Privacy Policy
Last updated July 3, 2026
ClimbNorth is built in Canada and is designed to collect as little personal information as possible. This page explains what we collect, why, and what control you have over it.
What we collect
Account information
When you sign up we collect your email address and a password. The password is hashed and stored by Supabase, our authentication provider — we never see or store it in plain text. If you sign in with Apple or Google, we receive a unique account identifier and the email address you choose to share.
Profile data
You can optionally provide a username (publicly visible to other ClimbNorth users), your height (used for stat calculations only), a profile photo (stored in Supabase Storage), a home gym, a theme preference, and a profile visibility setting (public, friends-only, or private).
Session and climbing data
When you log a climbing session we store the grades you climbed, the gym you climbed at, any notes you wrote, and the date and time of the session.
Map and location data
The app only accesses your location when you actively use the map feature to find nearby gyms. We do not track your location in the background and we do not store your location after the map view closes. The map is rendered using Apple Maps on iOS and Google Maps on Android, so when you use the map your interactions with it are processed by Apple or Google under their own privacy policies.
Notifications
If you opt in to push notifications, we store a per-device Expo push token. This token lets us deliver notifications to your specific device and is not personally identifiable on its own.
Social features
If you add friends or record visits to gyms, those friendships and visit records are stored against your account.
Diagnostics
We use Sentry to collect crash reports. These reports may include the device model, OS version, and the part of the app that crashed, so we can fix bugs. They do not include the contents of your sessions, your notes, or any friend interactions. Sentry processes this data on our behalf under their privacy policy.
Analytics
We use PostHog to understand how the app is used so we can improve it — for example, which screens you visit, when a session is logged, and when a search is run. These usage events are tied to a pseudonymous account identifier rather than your name, and may include limited details such as a search term you type. PostHog acts as our processor and may process this data on servers located in the United States. We do not use analytics for advertising, and we never sell this data.
How we use it
We use the data above only to provide the app’s features: signing you in, syncing your sessions across devices, displaying nearby gyms, and — with your permission — sending notifications. We also use usage analytics, tied to a pseudonymous identifier, to understand which features are used and to improve the app. We do not use your data for advertising and we do not build marketing profiles.
Who we share it with
ClimbNorth is operated by a single individual. We do not sell your data, and we do not share it with advertisers or data brokers.
We do use the following processors to run the service:
- Supabase hosts our database, authentication, and file storage. Your account and session data lives here.
- Expo delivers push notifications to your device.
- Apple and Google handle sign-in if you choose to use OAuth.
- Resend sends transactional email such as password resets and email confirmations.
- Sentry receives anonymized crash reports when the app encounters an error.
- PostHog receives pseudonymous product-analytics events so we can understand usage and improve the app.
Each processor receives only the data needed to perform its function.
Where your data is processed
ClimbNorth serves climbers across Canada, the United States, and Mexico. Your account, profile, and session data are stored by Supabase. Some of our processors — including our analytics and crash-reporting providers — may store or process data on servers located outside your country of residence, including in the United States. When data is transferred across borders it remains protected by this policy and by the safeguards those providers are contractually required to maintain.
Who we don’t share it with
- We do not share your data with advertisers.
- We do not share your data with data brokers.
- We do not share your sessions, notes, or climbing history with our analytics provider — it only receives pseudonymous usage events.
- We do not share your sessions, notes, or climbing history publicly. Profile-visibility settings only affect what other ClimbNorth users can see.
How long we keep it
We keep your data as long as your account is active. If you delete your account, we delete your personal data within fourteen days — see the delete account page for details.
Some aggregate data, such as the total number of visits to a given gym summed across all users, may be retained without your user identifier for product analytics. This data cannot be used to identify you.
Your rights
You can:
- Access your data at any time from within the app.
- Correct your profile data from the Settings screen.
- Export your sessions — this is planned for a future release. In the meantime, email us and we will send you a copy.
- Delete your account and all associated data — see delete account.
Depending on where you live, you may have additional rights:
- Canada — your rights under PIPEDA apply, and you may contact the Office of the Privacy Commissioner of Canada.
- United States — you may have rights under state privacy laws such as the California Consumer Privacy Act (CCPA/CPRA), including the rights to know, access, delete, and opt out of the “sale” or “sharing” of personal information. We do not sell your personal information.
- Mexico — your ARCO rights under the Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP) apply: access, rectification, cancellation, and opposition.
- EU or UK — you have additional rights under GDPR, including the right to lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us at climbnorthapp@gmail.com.
Children’s privacy
ClimbNorth is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you believe a child has provided us their information, contact us and we will delete it.
Changes to this policy
We may update this policy as the app changes. The “last updated” date at the top of the page reflects the most recent change. Significant changes will be announced in-app before they take effect.
Contact
Questions about privacy can be sent to climbnorthapp@gmail.com.