analytics, crash reports, insights).
  • Access, correction, deletion, and portability requests: contact us at contact@kerkeb.com.
  • Withdraw consent and object/restrict processing where applicable by law.
  • For platform subscriptions, manage/cancel via your App Store/Google Play settings.
  1. Children’s Privacy
  • The App is not intended for children under 16. Do not use the App if you do not meet this requirement.
  1. Security
  • We use administrative, technical, and organizational measures such as encryption in transit, access controls, and monitoring. No method is 100% secure.
  1. Third‑Party Links
  • The App may link to third‑party sites (e.g., Privacy Policy, Terms). We are not responsible for their practices.
  1. Changes to This Policy
  • We may update this Policy. We will notify you of material changes in‑app or via email. Continued use after the effective date means you accept the updated Policy.
  1. Contact
  • Zakaria Kerkeb, 4 rue fréderic schneider, 75018 Paris, France
  • Email: contact@kerkeb.com
  • Data Protection Officer (DPO): Not appointed (not legally required at this time).
  • Privacy Contact: contact@kerkeb.com