ChalkyChalky

Privacy Policy

Last updated: February 2026

1. Introduction

Chalky ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").

We comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and other applicable privacy laws.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address and display name when you create an account.
  • Climbing Data: Sessions, routes, grades, attempts, and notes you log in the app.
  • Media: Photos and videos you choose to attach to your routes.
  • Profile Information: Optional information such as climbing preferences and goals.
  • Waitlist and Communications: Email address if you join our waitlist or contact us for support.

2.2 Information Collected Automatically

  • Device Information: Device type, operating system, and app version.
  • Usage Data: How you interact with the app (features used, session frequency).
  • Location: Only when you explicitly add a location to a session. We do not collect background location data.
  • Push Notification Tokens: If you enable push notifications, we store a device token to deliver notifications. You can disable notifications at any time through your device settings.

2.3 Website Information

Our website does not currently use cookies or third-party analytics services. If we introduce analytics in the future, we will update this policy and use privacy-respecting tools that do not track individual users across websites.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Sync your data across devices
  • Generate statistics and insights about your climbing
  • Send service-related communications (e.g. account verification, security alerts, service updates)
  • Respond to your requests and support inquiries
  • Detect and prevent fraud or abuse

We do not sell your personal information. We do not use your data for advertising purposes.

4. Marketing Communications

If you join our waitlist or opt in to receive updates, we may send you occasional emails about Chalky, including product updates and launch announcements. In accordance with the Spam Act 2003 (Cth):

  • We will only send marketing emails with your consent
  • Every marketing email will include a clear way to unsubscribe
  • We will process unsubscribe requests promptly
  • We will always identify ourselves as the sender

Service-related communications (such as security alerts or account notifications) are not considered marketing and may be sent without separate consent while your account is active.

5. Data Storage and Security

Your data is stored locally on your device and, when you create an account, synced to our secure cloud infrastructure hosted in Australia. We use industry-standard security measures including:

  • Encryption in transit (TLS 1.3)
  • Encryption at rest (AES-256)
  • Secure authentication via Supabase Auth
  • Regular security audits and updates

While we take reasonable steps to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Cross-Border Data Transfers

Our primary data storage is in Australia. However, some of the third-party services we use may process data in other countries:

  • Vercel: Our website may be served from global edge locations for performance. No personal user data is stored at these edge locations.
  • Apple and Google: App distribution and in-app purchase processing may involve servers outside Australia.

In accordance with Australian Privacy Principle 8, before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles your information consistently with the APPs. We select service providers with strong privacy practices and, where possible, configure services to store data in Australian regions.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Waitlist email addresses are retained until you unsubscribe or request deletion.

8. Your Rights

Under Australian privacy law, you have the right to:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information.
  • Export: Export your climbing data in a portable format from within the app.
  • Complaint: Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs.

To exercise these rights, contact us at chalkyclimbing@outlook.com. We will respond to your request within 30 days.

9. Data Breach Notification

In the event of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will:

  • Notify affected individuals as soon as practicable
  • Notify the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988
  • Take reasonable steps to contain the breach and mitigate any harm

10. Third-Party Services

We use the following third-party services:

  • Supabase: Authentication and database hosting (data stored in Australia)
  • Vercel: Website hosting (Sydney region)
  • Apple: App distribution via the App Store and push notification delivery
  • Google: App distribution via Google Play and push notification delivery (Firebase Cloud Messaging)

Each service has its own privacy policy governing their use of your data. We encourage you to review their policies. We do not share your climbing data, photos, or personal notes with any third party except as necessary to provide the core Service (e.g. storing synced data in Supabase).

11. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page, updating the "Last updated" date, and where practicable, notifying you via email or an in-app notification. We encourage you to review this policy periodically.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or want to make a complaint about our handling of your personal information, contact us at:

  • Email: chalkyclimbing@outlook.com
  • Website: https://chalkyclimbing.au