Effective: 2026-05-05Last updated: 2026-05-05

Privacy Policy

This policy explains how Nere Labs Inc collects, uses, and protects information in Heda.

Company: Nere Labs Inc ("Nere Labs," "we," "us," "our")
App: Heda (the "Service")
Contact: Farouk@tryheda.com

1) Scope

This Privacy Policy applies to personal information collected through Heda and related support interactions.

2) Information We Collect

A. Account and Profile Information

  • First name, last name, and email address.
  • Authentication credentials (password is handled by auth provider).
  • Date of birth, gender, and looking-for preferences.
  • Profile bio/text fields, photos/avatar, gym and training preferences.
  • Optional PR and fitness profile information.

B. User Communications

  • In-app chat messages.
  • Support ticket submissions and related correspondence.

C. Location Data

  • Latitude and longitude when enabled.
  • City/country and home gym context.

D. Health/Fitness Data

  • Step counts from Apple Health and Google Fit when connected.
  • Manually entered step data.

E. Technical, Session, and Measurement Data

  • Session/auth persistence data stored in app storage.
  • Operational metadata required for account and session continuity.
  • Vercel Analytics usage data.
  • Microsoft Clarity and Meta Pixel data when these tools are configured.

3) How We Use Information

  • Account creation, authentication, and security.
  • Core features, including discovery, profiles, messaging, and leaderboards.
  • Personalization, such as preferences, filters, and home gym context.
  • Safety, moderation, abuse prevention, and support handling.
  • Service improvement and product performance measurement.
  • Compliance with legal obligations and enforcement of Terms.

4) Sensitive Data

Depending on your use, we may process data considered sensitive in some jurisdictions, including health and fitness data (step counts), location data (which can be precise), and date of birth (age verification). You can control some data collection via device permissions and app settings.

5) Legal Bases (EEA/UK)

Where GDPR/UK GDPR applies, we generally rely on:

  • Contract (to provide the Service).
  • Legitimate interests (safety, fraud prevention, operations).
  • Consent (where required, including device permissions).
  • Legal obligation.

6) Data Sharing and Processors

We do not sell personal information and do not share it for targeted advertising.

We may share data with providers that support our operations, including:

  • Supabase (hosting, database, auth, backend services).
  • Google Places API (gym search and lookup features).
  • Apple HealthKit and Google Fit integrations (on-device step data access by permission).
  • Vercel Analytics (product usage measurement).
  • Microsoft Clarity and Meta Pixel when enabled/configured.

We may also disclose information when required by law or to protect rights, safety, and platform integrity.

7) International Transfers

Your information may be processed in countries other than your own depending on provider operations. Where required, we use appropriate safeguards for cross-border transfers.

8) Data Retention

We retain personal information as long as needed to provide the Service, support legitimate operational needs, resolve disputes, and comply with legal obligations. In general, data is retained until account deletion request or operational need, unless a longer period is required by law.

9) Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, or export your data.

  • Deletion: use in-app account deletion request flow in Settings.
  • Correction: edit profile fields in-app.
  • Export/access: submit a request via support or email.

To exercise rights, contact Farouk@tryheda.com.

10) California Privacy Notice

For California residents, we do not sell or share personal information for cross-context behavioral advertising. You may request access, correction, or deletion as described above.

11) Children's Privacy

Heda is intended for users 18+ only. We do not knowingly allow use by children. If we become aware of an underage account, we may remove that account and related data as required.

12) Security

We use reasonable technical and organizational measures to protect personal information. No method of transmission or storage is completely secure.

13) Changes to This Policy

We may update this Privacy Policy from time to time. We will revise the effective date and provide additional notice where required by law.

14) Contact

Privacy questions or requests can be sent to Farouk@tryheda.com.