Privacy Policy
Your data, plainly explained.
BoldStep ("we", "us") is a dating confidence training app. This policy explains what data we collect, why we collect it, and what rights you have over it. We are subject to UK GDPR.
Last updated: May 2026
What we collect
Account data
When you create an account: email address, username, and display name. Your avatar if you choose to upload one.
Usage data
Challenge completions, XP earned, streak counts, and level progress. Reflection entries (your written responses after challenges) — these are strictly private and are never visible to other users or used for any purpose other than your own journal and weekly coaching summaries.
Community content
Posts you choose to share to the community feed, including any challenge context you include. Anonymous posts are stored without your name or avatar but are still linked to your account internally.
Payment data
Bold features are currently included free during early access. If you have or later buy an iOS subscription, it is processed by Apple In-App Purchase and managed through RevenueCat. We store your subscription status, product identifier, billing store, and expiry or renewal date. We never see or store your card number or full payment details.
Device data
If you enable push notifications, we store a device push token via Expo to deliver reminders. You can disable notifications at any time in Settings.
Diagnostics
We collect crash reports and basic diagnostic data such as device type, app version, operating system, and error details through Sentry to help us find and fix bugs. We do not use diagnostics for advertising.
How we use your data
- →To provide and personalise the app — challenges, XP, streaks, and your stall-point focus
- →To generate your weekly AI coaching recap using anonymised performance stats (not reflection text) via Google Gemini
- →To process payments and manage subscription access through Apple In-App Purchase and RevenueCat where applicable
- →To send daily challenge reminders if you opt in
- →To investigate reports of community guideline violations
- →To improve the app — aggregated, anonymised usage patterns only
We do not sell your data to third parties. We do not use your data for advertising.
Third-party services
Supabase
Database and authentication. Data is stored on servers in the EU. Supabase Privacy Policy: supabase.com/privacy
Apple App Store
iOS in-app purchase processing and subscription management. Apple Privacy Policy: apple.com/legal/privacy
RevenueCat
Subscription entitlement management and webhook events. RevenueCat helps us confirm whether your Bold access is active. RevenueCat Privacy Policy: revenuecat.com/privacy
Google Gemini
AI coaching summaries. We send anonymised weekly performance statistics (category scores, anxiety trends, outcome labels). No personally identifiable information or reflection text is sent. Google Privacy Policy: policies.google.com/privacy
Expo
Push notification delivery. Device tokens are stored to send challenge reminders. Expo Privacy Policy: expo.dev/privacy
Sentry
Crash reporting and diagnostics. Sentry helps us identify app errors and stability issues. Sentry Privacy Policy: sentry.io/privacy
Data retention
We keep your data for as long as your account is active. If you delete your account, all personal data is deleted within 30 days. Aggregated, anonymised analytics may be retained indefinitely as they cannot be traced back to you. Payment, entitlement, and transaction records may be retained for up to 7 years for legal, tax, fraud-prevention, and account-support purposes.
Your rights (UK GDPR)
As a UK resident, you have the right to:
- ·Access — request a copy of the data we hold on you
- ·Rectification — correct inaccurate data
- ·Erasure — request deletion of your account and all associated data
- ·Portability — receive your data in a machine-readable format
- ·Restriction — ask us to limit how we process your data
- ·Objection — object to processing based on legitimate interests
To exercise any of these rights, email contact@boldstep.uk. We will respond within 30 days.
Cookies
The mobile app does not use cookies. This website uses no tracking or advertising cookies.
Changes to this policy
If we make material changes, we will notify you via the app or email before the changes take effect. Continued use of BoldStep after that date constitutes acceptance of the updated policy.
Contact
Questions about this policy or your data: contact@boldstep.uk