Privacy Policy

Welcome to XFit Game ("we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose and safeguard your information when you visit https://xfit-game.vercel.app (the "Site").

By using the Site you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Site.

Information you provide directly:

• Account data – email address and optional display name / username when you register via magic link or Google OAuth.
• Performance data – WOD results and scores you voluntarily log on the platform.
• Feedback data – votes you cast on AI-generated suggestions.

Information collected automatically:

• Usage data – pages visited, time on site, browser type, device type, and approximate geographic location (country/region), collected via Google Analytics.
• Cookies and similar technologies – see Section 5 for full details.

Information we do NOT collect: your personal CrossFit training history outside of what you explicitly log on this platform. No personal user data is ever sent to the Google Gemini AI API.

• To provide, operate and improve the Site and its features.
• To authenticate you and maintain your account (XP, badges, leaderboard position).
• To display personalised or contextual advertising via Google AdSense.
• To analyse usage patterns and improve user experience via Google Analytics (data is aggregated and anonymised where possible).
• To send transactional emails (magic-link authentication). We do not send marketing emails.
• To comply with legal obligations.

For users in the European Economic Area (EEA) and United Kingdom, we process personal data on the following legal bases:

• Contract – processing necessary to provide the service you signed up for.
• Legitimate interests – analytics to improve the service; fraud prevention.
• Consent – placing advertising and analytics cookies on your device (you may withdraw consent at any time, see Section 5).
• Legal obligation – where required by applicable law.

We use cookies and similar tracking technologies to enhance your experience and to serve relevant advertising.

Google AdSense

We use Google AdSense to display advertisements on the Site. Google AdSense may use cookies and web beacons to collect data about your visits to this and other websites in order to provide advertisements about goods and services that may be of interest to you.

• You can opt out of personalised advertising by visiting Google Ads Settings.
• You can also opt out via the Network Advertising Initiative opt-out page.
• For more information on how Google uses data when you use our Site, visit Google's Privacy & Terms.

Google Analytics

We use Google Analytics to understand how visitors interact with the Site. Google Analytics collects information such as how often you visit the Site, what pages you visit, and what other sites you used prior to coming to the Site.

Essential cookies

We also set a session cookie required for authentication (storing your login state). This cookie is strictly necessary for the Site to function and cannot be disabled.

We integrate with the following third-party services, each governed by their own privacy policies:

• Google AdSense – Google Privacy Policy
• Google Analytics – Google Privacy Policy
• Google Gemini AI API – Google Privacy Policy (only WOD content is sent; no personal user data)
• Google OAuth – used for authentication only; we receive your email address and public profile name.
• Vercel – hosting and serverless functions; may collect server-side request logs.

Your account and performance data are retained for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days, except where retention is required by law.

Aggregated, anonymised analytics data may be retained indefinitely as it cannot be linked back to any individual.

Depending on your location you may have the following rights regarding your personal data:

• Access – request a copy of the personal data we hold about you.
• Rectification – request correction of inaccurate data.
• Erasure – request deletion of your personal data ("right to be forgotten").
• Portability – request your data in a structured, machine-readable format.
• Objection – object to processing based on legitimate interests.
• Withdraw consent – withdraw consent for cookie-based advertising at any time via your browser settings or the opt-out links in Section 5.

To exercise any of these rights, please contact us using the details in Section 10.

The Site is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us so we can take appropriate action.

For privacy requests, questions about this policy, or to exercise your data rights, please open an issue or contact us via our GitHub repository.

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page. Continued use of the Site after any changes constitutes your acceptance of the new policy.