Effective: 2026-06-29Last updated: 2026-06-29

Privacy Policy

This policy explains how Nere Labs Inc collects, uses, discloses, and protects information in Heda.

Company: Nere Labs Inc ("Nere Labs," "we," "us," "our")
Address: 1402 Hemlock Rd
App: Heda (the "Service")
Website: https://www.tryheda.com/
Contact: farouk@tryheda.com

This Privacy Policy applies to Heda, our website, and related support interactions. By accessing or using the Service, you acknowledge that you have read this Privacy Policy and understand how we collect, use, store, disclose, and protect personal information as described below.

1) Definitions and Key Terms

For this Privacy Policy:

  • "Company," "we," "us," and "our" refer to Nere Labs Inc, which is responsible for your information.
  • "Service" refers to Heda, including the app, website, and related services.
  • "Personal Data" means information that identifies or can reasonably identify a natural person.
  • "Device" means an internet-connected phone, tablet, computer, or similar device used to access Heda.
  • "You" means the person using or registered to use the Service.
  • "Cookies" means small data files stored by a browser to support website functionality and analytics.

2) Information We Collect

We collect information that you provide directly, information generated through use of the Service, and limited information from service providers that help operate Heda.

A. Account and Profile Information

  • Name, username, email address, age, and date of birth.
  • Authentication credentials, with passwords handled by our authentication provider.
  • Gender, looking-for preferences, gym preferences, and training preferences.
  • Profile bio, photos or avatar, PRs, and optional fitness profile details.

B. Communications

  • In-app chat messages.
  • Support requests, issue reports, and related correspondence.
  • Email preferences and communications sent to or from us.

C. Location, Gym, and Fitness Data

  • Latitude and longitude when enabled through device permissions.
  • City, country, gym search data, home gym context, and nearby gym matching context.
  • Step counts from Apple Health, Google Fit, or manual entry when connected or provided.

D. Device, Media, and Technical Data

  • Optional photo gallery access when you choose to upload a profile photo or other image.
  • Session and authentication persistence data stored in app or browser storage.
  • IP address, device, browser, log, and operational metadata needed for security and reliability.
  • Website cookie data and analytics or measurement data when those tools are configured.

3) How We Use Information

  • Create, authenticate, maintain, and secure accounts.
  • Provide core features, including discovery, profiles, matching, messaging, and leaderboards.
  • Personalize your experience using preferences, filters, gym context, and training context.
  • Respond to support requests and communicate service, safety, and account updates.
  • Improve the Service, measure performance, troubleshoot issues, and understand usage.
  • Prevent spam, fraud, abuse, harassment, and other violations of our Terms.
  • Comply with legal obligations and enforce our rights and platform rules.

4) Sensitive Data and Device Permissions

Depending on your use, we may process data considered sensitive in some jurisdictions, including health and fitness data, precise or approximate location data, and date of birth for age eligibility. You can control some collection through device permissions, connected health services, and in-app settings.

5) Cookies and Tracking Technologies

Heda may use cookies and similar technologies on our website to support functionality, remember session or preference information, understand site performance, and measure usage. You can set your browser to block or delete cookies, but some website functionality may not work properly.

We may use service providers such as Vercel Analytics, Microsoft Clarity, and Meta Pixel when configured. These tools may process device, browser, usage, and interaction data to help us understand and improve the Service. We may also use Google Maps or Google Places services for gym search and lookup features.

6) Sharing and Service Providers

We do not sell personal information and do not share it for targeted advertising.

We may disclose personal information to service providers and partners that support Heda, including:

  • Supabase for hosting, database, authentication, backend, and storage services.
  • Google Places API or Google Maps services for gym search and lookup functionality.
  • Apple HealthKit and Google Fit integrations when you choose to connect them.
  • Vercel Analytics for product and website usage measurement.
  • Microsoft Clarity and Meta Pixel when enabled or configured.
  • Email, support, security, hosting, and infrastructure providers used to operate the Service.

We may also disclose information if required by law, legal process, or government request; to protect our rights, users, safety, or platform integrity; or in connection with a merger, asset sale, financing, reorganization, bankruptcy, or similar business transaction.

7) Third-Party Services and Links

The Service may include or link to third-party services, websites, integrations, or content. We are not responsible for the privacy practices, content, or policies of third parties. Your use of third-party services is governed by their own terms and privacy policies.

8) Legal Bases for Processing

Where GDPR, UK GDPR, or similar laws apply, we generally rely on:

  • Contract, to provide and maintain the Service.
  • Legitimate interests, including safety, fraud prevention, analytics, and operations.
  • Consent, where required, including device permissions and optional connected integrations.
  • Legal obligation, where processing is needed to comply with applicable law.

9) Retention

We keep personal information only as long as needed to provide Heda, fulfill the purposes described in this policy, resolve disputes, enforce agreements, protect safety and security, and comply with legal or regulatory obligations. When information is no longer needed, we delete it or de-identify it where reasonably practicable.

10) Security

We use reasonable technical, administrative, and organizational safeguards designed to protect personal information. No method of transmission, processing, or storage is completely secure, and we cannot guarantee absolute security.

11) International Transfers

Heda is based in Canada, and information may be processed in Canada, the United States, or other countries where we or our providers operate. Where required, we use appropriate safeguards for cross-border transfers.

12) Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, export, object to, or restrict certain processing of your personal information. You may also withdraw consent where processing is based on consent.

  • Correction: edit profile fields in-app where available.
  • Deletion: use the in-app account deletion request flow in Settings or contact us.
  • Access/export: submit a request via support or email.
  • Cookies: manage cookies through your browser settings.
  • Device permissions: manage location, health, and photo permissions through your device settings.

To exercise rights, contact farouk@tryheda.com. We may take reasonable steps to verify your identity before responding.

13) California Privacy Notice

For California residents, we do not sell personal information and do not share personal information for cross-context behavioral advertising. California residents may request access, correction, or deletion as described above, subject to applicable exceptions.

14) Children's Privacy

Heda is intended for users 18 years old and older. We do not knowingly allow use by children or knowingly collect personal information from children. If we become aware of an underage account, we may remove the account and related data as required or appropriate.

15) Changes to This Privacy Policy

We may update this Privacy Policy from time to time so it accurately reflects our Service, policies, or legal requirements. We will update the effective date and provide additional notice where required by law. Continued use of the Service after an update means you acknowledge the updated policy.

16) Contact Us

Privacy questions or requests can be sent to farouk@tryheda.com.