Privacy Policy

StepQuest · Last updated April 2026

StepQuest is operated by the StepQuest team ("we", "us", or "our"). This policy explains what information StepQuest collects, why we collect it, and how you can control it. We will never sell your personal data.

Information We Collect

Health Data (HealthKit)

StepQuest reads step count and walking distance from Apple Health. This data is used only to track your progress on walking quests. It is never shared with advertisers, data brokers, or any third party, and it is not used for any purpose beyond operating the app's core features.

Step count. We read your daily step count from HealthKit to show quest progress and achievement milestones.
Walking distance. We read walking and running distance to calculate how far you've traveled on a quest route.

HealthKit data is processed on-device. Step counts and distances may be sent to our server to record quest completion, but only in aggregate (total steps for a session). Your raw Health data is never transmitted or stored on our servers. You can revoke HealthKit access at any time in iOS Settings > Privacy & Security > Health > StepQuest.

Location Data

Approximate location. We request location access to generate quests near you and to display your position on the in-app map during a walk. Location is used only while you are actively using the app ("when in use" permission).
We do not store your precise GPS coordinates on our servers. Quest generation uses your location to query nearby points of interest, after which the location is discarded.
You can revoke location access at any time in iOS Settings > Privacy & Security > Location Services > StepQuest.

Account Information

Sign In with Apple. If you sign in with Apple, we receive an anonymized user identifier and, optionally, your name and email address (only on first sign-in, as Apple allows). We store the identifier to link your quests, achievements, and friends across devices.
Sign In with Google. If you sign in with Google, we receive your Google account identifier, name, and email address. We use this only to create and identify your account.
Username. You may set a display name that is visible to friends you connect with in the app.

Analytics

We use PostHog to collect anonymized usage events: for example, when you start a quest, complete a walk, or open the app. These events help us understand how the app is used so we can improve it. PostHog is configured to anonymize data and does not build advertising profiles. You can opt out of analytics in Settings.

Push Notifications

If you grant notification permission, Apple provides a device token we store to send you quest reminders, friend-related alerts (e.g., a friend started a quest), and achievement notifications. You can revoke permission in iOS Settings at any time.

Purchase Records

If you purchase a Pro subscription, the transaction is processed entirely by Apple. We receive a receipt confirmation from Apple's StoreKit framework to unlock features. We do not see or store your payment information.

App Preferences

Settings like notification preferences, sound preferences, and quest goals are stored locally on your device using iOS UserDefaults, and may also be stored on our server associated with your account so they sync across your devices.

How We Use Your Information

To generate personalized walking quests based on your location
To track and display your quest progress using HealthKit data
To operate the friends system and enable quest sharing
To send push notifications for quests, friends, and achievements
To confirm Pro subscription purchases and unlock features
To analyze aggregate usage patterns and fix bugs
To sync your preferences and achievements across devices

Data Sharing and Third Parties

We share data with the following third parties only to the extent needed to operate the app:

PostHog: analytics platform. Receives anonymized usage events. PostHog's privacy policy is at posthog.com/privacy.
Apple HealthKit: provides step and distance data on-device. Apple's privacy policy is at apple.com/legal/privacy.
Apple StoreKit: processes all in-app purchases. We never see your payment details.
Apple Push Notification Service (APNs): routes push notifications to your device.
Apple Sign In / Google Sign In: provides your identity when you authenticate.

HealthKit data is never shared with third parties. We do not share data with advertising networks or data brokers.

Data Retention

Account data (username, quest history, achievements) is retained as long as your account is active. You can request account deletion by emailing us.
Analytics events are retained by PostHog for up to 1 year.
Push tokens are removed if they become invalid (e.g., you reinstall the app or revoke permission).
HealthKit data is only read on-device and is not stored on our servers beyond session-level aggregates.

Your Rights

You may request access to or deletion of your account data at any time. To do so, email support@getstepquest.com with the email or identifier associated with your account. We will fulfill deletion requests within 30 days. Deleting your account removes your profile, quest history, achievements, and friends from our servers. HealthKit data remains in Apple Health, which you control independently.

You can also delete your account from within the app in Settings.

Children's Privacy

StepQuest is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete that information as quickly as possible. We rely on the App Store's age rating and parental Screen Time / Family Sharing controls as the practical age gate; we do not implement an in-app age check because creating one would itself collect more data from children than the current architecture does.

We do not:

Knowingly collect, use, or disclose personal information from children under 13
Use children's data for targeted advertising or create profiles of child users
Share any child's personal information with third parties (beyond what is described in this policy for all users)

If you are a parent or guardian and believe your child under 13 has provided personal information to StepQuest, please contact us at support@getstepquest.com. We will verify the request and delete the child's information within 30 days.

California (CCPA / CPRA) Notice

If you are a California resident, the CCPA / CPRA gives you the right to know what personal information we collect, the right to delete it, the right to correct it, and the right not to be discriminated against for exercising those rights.

Mapped to the CCPA's enumerated categories, the personal information we collect is: Identifiers (account identifier from Sign In with Apple or Sign In with Google, optional name and email, username, APNs push token); Commercial information (Pro subscription receipts via Apple StoreKit); Internet or other electronic network activity information (anonymized analytics events, in-app interactions, friend and quest activity); Geolocation data (approximate location for quest generation, used while the app is in use and not retained on our servers); and Health data (step counts and walking distance read from Apple HealthKit on-device only — never transmitted to our servers in raw form, only as session-level aggregates tied to a quest).

We do not sell or share personal information as those terms are defined under the CCPA / CPRA, and we have not done so in the preceding twelve months. To exercise any CCPA right, email support@getstepquest.com, or use the in-app Settings → Delete Account flow.

EU / UK (GDPR) Notice

If you are in the EU or UK, the GDPR gives you rights of access, rectification, deletion, restriction, portability, and objection regarding personal data we process about you.

Lawful basis (per processing activity): we rely on your explicit consent for HealthKit step and distance data (granted via Apple's HealthKit permission prompt — special-category data under GDPR Article 9); on your consent for analytics events (which you can withdraw at any time via the in-app Settings toggle); on performance of a contract for account creation, quest generation, friends features, and Pro subscriptions; on our legitimate interest in operating the share-link feature you requested and in keeping the app stable; and on Apple's separate iCloud, HealthKit, and Push Notification Service agreements with you for data processed by Apple on your behalf.

International transfers: PostHog is a US-based processor. Transfers from the EU and UK rely on the Standard Contractual Clauses incorporated into PostHog's Data Processing Agreement. Apple's role for HealthKit, StoreKit, APNs, and Sign In with Apple is governed by Apple's own platform agreements. Google's role for Sign In with Google is governed by Google's privacy policy.

To exercise any GDPR right, email support@getstepquest.com. We respond to data-rights requests within 30 days (GDPR) or 45 days (CCPA), whichever applies and whichever is shorter.

Changes to This Policy

We may update this policy as the app evolves. Material changes will be noted in the app's release notes, and the "last updated" date at the top of this page will be revised. Continued use of the app after changes constitutes acceptance of the updated policy.

Questions? Reach us at support@getstepquest.com.