Privacy Policy

Effective Date: January 1, 2026

Last Updated: January 1, 2026

This Privacy Policy explains how POM Protocol (“POM Protocol”, “we”, “us”, or “our”) collects, uses, discloses, and protects information about you when you access or use our website (https://pomprotocol.com), our applications, wearable integrations, APIs, avatar systems, and all related services (collectively, the “Services”).

By using our Services, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of our Services.

1. Information We Collect

1.1 Information You Provide to Us

• Account Registration Data: name, email address, username, password, profile information.
• Avatar & Gameplay Information: avatar selections, progression data, in-game behaviors, movement-based events, achievement logs.
• Communication Data: support inquiries, feedback, messages.

1.2 Information Automatically Collected

• Device Information: IP address, device identifiers, OS type, browser type, settings.
• Usage Data: page views, login timestamps, interaction logs, error reports.
• Cookies and Tracking Tools: analytics, authentication tokens, preferences.

1.3 Information From Wearables, Sensors, and APIs

If you connect a wearable or third-party account (e.g., Garmin), we may receive:

• Steps, movement data, activity sessions, heart rate, and related metrics
• Health API and Activity API data (per your granted permissions)
• Sleep data, VO2 metrics, distance, calories, GPS data when available
• Device identifiers and timestamps

POM Protocol does not collect women’s health data unless explicitly granted by the user.

1.4 Information From Third-Party Services

If you choose to authenticate through OAuth with a service such as Garmin Connect, Apple, or Google, we may receive:

• OAuth authorization tokens
• Profile information
• Identifiers necessary to link your account

2. How We Use Your Information

We use collected information to:

• Operate, maintain, and improve the POM Protocol and related apps
• Enable avatar creation, evolution, and gameplay features
• Validate movement and generate Proof-of-Movement events
• Synchronize wearable activity data
• Personalize user experience and insights
• Ensure security, fraud prevention, and account integrity
• Comply with legal obligations and regulatory requirements
• Provide customer support

POM Protocol does NOT sell personal data or health data to third parties.

3. Legal Basis for Processing (GDPR)

We process your data under one or more of the following legal bases:

• Consent (e.g., granting access to Garmin or other APIs)
• Contract (providing our Services)
• Legitimate Interest (security, product improvement)
• Legal Obligation

4. Sharing of Information

We may share your information only in the following circumstances:

4.1 Service Providers

Trusted vendors providing hosting, analytics, security, or operational services. All providers are bound by confidentiality and data-processing agreements.

4.2 API Partners (e.g., Garmin)

We only share the minimum data necessary to maintain authentication, synchronization, or compliance with their platform rules.

4.3 Legal and Regulatory Requirements

We may disclose information if required by law, court order, or government authority.

4.4 Business Transfers

If POM Protocol is involved in a merger, acquisition, or asset sale, user data may be transferred as permitted by law.

We do not sell, rent, or trade your personal data.

5. Data Retention

We retain data only as long as necessary for:

• Providing the Services
• Security and fraud prevention
• Legal compliance

You may request deletion at any time (see User Rights).

6. International Data Transfers

Your data may be transferred and stored in countries outside your jurisdiction. When doing so, we implement appropriate safeguards such as Standard Contractual Clauses and secure encryption.

7. Your Rights

Under GDPR (EU/UK):

• Access
• Rectification
• Erasure (“Right to be Forgotten”)
• Restriction of Processing
• Data Portability
• Objection
• Withdraw Consent

Under CCPA/CPRA:

• Right to know categories collected
• Right to access
• Right to deletion
• Right to correct
• Right to opt out of sale (we do not sell)

Requests may be sent to: [Insert email: [email protected]]

8. Security

We implement industry-standard security measures including:

• Encryption in transit and at rest
• Access control and credential hashing
• Secure data storage and off-site backups
• Monitoring and intrusion detection

No method of transmission or storage is 100% secure, but we continuously improve our protections.

9. Children’s Privacy

POM Protocol is not intended for children under 16. We do not knowingly collect data from minors. If we learn we have collected data from a child, we will delete it promptly.

10. Cookies & Tracking Technologies

We use cookies for:

• Authentication
• Analytics
• User preferences
• Performance & functionality

You may disable cookies in your browser settings.

11. Third-Party Links

Our Services may include links to external sites. We are not responsible for the privacy practices of third-party websites.

12. Changes to This Policy

We may update this Privacy Policy periodically. The “Last Updated” date above will reflect changes. Continued use of the Services constitutes acceptance of the updated policy.

13. Contact Us

For privacy inquiries or data rights requests, please contact:

POM Protocol
Email: [Insert email]
Website: https://pomprotocol.com