Privacy Policy

Effective: June 16, 2026

Home Support

Overview

Bara ("we," "our," or "the app") is a step-tracking challenge app for iOS and Android. This policy explains what data we collect, how we use it, and your rights. We believe in collecting only what's necessary to make the app work.

Health Data

Bara reads your daily step count with your explicit permission — from Apple HealthKit on iOS and from Android Health Connect on Android. We request read-only access — we do not write to or modify your health data in any way. Your step count is synced to our server solely to display your daily progress and power step races and head-to-head challenges.

Your health data (from HealthKit or Health Connect) is never used for advertising, is never sold to third parties, and is never shared with third parties for marketing or data-brokering purposes.

You can revoke health access at any time: on iOS in Settings → Privacy & Security → Health → Bara; on Android in the Health Connect app (or Settings → Security & privacy → Health Connect) under app permissions → Bara. If you revoke access, the app will no longer read your step count.

Information We Collect

Account identifier (Apple / Google)

Account creation and sign-in — via Sign in with Apple on iOS, and Google Sign-In on Android. We receive only the opaque user identifier the provider supplies — we do not access your Apple ID or Google password.

Display name

A name you choose so friends can find and challenge you. Visible to other Bara users.

Daily step count

Read from HealthKit (iOS) or Health Connect (Android) to show progress and calculate challenge results. Stored on our server with a date stamp.

Step goal

An optional daily goal you set to track personal progress.

Friends list & requests

To enable friend discovery, challenge matchups, and showing friends' step progress.

Challenge & stake data

Records of your weekly challenges, matchups, and negotiated stakes with friends.

Push notification token (APNs / FCM)

Registered with our server to deliver push notifications about race and challenge updates — Apple Push Notification service on iOS, Firebase Cloud Messaging on Android. Stored only while notifications are enabled.

Authentication is via Sign in with Apple on iOS and Google Sign-In on Android. When you sign in, the provider gives us an opaque user identifier and, if you choose to share it, an email address. With Apple's "Hide My Email," we receive only Apple's relay address — we never see your real email. We do not access your Apple ID or Google password. The two providers are independent identities; an Apple (iOS) account and a Google (Android) account are not automatically linked.

How We Use Your Data

All data we collect is used exclusively to operate the app: to show your daily step count and goal progress, to run weekly challenges and display head-to-head results, to let friends find and challenge you, and to send you notifications about challenge activity when you've opted in. We do not use your data for advertising, analytics profiling, or any purpose unrelated to the app's core functionality.

Data Sharing

Your step count and display name are visible to friends you've accepted in the app. This is necessary for the challenge feature — if you're in a head-to-head challenge, your opponent can see your step progress for that week. We do not sell, rent, or share your personal data with any third parties for their own use. We do not use third-party analytics SDKs or advertising frameworks.

Storage & Security

Your data is stored on our server infrastructure. We use HTTPS for all data in transit. Session tokens are used for authentication and are refreshed regularly. Locally on your device, the app caches session credentials, health-authorization state, notification preferences, and your display name and step goal using the device's local storage (iOS and Android).

Data Deletion

You can sign out at any time from the Settings tab, which clears your local session data and unregisters your device from push notifications. To request complete deletion of your account and all data from our servers, email support@barastep.com. We will process deletion requests within 30 days.

Children's Privacy

Bara is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.

Changes & Contact

If we make material changes to this policy, we will update this page with a new effective date. Continued use of Bara after changes take effect constitutes acceptance of the updated policy. Questions or concerns? Reach us at support@barastep.com.