Privacy Policy
The Privacy Policy for Earnd.
Privacy Policy
Last updated: 08 May 2026
Anything to Cloud FZ LLC ("we", "us", or "our") operates Earnd at earnd.club (the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our Service.
By using our Service, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
Account Information
When you create an account, we collect:
- Name and email address
- Username and password (encrypted)
Usage Data
We automatically collect:
- IP address and device information
- Browser type and operating system
- Feature usage and interaction data
- Log data (access times, pages viewed, errors)
- Cookies and similar tracking technologies
Fitness and Wearable Data
When you connect a supported fitness tracker (currently WHOOP), we collect:
- OAuth access tokens (to connect your tracker on your behalf)
- Activity summaries (workouts, movement, strain)
- Sleep summaries (duration, quality, stages)
- Recovery scores and readiness metrics
This data is used solely to evaluate challenge completion and award rewards. We store only the minimum data required to operate the Service. We do not sell, rent, or share individual fitness data with sponsors or third parties. Sponsors receive only aggregated, anonymised reporting (e.g. total redemptions, average activity levels across the user base) with no personally identifiable information attached.
You may disconnect your fitness tracker at any time from within the app, which will stop further data collection and revoke our access to your tracker account. Historical activity summaries may be retained for up to 30 days following disconnection before deletion.
Content You Provide
- Communications with our support team
- Feedback and survey responses
2. How We Use Your Information
We use your information to:
- Provide, maintain, and improve the Service
- Verify fitness challenge completion and award rewards
- Track reward redemptions and generate sponsor campaign reports (aggregated only)
- Send transactional emails (account confirmations, challenge updates, redemption confirmations)
- Analyse usage patterns to improve features and user experience
- Detect and prevent fraud or abuse
- Comply with legal obligations
3. Data Processing and Storage
Your data is processed and stored on servers located in Singapore. We use Railway (hosting) and Supabase (database) for infrastructure.
We implement appropriate technical and organisational measures to protect your data, including:
- Encryption in transit (TLS/SSL) and at rest
- Encrypted storage of fitness tracker OAuth tokens
- Access controls and authentication
- Automated backups
4. Cookies and Tracking
We use cookies and similar technologies for:
- Essential: Authentication, security, preferences
- Analytics: Understanding usage patterns (PostHog)
- Functional: Remembering your settings and preferences
You can manage cookies through your browser settings.
5. Third-Party Services
We share data with the following categories of service providers:
- Analytics: PostHog — aggregated usage data
- Email: Resend — transactional email delivery
- Infrastructure: Railway and Supabase — data hosting and processing
- Fitness Trackers: WHOOP — OAuth-based activity data retrieval (user-authorised)
Each provider processes data under their own privacy policy and data processing agreements.
6. Data Sharing and Disclosure
We do not sell your personal data. We may share your information:
- With service providers listed above, under data processing agreements
- With sponsors, in aggregated and anonymised form only — no individual user data is ever shared with sponsors
- When required by law, regulation, or legal process
- To protect our rights, property, or safety
- In connection with a merger, acquisition, or sale of assets (you will be notified)
7. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. After account deletion:
- Account data is deleted within 30 days
- Fitness activity summaries are deleted within 30 days
- Backup copies are purged within 90 days
- Anonymised analytics data may be retained indefinitely
8. Your Rights
For All Users
You have the right to:
- Access your personal data
- Update or correct your information
- Delete your account and associated data
- Disconnect your fitness tracker and revoke data access
- Export your data in a portable format
- Opt out of marketing communications
GDPR Rights (EU/EEA Users)
Under the General Data Protection Regulation, you also have the right to:
- Restrict processing of your data
- Object to processing based on legitimate interests
- Data portability
- Lodge a complaint with a supervisory authority
Legal basis for processing: We process your data based on:
- Contract performance (providing the Service)
- Legitimate interests (improving the Service, security)
- Consent (fitness tracker connection, marketing communications)
- Legal obligations (compliance)
To exercise any of these rights, contact us at privacy@earnd.club.
9. International Data Transfers
If you are located outside Singapore or the United Arab Emirates, your data may be transferred to and processed in those jurisdictions. We ensure appropriate safeguards are in place, including data processing agreements with all service providers.
10. Children's Privacy
The Service is intended for users aged 18 and over. We do not knowingly collect data from anyone under 18. If we become aware that a user is under 18, we will promptly delete their account and associated data.
11. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes via email or in-app notification at least 30 days before the changes take effect.
12. Contact Us
For privacy-related questions or to exercise your rights:
- Email: privacy@earnd.club
- Address: Anything to Cloud FZ LLC, FDRK5152, Compass Building, Al Shohada Road, AL Hamra Industrial Zone-FZ, Ras Al Khaimah, United Arab Emirates