Privacy Policy

1. Introduction

FitBet (“we”, “our”, or “us”) is a Telegram Mini App that allows users to participate in fitness challenges and bet Telegram Stars on their daily step counts. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use FitBet through the Telegram platform.

2. Data We Collect

We collect the following types of data:

• Telegram Profile Data: Your Telegram user ID, first name, last name, username, and profile photo URL — provided by the Telegram Mini App SDK when you open FitBet.
• Fitness & Activity Data: Daily step counts retrieved from connected fitness services (Google Health API, Strava) or from your device's built-in accelerometer/pedometer. We only access read-only activity data — specifically step counts and walking/running activities.
• Challenge & Transaction Data: Information about challenges you join, your daily progress, entry fees, winnings, and Telegram Stars transactions.
• Authentication Tokens: OAuth access and refresh tokens for connected fitness services are stored securely and used solely to sync your step data.

3. How We Use Your Data

• To authenticate you within the Telegram Mini App environment.
• To sync and display your daily step counts from connected fitness services.
• To track your progress in fitness challenges and determine winners.
• To process Telegram Stars payments and distribute winnings.
• To detect and prevent fraudulent activity (anti-fraud system).
• To display leaderboards and challenge statistics.

4. Google Health API — Limited Use Disclosure

FitBet's use and transfer of information received from Google APIs adheres to theGoogle API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only request the googlehealth.activity_and_fitness.readonly scope to read your step count data.
• We do not sell, share, or transfer your Google Health data to third parties.
• We do not use Google Health data for advertising or marketing purposes.
• We do not allow humans to read your raw fitness data, except when necessary for security investigation or as required by law.
• Your Google Health data is used solely to display your step counts within FitBet and to verify challenge completion.
• You can disconnect Google Health at any time from the Activity tab, which will delete your stored tokens.

5. Data Storage & Security

• Your data is stored in a secure, encrypted PostgreSQL database hosted on Abacus.AI infrastructure.
• OAuth tokens are stored server-side and are never exposed to the client application.
• All API communications use HTTPS encryption.
• We implement anti-fraud monitoring to protect the integrity of challenges.

6. Data Sharing

We do not sell or share your personal data with third parties. Your data may be visible to other FitBet users only in the following contexts:

• Your first name and step progress within shared challenges.
• Your position on public leaderboards (first name only).

7. Data Retention

We retain your data for as long as your account is active. If you wish to delete your account and all associated data, please contact us. When you disconnect a fitness service (Google Health or Strava), the associated tokens are immediately deleted from our database.

8. Your Rights

• You can disconnect Google Health or Strava at any time from the Activity tab.
• You can request deletion of your account and all associated data.
• You can request a copy of your stored personal data.

9. Contact

If you have any questions about this Privacy Policy or your data, please contact us through our Telegram bot: @ZVEZDNISHAG_BOT.

10. Changes

We may update this Privacy Policy from time to time. Any changes will be reflected on this page with an updated “Last updated” date.