Privacy Policy

This policy explains what personal data Commity collects, why, and your rights over it. Commity relies on precise location to do its job, so location gets special attention below.

The short version: We collect your account details, the location data needed to verify you showed up, your activity (commitments, sessions, streaks), and limited payment information. We use it to run the Service, charge stakes when due, and send reminders. We share it only with the providers that help us operate (like Stripe and our database host) — we never sell your personal data. You can access or delete your data at any time.

1. Who is responsible for your data

The "data controller" for your personal data is FORCEL LTD, registered in England & Wales (company number 13315753), registered office 71-75 Shelton Street, London, Greater London, WC2H 9JQ, United Kingdom. This policy is written primarily to the UK GDPR and the Data Protection Act 2018, with additional notes for users in the EU/EEA and California.

2. What information we collect

Information you give us

Account details — your email address and password. Passwords are stored in hashed form by our authentication provider; we never see them in plain text.
Commitment details — the location ("spot") you pin (latitude/longitude and a name), your daily goal, the days you schedule, and the stake amount.
Profile / display data — a name or handle that may appear on the leaderboard, and your notification preferences.
Communications — anything you send us for support.

Information collected automatically

Location data — precise GPS location, including in the background, while you are tracking a commitment, used to detect arrival and departure at your spot and to log time spent there (see Section 4).
Activity & session data — check-ins, minutes logged, completed/missed days, streaks, comeback progress, and history.
Device & technical data — device/operating-system type, app version, and push-notification tokens needed to deliver reminders.

Payment information — handled by Stripe (see Section 5). We do not store your full card number; we receive limited details such as the card's last four digits, expiry, and payment status.

3. How and why we use your data (and our legal bases)

To provide the Service — create your account, run commitments, verify attendance, calculate completions, streaks and comebacks. Legal basis: performance of our contract with you.
To use background location for automatic attendance detection. Legal basis: your consent (the permission you grant in your device settings), which you can withdraw at any time, and performance of contract.
To take payments and charge stakes when a scheduled day is missed. Legal basis: performance of contract and compliance with legal/accounting obligations.
To send reminders and service messages. Legal basis: performance of contract / your preferences; you can turn reminders off in the App.
To show the leaderboard using your display name and limited stats. Legal basis: legitimate interests / performance of contract.
To keep the Service secure, prevent fraud and abuse, and improve it. Legal basis: legitimate interests.
To comply with the law and enforce our terms. Legal basis: legal obligation / legitimate interests.

4. Location data — the details

Because Commity verifies that you actually showed up, it needs access to your device location, including background ("always") location on most devices, so it can detect when you enter and leave your spot even when the app isn't open. We process location to: detect arrival/departure at the spots you choose, log the minutes you spend inside them, and decide whether a day is complete.

We collect location only in connection with the commitments you set up, and we aim to do so efficiently (for example, using lower-power location and only switching to precise GPS near your spots). You are in control: you can revoke location permission at any time in your device's settings. If you do, automatic attendance tracking will stop working and scheduled days may be recorded as missed. We do not sell your location data or use it for advertising.

5. Payment data

Payments are processed by Stripe, Inc. When you add a card or are charged a stake, your card details are collected and processed directly by Stripe under its own privacy policy and security standards (Stripe is PCI-DSS compliant). We receive confirmation and limited, non-sensitive details (such as the last four digits and the result of a charge) so we can show your billing status and operate the comeback. We do not store your full card number on our systems.

We share personal data only as needed to run the Service:

Service providers (processors) who act on our instructions, including: Supabase (database hosting and authentication), Stripe (payments), and Apple and Google (app distribution, push notifications, and location/maps platform services).
Other users — limited information such as your display name and certain stats appears on the leaderboard if you participate.
Legal & safety — where required by law, court order, or to protect our rights, users, or the public.
Business transfers — if the Service is involved in a merger, acquisition, or asset sale, data may transfer as part of that deal.

We do not sell your personal data, and we do not share it for cross-context behavioural advertising.

7. International transfers

Some of our providers (for example, Stripe and Supabase) may process data outside the UK and EEA, including in the United States. Where data is transferred internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement / Addendum or the EU Standard Contractual Clauses, or transfers to countries with an adequacy decision.

8. How long we keep your data

We keep personal data for as long as your account is active and as needed to provide the Service. After you delete your account we delete or anonymise your data within a reasonable period, except where we must keep certain records longer — for example, transaction and tax records for the period required by law, and limited data needed to resolve disputes or prevent fraud.

9. Security

We use technical and organisational measures to protect your data, including encryption in transit, hashed passwords, access controls, and reputable infrastructure providers. No method of transmission or storage is completely secure, so we cannot guarantee absolute security; please keep your account credentials safe.

10. Your rights

Depending on where you live, you have rights over your personal data. Under UK/EU GDPR these include the right to: access a copy of your data; rectify inaccurate data; erase your data; restrict or object to processing; data portability; and withdraw consent (such as location permission) at any time. You can exercise most of these in the App or by contacting us.

You also have the right to complain to a supervisory authority — in the UK, the Information Commissioner's Office (ICO) at ico.org.uk; in the EU/EEA, your local data-protection authority.

California residents: under the CCPA/CPRA you have the right to know what personal information we collect and how it's used, to request deletion, to correct it, and to be free from discrimination for exercising these rights. We do not sell or share personal information as those terms are defined under California law. To make a request, contact us using the details below.

11. Children

Commity is not directed to children under 16, and you must be at least 16 to use it. If you are under 18 you may only use the Service with the consent of a parent or guardian. If we learn we have collected data from a child below the applicable age without proper consent, we will delete it.

12. This website & cookies

This marketing website does not use advertising or tracking cookies. It loads fonts from Google Fonts, which means your browser contacts Google's servers to fetch them; that is subject to Google's privacy practices. If we add analytics or other cookies in future, we will update this policy and, where required, ask for your consent.

13. Changes to this policy

We may update this policy from time to time. If a change is significant, we will take reasonable steps to notify you (for example, in-app or by email). The "last updated" date at the top shows when it last changed.

14. Contact us

For any privacy question or to exercise your rights, contact us at info@thecommity.com, or by post at FORCEL LTD, 71-75 Shelton Street, London, Greater London, WC2H 9JQ, United Kingdom.