← WATO

Privacy Policy

Last updated: April 24, 2026

This policy describes how WATO (“we,” “us”) handles information when you use the WATO mobile application and our websites and services (together, the “Services”). By using the Services, you agree to this policy. If you do not agree, please do not use the Services.

1. Who we are

WATO is operated from the United States. For privacy requests, contact privacy@watoapp.com or hello@watoapp.com.

2. What we collect

Contact information (email). If you sign in with email or contact us, we process your email address to operate the app and your account—for example sign-in, magic links, account security notices, and replies when you message support. We do not use your email for third-party advertising or sell it; see “How we use information” and “How we share information” below.

Health and fitness data. When you allow access, we may read step count and related daily activity summaries from Apple Health (HealthKit) on iOS or from your device’s step / motion features on Android. We link this to your account (your in-app identity) so we can run step goals, history, and social features such as leaderboards. This processing is for app functionality only—we do not use health or fitness data for advertising. Your device’s permission screens state what the operating system may share with us; we do not use this policy to replace those prompts.

Depending on how you use WATO, we may also process the following in more detail:

• Account and authentication. We use identifiers such as an email address and account IDs with our authentication provider (Supabase Auth) for sign-in (including magic links and third-party sign-in if you enable it), to protect your account, and to send you service- or security-related messages.
• Profile and preferences. Information you provide or choose in the app, such as a public username, avatar or display character, step goal, distance units, and related settings, may be stored with your account and shown to you or, where the product is social by design, to other users (for example on leaderboards or group features).
• Activity and health-related data you choose to sync (detail). We may store step and daily summary values on our systems for leaderboards, trends, and features you use; scope depends on what you authorize on the device and in the app.
• Social and core product data. We process information you generate in the app, such as group memberships, invite codes, rankings, rival or streak data, and journey progress, as needed to provide those features and maintain integrity of the product.
• Support and feedback. If you contact us (email) or use in-app feedback, we process the content of your message and related metadata (such as app version and platform) to respond and improve the Services. If you use feedback that posts to a third-party service (e.g. Discord or similar), that content and metadata may be processed by that provider as described in their terms.
• Diagnostics and over-the-air updates. The app may collect limited technical and operational data (for example, installation or update metadata through our hosting or update services) to deliver updates and maintain reliability, consistent with your platform and our vendors’ terms.

3. How we use information

We use the above information to:

• Provide, operate, and improve the Services (including features that need your email or account to work);
• Authenticate you, secure accounts, and prevent abuse;
• Read, store, and display step and fitness-related information you sync, in line with your permissions, including where it is linked to your profile for leaderboards and groups;
• Display leaderboards, groups, and social features you participate in;
• Communicate with you about the Services or, where permitted, about changes to this policy;
• Comply with law, enforce our terms, and protect rights and safety.

We do not sell your personal information for money. We do not use your contact information, health, or fitness data for third-party advertising or cross-context behavioral advertising.

4. How we share information

We may share information with:

• Service providers. Vendors that process data on our instructions, for example cloud hosting, authentication, database, and application infrastructure. Our primary backend and database is provided by Supabase; their processing is governed by their terms and, where applicable, a data processing role appropriate to the service.
• Other users, where the product is social by design. For example, usernames and certain activity may be visible in leaderboards, groups, or public profiles in line with your settings and the nature of the feature.
• Third-party integrations you trigger. For example, if you open our links to the App Store, Google Play, Discord, or email, those services receive information under their own policies.
• Legal and safety. We may disclose information if we believe in good faith it is required by law, legal process, or to protect the rights, safety, or security of you, us, or others.

5. Retention

We keep information for as long as your account is active and as needed to provide the Services, comply with law, resolve disputes, and enforce agreements. We may remove or de-identify information earlier when the product and law allow, or when you request deletion as described below, subject to legitimate retention needs.

6. Security

We use reasonable technical and organizational measures to protect your information, including transport encryption for network requests where applicable and access controls on our systems. No method of storage or transmission is 100% secure; we cannot guarantee absolute security.

7. Your choices and rights

Depending on where you live, you may have the right to:

• Request access to or a copy of your personal information;
• Request correction of inaccurate data;
• Request deletion of your information, subject to exceptions;
• Object to or limit certain processing;
• Withdraw consent where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise these rights, contact privacy@watoapp.com. We may need to verify your request. If you are in the European Economic Area, the UK, or Switzerland, you may also lodge a complaint with a supervisory authority.

8. U.S. state privacy (including California)

If a U.S. state privacy law applies to you, you may have additional rights (for example, to know, delete, or opt out of certain processing). We do not “sell” or “share” personal information for cross-context behavioral advertising as those terms are commonly defined in California law. You may use the contact above to make a request. We will not discriminate against you for exercising privacy rights.

9. Children

The Services are not directed to children under 13 (or the age required by your jurisdiction to consent to the processing of personal data without parental permission). We do not knowingly collect personal information from children. If you believe we have done so, contact us and we will take appropriate steps to delete the information.

10. International transfers

If you access the Services from outside the United States, your information may be processed in the U.S. and other countries where we or our providers operate. We use appropriate safeguards as required by applicable law for such transfers, such as standard contractual clauses where applicable.

11. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top will change when we do. For material changes, we may provide additional notice (for example, in the app or by email). Your continued use of the Services after the update becomes effective constitutes your acceptance of the revised policy, where permitted by law.

12. Contact

Questions about this policy: privacy@watoapp.com · hello@watoapp.com