Your data, plainly explained.

BoldStep ("we", "us") is a dating confidence training app. This policy explains what data we collect, why we collect it, and what rights you have over it. We are subject to UK GDPR.

Last updated: April 2026

What we collect

Account data

When you create an account: email address, username, and display name. Your avatar if you choose to upload one.

Usage data

Challenge completions, XP earned, streak counts, and level progress. Reflection entries (your written responses after challenges) — these are strictly private and are never visible to other users or used for any purpose other than your own journal and weekly coaching summaries.

Community content

Posts you choose to share to the community feed, including any challenge context you include. Anonymous posts are stored without your name or avatar but are still linked to your account internally.

Payment data

Payments are processed by Stripe. We store your subscription status, plan, and billing period. We never see or store your card number or full payment details.

Device data

If you enable push notifications, we store a device push token via Expo to deliver reminders. You can disable notifications at any time in Settings.

How we use your data

→To provide and personalise the app — challenges, XP, streaks, and your stall-point focus
→To generate your weekly AI coaching recap using anonymised performance stats (not reflection text) via Google Gemini
→To process payments and manage your subscription via Stripe
→To send daily challenge reminders if you opt in
→To investigate reports of community guideline violations
→To improve the app — aggregated, anonymised usage patterns only

We do not sell your data to third parties. We do not use your data for advertising.

Third-party services

Supabase

Database and authentication. Data is stored on servers in the EU. Supabase Privacy Policy: supabase.com/privacy

Stripe

Payment processing. Card data never touches our servers. Stripe Privacy Policy: stripe.com/privacy

Google Gemini

AI coaching summaries. We send anonymised weekly performance statistics (category scores, anxiety trends, outcome labels). No personally identifiable information or reflection text is sent. Google Privacy Policy: policies.google.com/privacy

Expo

Push notification delivery. Device tokens are stored to send challenge reminders. Expo Privacy Policy: expo.dev/privacy

Data retention

We keep your data for as long as your account is active. If you delete your account, all personal data is deleted within 30 days. Aggregated, anonymised analytics may be retained indefinitely as they cannot be traced back to you. Payment records may be retained for up to 7 years for legal and tax purposes.

Your rights (UK GDPR)

As a UK resident, you have the right to:

·Access — request a copy of the data we hold on you
·Rectification — correct inaccurate data
·Erasure — request deletion of your account and all associated data
·Portability — receive your data in a machine-readable format
·Restriction — ask us to limit how we process your data
·Objection — object to processing based on legitimate interests

To exercise any of these rights, email contact@boldstep.uk. We will respond within 30 days.

Cookies

The mobile app does not use cookies. This website uses no tracking or advertising cookies — only a functional session cookie for the Stripe checkout flow.

Changes to this policy

If we make material changes, we will notify you via the app or email before the changes take effect. Continued use of BoldStep after that date constitutes acceptance of the updated policy.

Contact

Questions about this policy or your data: contact@boldstep.uk