Privacy Policy

Last updated: June 4, 2026

1. Information We Collect

We collect the following information:

  • Account Information: Name, email address, profile photo
  • Challenge Data: Participation records and progress metrics
  • Fitness Data: Activity data from your connected Strava account (for challenge tracking only)
  • Payment Data: Transaction references processed via Razorpay (we do not store card details)
  • Usage Data: Pages visited, features used, timestamps
  • OAuth Tokens: Encrypted tokens for Strava and Google authentication connections

2. How We Use Your Information

We use your information to:

  • Provide and improve our services
  • Enable challenge participation and progress tracking
  • Sync fitness activity data from your connected Strava account
  • Display progress and leaderboards within challenges
  • Enable challenge administrators to manage participants
  • Process registrations and payments
  • Ensure security and prevent fraud

3. Data Sharing

We share your data only within the context of challenges you participate in:

  • Challenge Administrators: Can see participant progress, payment status, and sync logs
  • Other Participants: May see your name and leaderboard position (if leaderboard is enabled)
  • We do NOT sell your data to third parties
  • We do NOT share your data outside of challenge contexts without your consent

4. Third-Party Services

We integrate with the following third-party services:

  • Google: For authentication (Google Sign-In)
  • Strava: For activity data syncing (optional — requires your explicit connection)
  • Razorpay: For processing challenge registration payments (only applicable for paid challenges). Razorpay processes payments securely and is PCI-DSS compliant. We do not store your card details. Transaction references and order IDs are stored for record-keeping. Razorpay's privacy policy governs how they handle your payment data.

Each service has its own privacy policy governing how they handle your data.

5. Payment Data

Some challenges on OMNY require a registration fee. For these paid challenges:

  • Payments are processed entirely by Razorpay — we never see or store your card, UPI, or banking credentials
  • We store only the transaction reference (order ID, payment ID) and amount for record-keeping and support purposes
  • Payment records are retained for accounting and dispute resolution purposes
  • Many challenges on OMNY are free — payment data is only collected when a registration fee applies

6. Data Security

We implement industry-standard security measures including:

  • Encryption of sensitive data (OAuth tokens, passwords)
  • Secure connections (HTTPS) for all data transfer
  • Role-based access control for database operations
  • Webhook signature verification for payment events

7. Your Rights

You have the right to:

  • Access your personal data
  • Request data correction or deletion
  • Disconnect your Strava account at any time from your profile
  • Withdraw consent for data processing
  • Delete your account and all associated data

8. Data Retention

We retain your data for as long as your account is active. Challenge-specific data may be retained for record-keeping purposes even after a challenge ends. After account deletion, we remove personal data within 30 days.

9. Contact Us

For privacy concerns, contact us at oodhwe@outlook.com