Privacy Policy
Clear rules for your data.
A run can be personal. This policy explains what The 90 processes, why it is needed, who helps us operate the app, and how to control or delete your information.
1. Scope and operator
This policy applies to The 90 iOS app, the90app.com, support communications, and public share-link landing pages. “The 90,” “we,” and “us” refer to the app and service operated by Justin Goolsby in the United States.
Apple independently controls information it receives through the App Store, Sign in with Apple, Apple subscriptions, refunds, and Apple Account services. The privacy terms of a destination you choose from the iOS share sheet also govern what you send there.
2. Data we process
| Category | Examples | Primary purpose |
|---|---|---|
| Account and contact | Email or Apple relay email, optional display name, Supabase user ID, timezone, authentication and session records. | Create and secure your account, sign you in, recover access, and communicate about support or the service. |
| Profile and personalization | Goals, selected challenge path, difficulty, theme, schedule patterns, sleep or routine answers, and onboarding choices. | Build your Player File, choose appropriate quests, and remember your settings. |
| Health, fitness, and sensitive choices | Exercise baselines, selected limitations or body areas, low-impact or medical-caution choices, free-text safety notes, and optional spiritual, Bible, or prayer preferences. | Filter or substitute quests, set physical intensity, and provide the optional content path you request. These choices are not used for advertising. |
| Gameplay and community | Run dates, current day, assigned and completed quests, XP, streaks, misses, resets, boss attempts, Party name and membership, ranking, pokes, invite attribution, and share metadata. | Operate the 90-day run, show progress, rank Party members independently, and prevent abuse. |
| Purchases | Product, entitlement, transaction status, expiration, renewal, and restore state supplied by Apple and RevenueCat. | Unlock paid access, restore purchases, provide billing support, prevent fraud, and maintain required records. We do not receive payment-card numbers. |
| Device and notifications | Expo push token, platform, notification permission, app version, locale, timezone, delivery records, and notification interaction. | Send reminders or Party activity you enable and troubleshoot delivery. |
| Analytics and diagnostics | Persistent analytics device ID, Supabase user ID after sign-in, app lifecycle and product-interaction events, feature selections, app/device/OS properties, locale, timezone, screen dimensions, errors, and technical routing information. | Measure onboarding and paywall reach, understand feature use, diagnose problems, and improve reliability. Depending on the app version, event properties may include categories of onboarding choices. |
| Support and website | Support emails, screenshots or attachments you choose to send, browser and request logs, IP address, requested page, user agent, and timestamps. | Respond to you, investigate issues, deliver the website, and protect the service. |
Information kept on your device
The app also keeps some information locally, such as the secure authentication session, onboarding draft, short-lived invite attribution, review-request marker, and temporary share-card PNG. Local information is not available to us unless it is synced, submitted to support, or shared using a destination you choose.
3. How we use information
- Provide, personalize, secure, and maintain The 90.
- Assign quests and substitutions consistent with your choices and guardrails.
- Save progress, run Party features, create share cards, and prevent misuse.
- Process and restore App Store entitlements.
- Send notifications you enable and transactional sign-in email.
- Provide support, measure product performance, debug failures, and improve the app.
- Comply with law, enforce our terms, and protect users, the service, and our rights.
Depending on your location, these uses rely on performing the service you request, our legitimate interests in operating and securing the app, your consent where required, and compliance with legal obligations. You can choose a general path without Bible or prayer prompts and can change notification permissions in iOS.
We do not sell personal information. We do not use app data for cross-app targeted advertising, and the app does not include an advertising network.
4. Service providers and disclosures
We disclose information only as needed to operate the service, follow your direction, complete a transaction, protect rights or safety, or comply with law. Current service providers include:
- Supabase — authentication, database, private storage, and backend functions.
- RevenueCat — subscription products, purchase state, and entitlement support.
- PostHog — product analytics and diagnostics.
- Expo — builds, updates, push-token services, and notification delivery.
- Apple — App Store purchases, Sign in with Apple, subscriptions, refunds, and device services.
- Resend — transactional authentication email.
- Cloudflare — domain and email-routing infrastructure.
- Vercel — website hosting, delivery, and security logs.
Providers process information under their own terms and our configuration or instructions. We expect them to protect the data they process consistently with applicable law and the purpose for which it was disclosed.
We may also disclose information in a business transaction, when required by valid legal process, or when reasonably necessary to investigate fraud, abuse, security threats, or harm.
6. Retention and deletion
Account, profile, run, Party, notification, and related gameplay data is generally kept while your account is active and for as long as needed to provide the service. Analytics, security logs, transactional email records, support correspondence, delivery records, and backups are kept for the period reasonably needed to operate, secure, troubleshoot, document, or comply with legal obligations. Provider retention periods can vary by service and production configuration.
You can initiate permanent account deletion in The 90 under Settings → Delete account. The authenticated deletion flow removes the Supabase account and associated active app data, including run progress, Party records, push tokens, and private share-card storage tied to that user. Deletion does not cancel an Apple subscription or erase Apple purchase history. Records held by Apple, RevenueCat, PostHog, email providers, security logs, or backups may remain where required for billing, fraud prevention, security, legal compliance, or the providers’ documented retention cycles.
See Delete account for the exact app flow and Privacy choices to request access, correction, deletion, or analytics review beyond the in-app account record.
7. Your choices and rights
- Review or update profile settings inside the app.
- Choose general instead of spiritual prompts and select suitable physical guardrails.
- Turn notifications off in iOS Settings.
- Manage or cancel an Apple subscription through your Apple Account.
- Delete your account in the app.
- Ask to access, correct, delete, restrict, or receive a copy of personal information, subject to applicable law.
- Object to or withdraw consent for certain processing where applicable.
Submit a request through Privacy choices or email support@the90app.com. We may need to verify that the request belongs to the account. You may also have the right to complain to your local data-protection authority.
8. Security and international processing
We use technical and organizational safeguards designed to protect information, including authenticated access, encrypted transport, least-privilege database rules, private storage, and restricted backend operations. No system is perfectly secure, so do not send passwords, magic-link URLs, payment details, medical documents, religious details, or Party invite codes to support.
The 90 and its providers operate from the United States and other countries. Information may therefore be processed outside your home country, where data-protection laws may differ. Where required, providers rely on recognized transfer mechanisms or contractual safeguards.
9. Children
The 90 is not directed to children under 13, and we do not knowingly collect personal information from a child under 13. If local law requires a higher minimum age for consent, that higher age applies. A parent or guardian who believes a child provided information should contact us so we can review and delete it.
10. Changes to this policy
We may update this policy when the app, providers, or legal requirements change. We will revise the effective date and provide additional notice in the app or by email when required. Material changes apply prospectively unless law permits otherwise.
11. Contact
The 90
Operated by Justin Goolsby
United States
Privacy and support: support@the90app.com