The short version: Your health data is yours. We use heart rate zone data from your wearable to calculate effort scores. We never sell your data. Faith data is always private. You can delete your account and all data at any time.
1. Information we collect
We collect information you provide directly: email address, display name, and profile preferences. We collect fitness data from connected wearable devices: heart rate zones, workout duration, sport type, timestamps, and device metadata. If you use faith features, we collect reading logs, prayer logs, journal entries, and service action logs. We collect usage data including pages visited and features used.
2. How we use your information
- Calculate personalized effort scores based on your heart rate zone data
- Display your scores on community leaderboards (subject to your privacy settings)
- Track your fitness goals and faith goals
- Send transactional emails (verification, password reset)
- Improve the platform based on aggregate usage patterns
3. Heart rate and biometric data
Heart rate data from your wearable is used exclusively to calculate your effort scores. We store zone minutes, average heart rate, and HRV readings. HRV data is used only for coaching insights — it never affects your score. We do not sell, share, or provide your heart rate or biometric data to any third party, advertiser, or data broker under any circumstance.
4. Faith data privacy
All faith data — journal entries, prayer logs, reading logs, and service actions — is always private by default. Faith data never appears on leaderboards, community feeds, or public profiles. If you opt in to community streak sharing, only streak counts (number of consecutive days) are shared — never the content of your journal entries, prayers, or readings. Fasting goals are always private regardless of sharing settings.
5. Wearable device connections
When you connect a wearable device (Strava, Garmin, or others), we receive workout data through their APIs. We store only the data needed for scoring: heart rate zones, duration, sport type, and timestamps. We do not access your GPS routes, location data, or social connections from wearable platforms. Your use of connected platforms is also governed by their own privacy policies.
6. Data sharing
We do not sell your personal data to advertisers or third parties. We share data only in these limited circumstances:
- Leaderboards: Your display name and effort scores are visible to other users, subject to your platform_visible and community_visible privacy settings
- Service providers: We use Supabase (database), Railway (hosting), Resend (email), and Netlify (frontend hosting) to operate the platform
- Legal requirements: We may disclose data if required by law or to protect the safety of our users
7. Your privacy controls
You control your visibility on True Effort:
- Platform leaderboard: Toggle on/off in Settings — when off, your scores are hidden from all users
- Community leaderboard: Toggle on/off independently from platform visibility
- Faith streak sharing: Opt-in only — share prayer and journal streaks with community members
8. Data retention
We retain your data for as long as your account is active. Workout scores and fitness data are retained to maintain leaderboard integrity and historical trends. If you delete your account, all personal data including workouts, scores, faith logs, and profile information is permanently deleted within 30 days. Aggregate anonymized statistics may be retained.
9. Data security
We protect your data with industry-standard security measures: passwords are hashed with bcrypt (12 salt rounds), authentication uses JWT with short-lived access tokens and rotated refresh tokens, all API communications use HTTPS, and webhook payloads are validated with HMAC-SHA256 signatures. Sensitive fields are never logged or exposed in error responses.
10. Children's privacy
True Effort is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that a user is under 16, we will terminate their account and delete associated data.
11. Your rights
You have the right to:
- Access all personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and all associated data
- Export your data in a machine-readable format
- Withdraw consent for optional data processing at any time
To exercise any of these rights, contact us at derrick@trueeffort.co.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on the platform and updating the effective date. Your continued use of True Effort after changes take effect constitutes your acceptance of the updated policy.
Contact
If you have questions about this Privacy Policy, contact us:
True Effort
Derrick Blackwell DBA True Effort
derrick@trueeffort.co
trueeffort.co
Last updated: April 1, 2026