1. Who's collecting your data.
twekes ("twekes", "we", "us") is the data controller for the personal information you share with the Service. The Service includes our mobile apps for iOS and Android, our website at www.twekes.com, our partner portal at twekes.com/partners, our super-admin tooling at twekes.com/admin, and any related services we run.
2. What we collect.
Account information.
When you sign up we collect your email, password (hashed, never in plain text), display name, handle, and city. Partners also provide a business name. Coaches also provide specialty tags and contact details. Super-admins are flagged on their profile.
Profile information.
Optional fields you can fill in: bio, age range, run types, other sports, your area within a city, your preferred avatar tone. You decide what to share.
Run and activity data.
RSVPs to club runs, solo runs you post, distance, pace, duration, time of day, meeting points (including GPS coordinates if you attach a map pin), and your run log history.
Location.
If you allow it, we use your device's foreground location to figure out the nearest of our six cities so the Feed and Explore tabs surface runs around you. We do not run a continuous background location tracker. You can revoke location permission at any time in your phone's system settings; twekes falls back to "Beirut" as a default city.
Photos and media.
Photos and videos you post to the camera flow, "Seen on the road" posts, partner cover photos, your profile picture. We store the files in our Supabase storage buckets.
Messages.
Direct messages between runners, event chat threads, solo-run chat threads, partner inbox messages, and coach AI conversations.
Device and technical data.
Expo push-notification token (so we can send the run-reminder push), basic device information (OS, app version), IP address and request logs (for security and abuse prevention).
Partner-specific data.
For partners: venue name, category, address, opening hours, perk, phone, website, Instagram handle, cover photo URL, the tier you signed up under, and your account's approval status.
What we don't collect.
- We don't sell your data to advertisers.
- We don't run third-party advertising trackers on the app.
- We don't store payment-card numbers — when paid features arrive, Stripe will handle them and we'll only see a customer ID and subscription status.
3. Why we collect it.
- To run the Service — sign you in, show you runs near you, let you join clubs, send the 30-minute run reminder, render the partner directory.
- To keep it safe — detect abuse, prevent spam, moderate partner submissions.
- To make it better — anonymous aggregate metrics on which features are used so we know what to ship next.
- To talk to you — transactional emails (partner approval, password reset), in-app notifications, and the occasional product email if you opt in.
- To comply with law — keep records we're required to keep, respond to lawful requests from authorities.
4. Who we share it with.
Other runners.
Your display name, handle, city, profile photo, RSVPs to club runs you join, and any solo runs or "Seen on the road" posts you've made are visible to other runners on twekes. That's the whole point — twekes is a coordination layer. Don't post anything you wouldn't want a fellow runner to see.
Partners.
When you DM a partner, the partner sees your display name and message contents. Partners do not get your email, phone number, or location unless you share them in the message.
Coaches.
Coaches see the messages you send them and your display name. We do not pass them your training history without your explicit consent.
Service providers.
The third-party providers we use to deliver the Service. We share only the minimum data each one needs to do its job:
- Supabase — database, auth, file storage. Hosts all your data.
- Expo — sends push notifications. Sees push tokens, notification payload (which never includes sensitive data).
- Anthropic Claude — powers the natural-language search. Sees your search query plus the database tool calls the agent issues. Anthropic processes data per their own privacy policy — we do not give them long-term storage rights to your queries.
- Resend — sends transactional email. Sees your email address and the message body.
- Google Maps — opens a location in your default Maps app. We do not transmit any other personal data.
- Stripe (future) — handles payments. Sees the data you enter on Stripe's checkout page.
Legal authorities.
We may disclose your data when required by Lebanese law or a valid legal request from a competent authority. We push back on requests we think are overbroad.
Acquirers.
If twekes is ever acquired or merged, your data may transfer to the acquirer under the same protections set out in this notice. We'll notify you in-app before that happens.
5. Cookies and similar technology.
On the website we use a small set of strictly-necessary cookies and local storage entries to keep you signed in to the partner portal and the admin panel. We don't run advertising or cross-site tracking cookies. In the mobile app we don't use cookies — sessions are stored in the device's secure storage.
6. How long we keep it.
- Account data — for as long as your account is active.
- Run logs and posts — until you delete them.
- Messages — until you or the recipient deletes them, or for up to 24 months for moderation purposes.
- Server logs / IP data — up to 90 days.
- Backups — encrypted, cycled out within 30 days.
- Records we're required to keep (tax, partner approvals, dispute history) — for as long as Lebanese law requires.
7. Your rights.
Subject to applicable law, you have the right to:
- Access the personal data we hold about you.
- Correct anything inaccurate.
- Delete your account and the data tied to it.
- Export your run history in a portable format.
- Object to specific processing.
- Withdraw consent for things you consented to (e.g. push notifications, location).
- Complain to your local data-protection authority if you think we've mishandled your data.
Most of these you can do yourself from the Profile screen in the app. For the rest, email privacy@twekes.app — we'll respond within 30 days.
8. Security.
We protect your data with row-level security on the database, TLS encryption in transit, encryption at rest for backups, rate-limited APIs, and admin-only access to operational tooling. No system is perfectly secure — if a breach affects you, we'll notify you and the appropriate authorities as required by law.
9. Children's privacy.
twekes is not for people under 16. We don't knowingly collect data from anyone under 16. If you believe a child has an account, please tell us at privacy@twekes.app and we'll remove it.
10. International data transfers.
Our service providers (Supabase, Expo, Anthropic, Resend, etc.) host infrastructure outside Lebanon — typically in the EU and the United States. When your data crosses borders, we rely on each provider's standard data-transfer protections and contractual commitments.
11. Updates.
We may update this Privacy Notice. Material changes will be announced in the app or by email at least 14 days before they take effect. The "Last updated" date at the top of this page always shows when the current version went live.
12. Contact.
Privacy questions, data requests, or breach reports go to privacy@twekes.app. Everything else goes to hello@twekes.app.