Privacy Policy

Last updated: April 4, 2026

1. Information We Collect

Account Information

When you create an XPG account, we collect your email address and a username you choose. You may optionally sign in with Apple, in which case we receive the information you authorize Apple to share.

Exercise & Activity Data

XPG collects the exercise logs you submit, including exercise type, duration, repetitions, and timestamps. This data powers your in-game progression (XP, stats, levels, streaks).

Device Information

We collect your device type, operating system version, and a device identifier to deliver push notifications and ensure app functionality.

Push Notification Tokens

If you opt in to notifications, we store your device push token to send you personalized notifications. You can disable notifications at any time in the app settings or your device settings.

2. How We Use Your Information

  • To provide and maintain the XPG service, including game progression, leaderboards, and social features
  • To send push notifications you have opted in to (streak reminders, quest updates, daily rewards)
  • To generate personalized notification content using AI (Anthropic Claude)
  • To display your username and level on leaderboards and friend lists
  • To improve the app experience and fix bugs

3. AI-Generated Content

XPG uses Anthropic's Claude AI to generate personalized push notification messages based on your in-game state (class, level, streak, quest progress). Your personal information (email, real name) is never sent to the AI service. Only game-related context (username, class, level, streak status) is used to personalize notifications.

4. Data Sharing

We do not sell your personal information. We share data only with:

  • Supabase — our backend infrastructure provider, which hosts our database and authentication
  • Apple Push Notification service (APNs) — to deliver push notifications to your device
  • Anthropic — to generate personalized notification content (game context only, no personal data)

5. Data Retention

Your account data is retained as long as your account is active. Notification logs are retained for 30 days. If you delete your account, all associated data is permanently removed from our systems.

6. Your Rights

You can:

  • Access and export your data by contacting us
  • Delete your account and all associated data
  • Opt out of push notifications at any time
  • Update your notification preferences in the app settings

7. Security

We use industry-standard security measures including encrypted connections (TLS), secure token storage (iOS Keychain), row-level security on our database, and rate limiting on all API endpoints.

8. Children's Privacy

XPG is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us and we will promptly delete it.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes through the app or by email.

10. Contact

Questions about this policy? Contact us at privacy@getxpg.com.