Pledge – Privacy Policy

Pledge (“Pledge”, “we”, “us”, or “our”) operates the Pledge mobile application and related websites (the “Services”). This Privacy Policy explains how we collect, use, disclose, and protect information when you use the Services.

1) Information We Collect

Account & Profile

Name, display name, email address, password (stored hashed), and optional profile photo.
Settings, preferences, communications with us.

Challenge Activity

Challenges you create/join, progress updates (e.g., completions, failures), streaks, winnings, and leaderboard placement.
User-generated content you post within a challenge (e.g., text, images you choose to share).
Device and usage data (app version, device model, OS, time stamps, diagnostics/crash reports, and interactions).

Payments, Custody & Payouts (Wise)

We use Wise (Wise Payments / Wise Transfers) to hold funds in challenge pots and to pay out winnings to users. We may also use Apple In‑App Purchase / Apple Pay and/or Stripe for certain payments. As part of payouts we collect payout details such as account holder name, bank name, BSB / sort / routing numbers, and IBAN/account number.

Storage: Where possible, full bank details are stored by Wise and we store only a token linking your Pledge account to your Wise payout method plus limited descriptors (e.g., bank name and last digits). If we must temporarily collect details to transmit to Wise, we encrypt them in transit and at rest and remove them after successful transfer.
KYC/AML: Wise may require identity information (e.g., legal name, date of birth, address, government ID) to meet Know‑Your‑Customer and anti‑money‑laundering obligations. These checks are performed by Wise under its own privacy policy.
We do not store full card numbers or online banking credentials on Pledge servers.

2) How We Use Information

Authenticate accounts; create and manage challenges; calculate pots, entries, and winnings.
Process deposits, hold funds in custody with Wise, and execute payouts to your nominated bank account.
Provide customer support and communicate important service updates.
Monitor, prevent, and detect fraud or abuse; ensure integrity of competitions.
Improve performance, develop new features, and perform analytics.
Comply with legal, tax, and regulatory requirements.

3) Legal Bases (GDPR/UK GDPR)

Purpose	Legal Basis
Provide the Services (accounts, challenges, payouts)	Performance of a contract
Payments, custody, fraud prevention, KYC where applicable	Legal obligation; legitimate interests
Product analytics and diagnostics	Legitimate interests (to maintain and improve the Services)
Marketing emails (if any)	Consent (you can withdraw at any time)

4) When We Share Information

We do not sell personal information. We share data only as needed to run the Services:

Category	Processor / Recipient	What & Why
Custody & payouts	Wise (formerly TransferWise)	Hold challenge funds; verify identity as required; pay out winnings. See Wise privacy policy at wise.com/legal/privacy-policy.
Payments	Apple In‑App Purchase / Apple Pay; Stripe (if used)	Process deposits and transactions; we receive transaction status/IDs, not full card details.
Hosting & storage	Cloud infrastructure providers	Host application and databases in secure environments.
Analytics/diagnostics	Apple App Analytics; Firebase/Crashlytics (if used)	App performance, crash reports, reliability.
Communications	Email service provider	Send account notices and support correspondence.
Legal/safety	Regulators or law enforcement	Where required by law or to protect users and our Services.

5) Data Retention

Account profile and challenge history: kept while your account is active.
Payment and payout records: retained for the period required by tax and financial‑services laws (often 5–7 years).
Backups and logs: kept for limited periods for security and disaster recovery, then deleted.

6) Security

Encryption in transit (TLS) and at rest for sensitive data; hashed passwords.
Role‑based access controls and principle of least privilege.
Monitoring, logging, and regular security updates.

7) International Transfers

We may process information in countries other than your own. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) for transfers to jurisdictions without an adequacy decision.

8) Your Rights & Choices

Access/correction: manage in‑app or contact us.
Deletion: request account deletion via Data Requests or email; some records may be retained where legally required (e.g., financial records).
Marketing: opt out at any time via unsubscribe.
Permissions: control notifications, camera/photos, etc., in device settings.

Region‑specific rights: If you are in the EEA, UK, California or similar jurisdictions, you may have additional rights including portability, restriction, objection, and the right to lodge a complaint with your local authority.

9) Children

The Services are not directed to children under 13 (or the age defined by local law). We do not knowingly collect data from children.

10) Changes

We may update this Policy from time to time. We will post updates here and revise the “Last updated” date.

11) Contact

Questions about this Policy or our data practices? Contact us:
Email: contact.pledge@gmail.com
Address: Pledge (Attn: Privacy), [Add your business address]