GoalGroups

Privacy Policy

Last updated: 7/26/2025

1. Introduction

At Goal Groups ("we," "our," or "us"), we are committed to protecting your privacy and ensuring transparency about how we collect, use, and share your personal information. This Privacy Policy explains our practices regarding the collection and use of information when you use our goal tracking and social fitness platform.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Username
  • Password (encrypted)
  • First and last name (optional)
  • Profile information you choose to provide

Health and Fitness Data

We collect health and fitness information you voluntarily provide:

  • Goal data including categories, metrics, and targets
  • Fitness measurements (weight, repetitions, distances, times)
  • Health metrics (BMI components, body measurements)
  • Progress notes and comments
  • Task completion records
  • Achievement and progress data

Important: We only collect health data that you voluntarily enter. You control what information you share and can delete it at any time.

Social and Group Data

When you use our social features:

  • Group memberships and roles
  • Comments and likes on goals
  • Group invitations sent and received
  • Public vs. private goal settings
  • Leaderboard and achievement data

Technical Information

We automatically collect:

  • IP address and device information
  • Browser type and version
  • Operating system
  • Usage patterns and feature interactions
  • Session data and login timestamps
  • Error logs and performance data

Third-Party Authentication

When you sign in with Google OAuth, we receive basic profile information (email, name) as permitted by your Google account settings. We do not access other Google services or data.

3. How We Use Your Information

Service Provision

  • Create and maintain your account
  • Provide goal tracking and measurement features
  • Calculate fitness metrics using secure formulas
  • Enable social features and group interactions
  • Generate progress analytics and achievements
  • Send notifications about your goals and group activities

Communication

  • Respond to your questions and provide support
  • Send important service announcements
  • Deliver group invitations and notifications
  • Share updates about new features (with your consent)

Improvement and Security

  • Analyze usage patterns to improve our service
  • Monitor for security threats and prevent abuse
  • Troubleshoot technical issues
  • Ensure data accuracy and system integrity

4. Information Sharing and Disclosure

Within the Platform

Information shared based on your privacy settings:

  • Public Goals: Visible to all users and may appear in leaderboards
  • Group Goals: Visible to members of groups you join
  • Private Goals: Only visible to you
  • Comments and Likes: Visible according to the goal's privacy setting
  • Achievement Data: May be displayed in public leaderboards

We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for commercial purposes.

Limited Sharing

We may share information only in these circumstances:

  • Legal Requirements: When required by law or legal process
  • Safety: To protect rights, property, or safety of users
  • Service Providers: With trusted partners who help operate our service
  • Business Transfer: In case of merger, acquisition, or sale (with notice)
  • Consent: When you explicitly agree to sharing

5. Data Security

We implement comprehensive security measures to protect your information:

Technical Safeguards

  • Encrypted data transmission (HTTPS)
  • Secure password storage with hashing
  • Parameterized SQL queries to prevent injection
  • Input validation and XSS protection
  • Regular security audits and updates

Access Controls

  • Role-based access permissions
  • Session-based authentication
  • Secure calculation service for metrics
  • Rate limiting to prevent abuse
  • Regular access reviews

Important: While we implement strong security measures, no system is 100% secure. Please use strong passwords and report any suspicious activity immediately.

6. Your Privacy Rights and Choices

Account Control

  • Profile Settings: Update your personal information anytime
  • Privacy Controls: Choose public/private settings for your goals
  • Group Management: Leave groups or adjust participation
  • Data Export: Request a copy of your data
  • Account Deletion: Delete your account and associated data

Data Rights (GDPR and Similar Laws)

If you're in the EU or other applicable jurisdictions, you have the right to:

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a portable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain types of processing
  • Withdraw Consent: Revoke consent for data processing

Exercising Your Rights

To exercise these rights, contact us at vestra@vestra.is. We'll respond within 30 days and may need to verify your identity before processing requests.

7. Cookies and Tracking

Essential Cookies

We use session cookies to keep you logged in and ensure the platform functions properly. These are necessary for the service to work and cannot be disabled.

Analytics and Performance

We may use cookies and similar technologies to understand how you use our service, which helps us improve performance and user experience. You can opt out of non-essential tracking through your browser settings.

Third-Party Services

Google OAuth authentication may set cookies according to Google's privacy policy. We don't control these third-party cookies.

8. Data Retention

We retain your information for different periods based on data type and purpose:

Account InformationUntil account deletion
Health and Goal DataUntil you delete or account deletion
Group Interactions7 years or until deletion
Technical Logs90 days
Deleted Account Data30 days (for recovery)

9. Children's Privacy

Our service is not intended for children under 13 years of age.

We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we discover we have collected personal information from a child under 13, we will delete it promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses and adequacy decisions where applicable.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

General Support: vestra@vestra.is

Data Protection Officer (EU residents): If you're in the European Union, you can also contact our Data Protection Officer at vestra@vestra.is for privacy-related concerns.

13. Effective Date

This Privacy Policy is effective as of the date listed at the top of this page. Your continued use of the service after any changes indicates your acceptance of the updated policy.