UpTop — Privacy Policy
Last updated: 24 May 2026
UpTop is built around a simple principle: your data is yours. This page explains exactly what we collect, why, where it lives, and how to get rid of it.
Who we are
UpTop is developed by Future Flow Tech (the “developer”, “we”, “us”).
Contact: felix@livehappystudios.com
What we collect
We only collect data that you give us directly through the app, or that you explicitly authorise us to read from Apple Health. There is no analytics SDK, no crash reporter that ships personal data, no advertising network, and no third-party tracking.
Account
- Apple user identifier — a stable, anonymised ID issued by Apple when you sign in. We never see your real Apple ID or email unless you choose to share your email with Apple’s sign-in sheet.
- Display name — only the name you type during onboarding (or update in Settings). Used to label you to your accountability partners.
App data you create
- Goals you set (titles, descriptions, target dates, category, achievement status) and the standards you link to them
- Standards you define (titles, cadences, targets) and the check-ins you record
- Body measurements you enter (weight, bicep, chest, stomach, hips, upper thigh) and any notes
- Progress photos you take (front, side, back), if you choose to add them
- Accountability partner connections, the invite codes you exchange, and the per-standard sharing choices you make
Apple Health data (only if you connect it)
With your permission, UpTop reads the following from Apple Health on iOS:
- Step count (today’s total)
- Dietary energy consumed (today’s total, as reported by apps you’ve linked to Apple Health such as MyFitnessPal, Lose It!, or Cronometer)
We never write to Apple Health and we do not store your Apple Health data on our servers — it is queried on-device, used to update the current view, and discarded. The only exception is when a HealthKit-driven standard’s daily completion is recorded as part of a check-in for that day, so your historical “kept/missed” record survives.
You can disconnect Apple Health from More → Settings → Apple Health → Disconnect at any time. You can revoke permissions entirely from iOS Settings → Health → Data Access & Devices → UpTop.
Push notifications
If you opt in, we send up to three categories of notification:
- A daily morning motivation push
- A daily afternoon check-in nudge
- A weekly digest from each of your accountability partners
Push tokens (the anonymous APNs identifier iOS gives us) are stored on our backend so we can address pushes to your device. They are removed when you sign out.
What we do not collect
- We do not collect your location.
- We do not collect device identifiers, IP addresses, or browser fingerprints for tracking.
- We do not run analytics or telemetry on your app usage.
- We do not access your contacts, photos library (beyond the progress photos you explicitly select in-app), microphone, or camera (beyond progress photos).
Where your data lives
Your app data is stored on Supabase (Frankfurt, EU region). Supabase is a managed PostgreSQL host. Your rows are protected by row-level security: only the authenticated user who owns them — or a partner you’ve explicitly subscribed to a specific standard — can read them. Supabase has its own privacy policy at https://supabase.com/privacy.
Progress photos are stored in a private bucket on Supabase Storage. They are never visible to your partners — the row-level security policy restricts photo access to the owning user only.
Push notifications go through Apple’s APNs (Apple Push Notification service). Apple’s privacy practices: https://www.apple.com/privacy/.
How long we keep it
We keep your data for as long as your account is active. When you delete all your data from inside the app (More → Settings → Delete all my data), every row and every photo tied to your account is removed within seconds and is unrecoverable afterwards.
The “Delete all my data” action does not remove the Apple sign-in identifier from our authentication service — that record allows you to sign in again to a clean slate. If you want the auth identifier itself removed too, email felix@livehappystudios.com and we will action it within two business days.
Sharing
We do not sell, rent, share, or trade your data with anyone, ever. The exceptions are:
- Apple, to enable Sign in with Apple and APNs push delivery. Their privacy practices are at https://www.apple.com/privacy/.
- Supabase, our hosting provider, which processes data on our behalf as a sub-processor.
- Accountability partners, to whom your display name, your active standards (only the ones you explicitly share with them), your check-ins on those standards, your weight measurements, and your goals are visible — but only because you explicitly invited them or accepted their invite. Progress photos are never shared.
If we are ever served a valid legal order requiring disclosure, we will tell you before complying unless legally prevented from doing so.
Your rights (GDPR & similar)
Wherever you live, you have the right to:
- Access the data we hold about you — most of it is visible in the app itself; for the full export, email us.
- Correct anything inaccurate — most fields are editable in-app.
- Delete your data — More → Settings → Delete all my data, or email us.
- Object to processing or withdraw consent at any time — disconnect Apple Health, delete your data, sign out.
- Lodge a complaint with your local data-protection authority.
Children
UpTop is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has signed up, email us and we will delete the account.
Security
- All communication between the app and our backend uses TLS 1.2+.
- Authentication tokens are stored in iOS Keychain via Apple’s standard secure storage.
- Database access is gated by row-level security policies, so even a database compromise would not expose user data across accounts.
- We do not store your Apple Health data on our servers (with the narrow exception of daily check-in completions for HealthKit-driven standards, as noted above).
If you find a security issue, please email it to felix@livehappystudios.com rather than opening a public GitHub issue.
Changes to this policy
If we materially change how we handle your data, we will note it here with a new “Last updated” date. For substantial changes, we will surface a notice in the app.
Contact
Questions about this policy, your data, or anything privacy-related: