Gait — Privacy Policy
Last updated: May 25, 2026
This Privacy Policy describes how Gait ("we", "us", "our") collects, uses, and shares information when you use the Gait mobile app. We try to keep this short and readable.
1. Information We Collect
Account information. When you sign in with Apple or Google, we receive your email address and (depending on your provider settings) your name. We do not see or store your Apple/Google password.
Profile information. Information you choose to add: display name, username, bio, avatar photo, role (owner / competitor / trainer), stable name, years of experience.
Horse information. Information you enter about your horse(s): name, breed, age, discipline, photo, microchip number, allergies, vet contact, insurance details, ongoing conditions, vaccination history, medications and supplements, withdrawal periods.
Health and care records. Care schedules, health events, costs, documents you upload (e.g. vet records, X-rays).
Ride data. Date, duration, route (GPS coordinates with timestamps, speed, elevation), distance, location, mood, notes, photos, gait segments derived from your phone's motion sensors. Background location is recorded only while a ride is actively being tracked.
Social activity. Posts, captions, comments, likes, follows, blocks, reports. If you set a ride to Public or Followers, that ride and its content become visible to the people you've allowed to see it.
Subscription information. Whether you have an active subscription, your trial status, the plan you're on, and (when applicable) the creator code that brought you in. Payment card details are handled by Apple or Google — we never see them.
Device and usage information. App version, OS, device model, push notification token, crash logs, and product-analytics events (e.g. screen views, button taps, paywall outcomes). We do not collect contacts, microphone, camera roll, calendar, or health-kit data unless you explicitly grant access for a feature that uses it (currently only photos for ride and avatar uploads).
We do not collect or store your phone's contacts, your call history, your microphone audio, your messaging app contents, or your browsing history outside the App.
2. How We Use Information
- Provide and operate the App (sign you in, save your data, sync across devices)
- Run the social features you opt into (feed, follows, comments, likes)
- Send you the in-app reminders you've configured (care due, ride nudge, trial ending, social activity)
- Process subscriptions through the App Store / Play Store via RevenueCat
- Detect bugs and crashes (Sentry) and improve product flows (PostHog)
- Comply with legal obligations and enforce our Terms of Service
- Respond to support requests and reports
We do not sell your personal information. We do not use your data for third-party advertising. We do not train machine-learning models on your private rides or horse data.
3. How Information Is Shared
Other users. Anything you mark Public or Followers — rides, captions, photos, comments, likes, your display name, username, avatar, and bio — is visible to other Gait users in line with your visibility settings. Private rides are visible only to you.
Service providers. We use these processors to operate the App. Each receives only what's needed:
- Supabase — database, authentication, and storage hosting (United States)
- RevenueCat — subscription management and entitlement checks
- Apple / Google — payment processing, push notification delivery (APNs / FCM), Sign-In with Apple / Google
- Sentry — crash and error reporting
- PostHog — product analytics (US cloud)
Legal. We may disclose information when required by law, subpoena, court order, or to protect rights, safety, or property.
Copyright complaints. If you submit a DMCA notice (see Terms of Service §17), we may share the contents of your notice — including your contact information — with the user whose content is at issue, as required by 17 U.S.C. § 512.
Business transfers. If we are acquired or merge, your information may transfer to the acquirer subject to this Policy.
4. Data Retention
- Active account data is retained while your account exists.
- Deleting your account (Settings → Delete Account) removes your profile, horses, rides, photos, comments, follows, blocks, and social content from our active systems.
- Aggregate, non-identifying analytics may be retained.
- Backups and audit logs (e.g. the account-deletion audit row, financial records required by law) may persist for a limited period after deletion.
- Content others have copied (e.g. screenshots) is outside our control.
5. Your Choices and Rights
In-app controls.
- Edit or delete your profile, horses, rides, posts, and comments at any time.
- Set per-ride visibility (Public / Followers / Private). Change your default in your profile settings.
- Block another user — they will not see you and you will not see them.
- Toggle notification permissions in your phone's system settings.
- Toggle location permissions in your phone's system settings (the App only records location during an active ride).
- Toggle photo library access in your phone's system settings.
- Delete your account in Settings → Delete Account.
Privacy rights. Depending on where you live, you may have the right to access, correct, delete, or port your personal data, and to object to or restrict certain processing. Email hello.gait.app@gmail.com to make a request. We may need to verify your identity before acting.
California residents: see the dedicated California Residents (CCPA / CPRA) section below for the categories of personal information we collect, your rights under California law, and how to exercise them.
EU/UK (GDPR), and similar jurisdictions. We rely on these legal bases to process data: performance of our contract with you (operating the App), consent (e.g. push notifications, location), legitimate interests (security, debugging, fraud prevention), and legal obligations. You may withdraw consent at any time without affecting prior processing.
6. Children
Gait is not directed at children under 13 and we do not knowingly collect their personal information. If you believe a child has provided us information, contact us and we will delete it.
7. Security
We use industry-standard measures to protect your data, including TLS in transit, encryption at rest at our cloud providers, and row-level security in our database. No system is perfectly secure; you use the App at your own risk and are responsible for keeping your sign-in credentials and your device safe.
8. International Data Transfers
We are based in the United States and our service providers are located primarily in the United States. If you use Gait from outside the US, your data will be transferred to and processed in the US, which may have different data-protection laws than your country.
9. Changes to This Policy
We may update this Policy from time to time. The "Last updated" date at the top reflects the most recent version. Material changes will be communicated in-app or by email. Continued use of the App after the effective date constitutes acceptance.
10. California Residents (CCPA / CPRA)
This section supplements the rest of this Policy and applies to California residents under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (together, "CCPA").
Categories of personal information we collect
In the past 12 months we have collected the following categories of personal information about California residents. We collect this information directly from you (when you provide it), from your device (sensors, location, OS metadata), and from our service providers (Apple, Google, RevenueCat) when you interact with them on our behalf.
| CCPA Category | What we collect | Business purpose |
|---|---|---|
| Identifiers | Account email, name, user ID, device push token | Sign-in, account operation, notification delivery |
| Customer records | Display name, username, profile photo, role, stable name, bio | Profile features |
| Commercial information | Subscription status, plan, trial state, creator code (if any), refund history | Subscription management |
| Internet or other electronic network activity | App version, OS, device model, screen views, button taps, paywall outcomes, error logs | Bug detection, product improvement |
| Geolocation data — including precise geolocation, treated as Sensitive Personal Information | GPS coordinates during an active ride only, derived distance, speed, elevation, route | Ride tracking, optional sharing of rides you mark public, your own history |
| Sensory data | Ride photos and avatar/horse photos you upload; phone motion sensor readings during a ride (used to derive gait classification — raw readings are discarded after derivation) | Photo features, gait detection |
| Inferences | Ride summaries (totals, streaks, badges), care-due predictions derived from your schedules | Reflective journaling, reminders |
We do not collect: biometric identifiers, professional or employment information, education records, racial or ethnic origin, religious or philosophical beliefs, union membership, health insurance details about you, genetic data, sexual orientation, or the contents of your mail, email, or text messages.
Sensitive Personal Information (SPI)
Under CPRA, precise geolocation is Sensitive Personal Information. We collect precise geolocation only during an active ride, and only when you grant the OS-level location permission. We use it solely to deliver the ride-tracking feature you started (record route, distance, speed, elevation) and do not use it to infer characteristics about you. You can stop the recording at any time inside the App, and revoke location permission in your phone's system settings.
Sale and sharing of personal information
We do not sell personal information for money, and we do not share personal information for cross-context behavioral advertising, as those terms are defined under CCPA. We have not sold or shared the personal information of any California resident in the preceding 12 months. We do not have actual knowledge of selling or sharing the personal information of consumers under 16 years of age.
Because we do not sell or share, we do not maintain a "Do Not Sell or Share My Personal Information" link.
Your CCPA / CPRA rights
If you are a California resident, you have the right to:
- Know what personal information we have collected about you, the categories of sources, the purposes for collecting it, the categories of third parties we have disclosed it to, and the specific pieces of personal information we hold about you.
- Delete the personal information we have collected about you, subject to statutory exceptions (e.g. information needed to complete a transaction, detect security incidents, comply with legal obligations, or as otherwise permitted by CCPA §1798.105(d)).
- Correct inaccurate personal information.
- Opt out of the sale or sharing of your personal information — not applicable because we do neither (see above).
- Limit the use and disclosure of Sensitive Personal Information — we use SPI (precise geolocation) only to provide the ride-tracking feature you requested and do not use it to infer characteristics. Stopping a ride or revoking location permission prevents further SPI collection.
- Data portability — receive a copy of your personal information in a portable, machine-readable format.
- Non-discrimination — we will not deny you service, charge you a different price, or provide a different quality of service because you exercised any of these rights.
How to submit a request
Email hello.gait.app@gmail.com with the subject line "CCPA Request" and the type of request (Know / Delete / Correct / Portability). Several of these can also be self-served inside the App:
- Delete: Settings → Delete Account (immediate, no email needed)
- Correct: edit your profile, horses, rides, or comments directly inside the App
- Know / Portability: request via email; export tooling is in development
We will acknowledge your request within 10 business days and respond within 45 calendar days. We may extend by another 45 days if necessary, and we will notify you in advance if we do.
Verification
To protect your data, we will verify your identity before fulfilling Know, Delete, Correct, or Portability requests. For account-tied requests we will match the request email to the email on your Gait account. For sensitive or higher-risk requests we may ask additional questions to confirm your identity.
Authorized agents
You may authorize an agent to submit a request on your behalf. The agent must provide written authorization signed by you, and we may contact you directly to confirm the authorization before acting. For account deletion we strongly prefer the account holder submit the request directly through the in-app flow.
Minors
We do not knowingly collect personal information from individuals under 13 (in compliance with the federal Children's Online Privacy Protection Act). Under CCPA, we also will not sell or share the personal information of California residents under 16 — and as noted above, we do not sell or share personal information at all.
California "Shine the Light" (Civil Code §1798.83)
We do not disclose California residents' personal information to third parties for those parties' direct marketing purposes.
Financial incentives — creator codes
A valid creator code entered during onboarding qualifies you for a discounted monthly subscription ($14.99/mo instead of $19.99/mo). Entering a code is optional, costs you nothing, and is not contingent on providing additional personal information beyond completing standard sign-up. You may decline to enter a code without any change to your level of service other than the price.
11. Contact
Privacy questions, requests, or complaints: hello.gait.app@gmail.com