TeamFit Tactics

Workout + TFT = Gains

 Leaderboard

Privacy Policy

Last Updated: February 2026

Data We Collect

We collect the following data to provide our service:

  • Riot Games identity: gameName, tagLine, PUUID, and TFT region
  • TFT match history: Match timestamps, placement, and game duration from the Riot Games API
  • Workout data from Apple HealthKit (iOS) or Health Connect (Android): exercise session start/end times, duration, workout type, heart rate (average, minimum, maximum BPM), and step count
  • Device information: Device model, operating system version, app version, and platform (iOS/Android). This data is used to diagnose crashes, reproduce bugs, and monitor app stability — it is never used for advertising or tracking.
  • Approximate location: City and country derived automatically by our hosting provider (Cloudflare) from your IP address — used for abuse prevention and account security. We do not collect GPS coordinates.
  • Push notification token: If you opt in to notifications, we store your Expo push token
  • Consent records: When you grant access to health data, we store the timestamp of your consent for legal compliance

Health & Fitness Data

We read exercise sessions, heart rate, and step count from Apple HealthKit or Google Health Connect solely to validate your workouts against TFT match history. Raw health records are never uploaded — the app processes them on your device and sends only the derived values (timestamps, duration, average/min/max heart rate, step count) to our server for match validation.

Heart rate data is used to verify workout intensity and prevent fraudulent submissions. Step count data is used for step-based leaderboard stats and activity totals.

We do not sell, use for advertising, or share your health and fitness data with any third party for purposes unrelated to providing the app.

How We Use Your Data

Your data is used to:

  • Validate workouts against TFT match times and calculate overlap
  • Calculate and display leaderboard rankings and activity feeds
  • Send optional push notifications about sync status and monthly results
  • Monitor service health, diagnose crashes, and debug errors using device information and anonymous operational telemetry

Legal Basis for Processing (GDPR)

If you are in the European Economic Area, we process your data under the following legal bases:

  • Consent: Health and fitness data is processed only after you give explicit consent via the in-app consent screen. You may withdraw consent at any time through your device settings.
  • Contract: Riot Games identity, match history, and leaderboard data are processed as necessary to provide the core service you signed up for.
  • Legitimate interest: Device information, approximate location, and operational telemetry are processed to maintain service stability, diagnose errors, and prevent abuse. This processing is minimal, does not involve sensitive data, and is necessary to keep the app running reliably for all users.

Data Sharing

We do not sell, rent, or trade your personal data. We do not use your data for advertising. Data is only shared with the third-party services listed below as necessary to operate the app.

Data Storage & International Transfers

Your data is stored securely on servers in the United States via Cloudflare (encrypted in transit and at rest). If you are located outside the United States, your data will be transferred to and processed in the United States. International transfers are conducted based on Standard Contractual Clauses (SCCs) as approved by the European Commission.

You can delete your account and all associated data at any time through the “Delete Account” option in the app’s Settings screen. This permanently removes your account, workouts, validated matches, leaderboard entries, achievements, push tokens, and feed activity from our servers.

Data Retention

We retain your data while your account is active. When you delete your account, all personal data is removed immediately, including workouts, validated matches, leaderboard entries, achievements, push tokens, and feed activity. Accounts inactive for 12 months may be automatically deleted along with all associated data.

Third-Party Services

We use trusted third-party service providers for the following purposes:

  • Game data providers — To fetch TFT match history for workout validation
  • On-device health platforms — To read workout, heart rate, and step data on your device (Apple HealthKit on iOS, Google Health Connect on Android)
  • Cloud hosting and infrastructure — Hosting, database, and content delivery
  • Push notification services — To deliver optional push notifications
  • Operational telemetry — Error monitoring and performance (no health or biometric data is sent to these providers)

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you
  • Deletion: Delete your account and all associated data using “Delete Account” in the Settings screen, or by contacting us
  • Correction: Update your Riot Games identity by re-linking your account
  • Portability: Request an export of your data in a machine-readable format
  • Withdraw consent: Revoke health data access at any time through your device's system settings (iOS Settings > Health, or Android Settings > Health Connect). When you revoke access, we stop collecting new workout data. To delete previously synced workout data without deleting your entire account, contact us at [email protected].

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

If you are in the European Economic Area, you also have the right to lodge a complaint with your local data protection authority.

For California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the “sale” or “sharing” of personal information — we do not sell or share your data for cross-context behavioral advertising
  • Not be discriminated against for exercising your privacy rights

To exercise these rights, contact us at [email protected] or use the “Delete Account” option in the app.

For Washington State Residents (My Health My Data Act)

Washington’s My Health My Data Act provides additional protections for health data. Under this law:

  • We obtain your affirmative consent before collecting or sharing health data
  • We do not sell your health data or use it for advertising
  • You may withdraw consent and request deletion of your health data at any time by contacting us at [email protected]
  • We will delete your health data within 30 days of receiving a valid request

Data Breach Notification

In the event of a data breach affecting your personal data, we will notify affected users and relevant authorities in accordance with applicable law, including GDPR (72-hour notification to supervisory authorities) and applicable US state breach notification laws.

Children's Privacy

This app is not intended for children under 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children under this age.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through the app or via push notification. Continued use of the app after non-health-related changes constitutes acceptance of the updated policy. Material changes to how we process health and fitness data will require renewed consent.

Contact

For privacy questions, data requests, or concerns, contact: [email protected]