Privacy Policy

Last updated: April 15, 2026

What we collect

Two Day Rule collects the minimum data necessary to provide the service:

• Account information: Your name and email address (via Sign in with Apple or Google).
• Health data: Daily step count from Apple Health or Google Fit. We only read step count data. We do not access heart rate, sleep, weight, or any other health metrics.
• Usage data: Your step goal, streak history, commitment amount, sick mode and exemption usage, and partner interactions.
• Payment information: Processed securely by Stripe. We never store your full card number, CVV, or bank details.
• Device information: Timezone, locale, and device type for proper streak evaluation and localization.
• Attribution: How you heard about Two Day Rule (collected during onboarding, optional).
• Profile photo: Optional avatar image, stored securely and visible only to you and your accountability partner.

How we use your data

• Track your daily step progress and evaluate streaks.
• Process commitment charges when you miss two consecutive days.
• Match you with an accountability partner (first name and step progress only).
• Send push notifications about your progress and streak status.
• Resolve disputes about charges or tracking errors.
• Improve the app and fix technical issues.

Health data protection

Your health data receives special protection:

• We will not sell your health data to any third party.
• We will not use your health data for advertising or marketing purposes.
• We will not share your health data with third parties without your explicit consent, except as required by law.
• Manually entered step data is excluded to ensure accuracy.

What we don't do

• We do not sell any of your personal data.
• We do not use your data for targeted advertising.
• We do not share your data with data brokers.
• We do not track you across other apps or websites.

Third-party services

We use the following third-party services to operate Two Day Rule:

• Supabase (database and authentication, hosted on AWS in the United States)
• Stripe (payment processing)
• Expo (push notifications)
• Apple Health / Google Fit (step data, accessed only with your permission)

These services process your data according to their own privacy policies and applicable data protection agreements.

Data retention

• Your data is retained as long as your account is active.
• When you delete your account, all personal data is permanently removed within 30 days.
• Anonymized, aggregated data (such as average step counts across all users) may be retained indefinitely for product improvement.
• Charge records may be retained for up to 7 years for legal and financial compliance purposes.

International data transfers

Your data is stored and processed in the United States. If you are located outside the United States, your data will be transferred to US servers. We rely on Standard Contractual Clauses and other legally approved mechanisms to ensure your data is protected in accordance with applicable data protection laws, including GDPR.

Accountability partners

When you pair with a partner, they can see your first name, profile photo, daily step progress, and streak count. They cannot see your commitment amount, charges, email, or any health data beyond step count.

Partners can send you nudge messages to encourage your progress. You can end any partnership at any time.

Your rights

All users

• View all your data within the app.
• Delete your account and all associated data from Settings.
• Revoke health data access at any time via your device settings.
• Cancel your commitment at any time without deleting your account.
• Dispute any charge you believe was made in error.

European Economic Area (GDPR)

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation:

• Access: Request a copy of all personal data we hold about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your data (right to be forgotten).
• Portability: Request your data in a machine-readable format.
• Restriction: Request that we limit processing of your data.
• Object: Object to processing based on legitimate interests.
• Withdraw consent: Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact privacy@twodayrule.com. We will respond within 30 days.

California (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it is used.
• Request deletion of your personal information.
• Opt out of the sale of personal information (we do not sell your data).
• Non-discrimination for exercising your privacy rights.

Age requirement

Two Day Rule is intended for users 16 and older. We do not knowingly collect data from anyone under 16. If you believe someone under 16 is using the app, please contact us and we will promptly delete their data.

Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you through the app or by email at least 30 days before the changes take effect.

Contact

For privacy questions or to exercise your data rights:

• Email: privacy@twodayrule.com
• General: hello@twodayrule.com