Privacy Policy
Effective Date: 17. 5. 2026
Welcome to Chalkbag ("we", "our", "us"). We are committed to protecting your privacy. This privacy policy explains how we collect, use, and disclose your personal information when you use our services, including our website and applications.
1. Data Collection
We collect the following types of personal information when you use our services:
Personal Data
Personal data is information that we keep secure and do not share with anyone, except as required by law or with your explicit consent. This includes:
- Email address: We collect your email address when you create an account or sign up for our services. This is used for account management, notifications, and communication purposes.
- Password hashes: For authentication, we store password hashes. Passwords are securely processed using industry-standard cryptographic hashing techniques to ensure they cannot be accessed or retrieved in plain text.
- Google sign-in: If you choose to sign in with Google, we receive your email address and a Google account identifier from Google in order to create and link your account. We never receive your Google password.
Public Data
Public data is information that you provide voluntarily and may be visible to other users or the public. This includes:
- Nickname/Username: You may choose a nickname or username that will be visible to other users within our platform.
- Profile picture: You may upload a profile picture, which will be displayed publicly on your profile.
- Profile details: Optional information you choose to add to your profile — a short bio, your city, country, and gender. You control whether your profile is publicly visible.
- User-generated content: Content you voluntarily provide — comments, route feedback and grade suggestions, beta videos, photos, and session journal entries — which may be shared within the platform or with other users.
- Activity data: Information about your interactions with the platform, such as climbing activities, routes completed, and progress, which may be visible to other users or shared in public areas of the platform.
Technical Information
When you make requests to our services, we process your IP address to apply rate limits that protect sign-in, registration, and similar endpoints against abuse. It is used transiently for this purpose and is not used to build a profile of you.
2. How We Use Your Data
We use your data for the following purposes:
Personal Data
Personal data, such as your email address, is used solely for the following purposes:
- Account management: To create, manage, and secure your account.
- Communication: To send important account-related notifications, such as password resets, updates, or service changes. We may also use your email to respond to support requests or inquiries.
- Security: To protect your account from unauthorized access and ensure the integrity of our platform.
Your personal data is not used for marketing or shared with third parties, except as required by law or with your explicit consent.
Public Data
Public data, such as your nickname, profile picture, user-generated content, and activity data, is used for the following purposes:
- Platform interaction: To display your profile, activity, and user-generated content to other users and the public.
- Community features: To enable interactions with other users on the platform, such as comments, feedback, and sharing of climbing achievements or experiences.
- Improvement of services: To analyze user behavior and preferences, helping us improve and personalize the platform for all users.
3. Third-Party Sharing
We may share your data with trusted third parties, but only in the following cases:
Personal Data
We never sell your personal data. Other than the service providers described below — who process it strictly on our behalf — your personal data, such as your email address, is not disclosed to third parties except:
- For legal compliance: If required by law, regulation, or legal process.
- With your explicit consent: If you opt-in for any service or feature that requires sharing your personal data.
Public Data
Your public data, such as your nickname, profile picture, user-generated content, and activity data, may be shared with:
- Other users: Public data such as your nickname, profile picture, and activity data may be visible to other users of the platform.
- Climbing staff: For analytics purposes to improve the service at specific climbing locations. This includes your activity data, achievements, and other public profile information.
Service Providers
We use a small number of third-party providers to operate the service. They act as data processors on our behalf and only handle the data needed for their specific function:
- Resend — delivers our transactional emails (account verification, password resets, notifications). It processes your email address solely to deliver these messages.
- Fastmail — hosts the mailboxes that receive email you send to us.
- Google — if you use Google sign-in, Google authenticates you and provides us your email address and account identifier, subject to Google's own privacy policy.
4. Data Storage & Retention
Your data is stored in a PostgreSQL database (account, profile, and activity data) and in S3-compatible object storage (uploaded files such as profile pictures, photos, and videos), both operated by us.
We retain your personal data for as long as your account remains active. When you delete your account from within the app (You → Settings → Delete account), your account and the personal data associated with it — profile, activity, comments, photos, and videos — are permanently removed from our systems. We may retain a minimal subset of data where we are required to by law or regulation.
5. Your Rights
You have the following rights regarding your personal data:
- Access: You can request access to the personal data we hold about you.
- Correction: If any of your personal data is incorrect or incomplete, you have the right to request correction.
- Deletion: You can permanently delete your account at any time from within the app — go to You → Settings → Delete account. This erases your account and its associated personal data from our systems.
- Portability: You may request that your personal data be provided in a structured, commonly used, and machine-readable format for transfer to another service provider.
6. Security
We take appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. This includes encryption and secure storage practices. However, no method of transmission over the internet or method of electronic storage is 100% secure, so while we strive to protect your personal information, we cannot guarantee its absolute security.
7. Cookies & Analytics
We use essential cookies that are required for the website and app to function properly — for example, to keep you signed in. These cookies are necessary for basic functionality and cannot be disabled.
We use Umami, a privacy-friendly analytics tool that we host ourselves, to understand how our website is used. Umami does not use cookies, does not track you across other websites, and collects only aggregate, anonymised statistics such as page views and referrers. We do not use advertising cookies or third-party tracking technologies.
You can control cookies through your browser settings, but please note that disabling essential cookies may affect functionality.
8. Changes to This Policy
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated effective date.
If you have any questions about this privacy policy or your personal data, please contact us at:
- Email: contact@chalkbag.app