Privacy Policy

Last updated: February 28, 2026

WalkingFish is a fitness-gamified poker application. This policy explains what data we collect, why we collect it, and how we handle it. We believe in transparency and minimal data collection.

1. Data We Collect

• Phone number — used for account authentication via SMS verification.
• Display name — the name you choose when signing up, shown to other players.
• Profile picture — optionally uploaded by you, stored securely.
• Step count — daily step data from your device's motion sensors, used to convert steps into in-game chips. We read the pedometer count; we do not access raw motion or location data.
• Game activity — poker game stats (games played, games won, chip balance) to power your profile and leaderboards.

2. How We Use Your Data

• Authenticate your account and let you sign in.
• Convert your daily steps into poker chips (the core feature of the app).
• Display your name, picture, and stats to other players in games and on leaderboards.
• Maintain game state during live poker sessions.

We do not use your data for advertising, marketing, or data mining.

3. Third-Party Services

We use the following third-party services to operate the app:

• Firebase Authentication (Google) — phone number verification and account management.
• Cloud Firestore (Google) — real-time database for game state and user profiles.
• Firebase Storage (Google) — profile picture hosting.

Google's privacy policy applies to these services: policies.google.com/privacy

We do not share your data with any other third parties.

4. Data Retention

Your data is retained as long as your account exists. Step records older than 3 days are automatically pruned. If you delete your account (available in the app under Profile), all your data is permanently removed.

5. Account Deletion

You can delete your account at any time from the Profile screen in the app. This permanently deletes your user profile, game stats, and authentication credentials. This action cannot be undone.

6. Children's Privacy

WalkingFish is not directed at children under 17. We do not knowingly collect data from children. If you believe a child has provided us with data, please contact us.

7. Security

All data is transmitted over HTTPS and stored in Google Cloud infrastructure with encryption at rest. Authentication uses industry-standard phone verification with one-time SMS codes.

8. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated date.

9. Contact

Questions about this policy? Reach us at walkingfishapp@gmail.com