EN
← Back to home

Privacy Policy

Last updated 10/06/2026

This is an English translation provided for convenience. In the event of any discrepancy, the French version shall prevail.

This Privacy Policy supplements the Terms of Use of the DoWeFit mobile application (hereinafter the "Application"), and is intended to inform you about the processing of your personal data when you use the Application.

The data collected is processed by Barcobist, a simplified joint-stock company registered under number 999 668 551 with the Paris Trade and Companies Register (RCS), whose registered office is located at 60 rue François Ier, 75008 Paris, France, and represented by its Chairman, Mr Yann Wehrlin, acting as Data Controller (hereinafter the "Data Controller").

The Publisher has not appointed a Data Protection Officer (DPO). For any question relating to the protection of your data, you may contact the Data Controller at: contact@dowefit.app.

In accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (hereinafter the "GDPR"), applicable since 25 May 2018, we are committed to applying a very strict policy for the collection and protection of your personal data.

1. Data collected

The Data Controller collects certain personal data when you use the Application. This includes:

Information you provide directly:

  • Your email address, used to sign in to the Application (by means of a single-use login code sent by email);
  • Your public profile data: name, date of birth, gender, location, sports activities practiced, fitness level, and at least three photographs;
  • Your search preferences: age range, gender of the people sought and type of relationship sought (for example: sports partner, friendship or romantic relationship). Preferences relating to gender, combined with your own gender, may reveal your sexual orientation and therefore constitute sensitive data within the meaning of Article 9 of the GDPR. They are collected only with your explicit consent, which can be withdrawn at any time;
  • The Activities you create (sport, title, description, meeting place, date or recurrence, number of spots) and your participation in Activities;
  • The messages you exchange with other Users, in private conversation (after a Match) or on the discussion wall of an Activity.

Information collected automatically:

  • Data relating to your activity on the Application: registration date, connection history, connection status;
  • Technical data about your device: IP address, device model and version, city of connection, internet service provider;
  • Diagnostic data in the event of an Application error (crash reports), in order to improve its stability.

Information collected from third parties:

  • If you choose to register via your Apple or Google account, the Application will directly collect authentication data, as well as your name and email address available on these services.

Health data and third-party sports activity services:

Connection to third-party physical activity tracking services (Strava, Apple Health / HealthKit, Google Fit / Health Connect) is not available in the current version of the Application. No health or activity data from these services is collected or processed. Should this feature be introduced later, this Policy will be updated and your explicit consent will be obtained before any collection.

2. Use of the data collected

2.1 Providing the best possible experience using the Application

  • The creation and management of your account;
  • The storage of your search preferences;
  • The creation, discovery and management of sports Activities, as well as participation requests and exchanges within the group discussion wall;
  • The storage and management of your interactions with other Users: messages exchanged, favorites lists;
  • Sending notifications relating to the services or to your interactions (matches, messages received, likes received, participation requests and Activity updates, etc.);
  • An efficient response to Users' support requests.

The legal basis for this processing is the performance of the contract (Terms of Use) or your consent.

2.2 Suggesting profiles and Activities based on your searches

Geolocation (or, failing that, providing your city) allows you to find other Users and Activities within the radius you define. Your exact position is never shared with other Users: it is rounded (to approximately one kilometer) before being stored, and only this approximate position is used to calculate distances. When you create an Activity, the meeting place you provide constitutes a meeting point that you choose to share with interested Users and participants; do not enter a location you wish to keep private. This processing is necessary for the operation of these services. The legal basis is the performance of the contract (Terms of Use).

2.3 Carrying out relevant marketing and advertising operations

  • Sending newsletters by email to Users;
  • Distributing marketing and advertising content about the Application's offers and services;
  • Producing statistical reports analyzing the use of the Application, with a view to improving it.

The legal basis for this processing is legitimate interest or your consent (for example, for sending newsletters).

2.4 Preventing illegal actions or actions contrary to the Terms of Use

  • Automated analysis of profile data and activity on the Application in order to detect fake profiles and fraudulent behavior or behavior contrary to the Terms of Use;
  • Processing reports (of a User or an Activity), and managing reported accounts (placing under review, warning, suspension or deletion of the account, where applicable).

The legal basis for this processing is the legitimate interest and the legal obligation of the Data Controller.

3. Automated decision-making

The Application uses automated algorithms to suggest profiles and Activities matching your search criteria (location, sports activities, preferences). This processing does not produce legal effects concerning you nor does it significantly affect you in a similar way; it is solely intended to suggest profiles and Activities likely to match your expectations. You can change your search criteria at any time to influence the results proposed.

4. Trackers and audience measurement

In accordance with the applicable regulations (GDPR and ePrivacy Directive), we distinguish:

  • Strictly necessary trackers: essential for the operation of the Application (authentication, session, security). They do not require consent.
  • Audience measurement (usage statistics): we use Firebase Analytics (Google) to understand how the Application is used (screens viewed, journeys, non-identifying technical information) for the sole purpose of improving it. No data is used for advertising purposes. This processing is based on our legitimate interest; you may object to it at any time by disabling the "Usage statistics" option in Settings → Privacy of the Application. Duration: 13 months maximum.
  • Crash reports: the Application uses Firebase Crashlytics to detect and fix technical errors (legitimate interest — stability and security of the Service).
  • Advertising trackers: none. The Application does not display advertising and does not carry out any advertising tracking (no use of the advertising identifier / IDFA).

On the showcase website (web), a consent banner allows you to accept or refuse audience measurement, in accordance with the rules applicable to cookies on the web. You can change your choice at any time by clicking the button below.

5. Recipients of the data collected

The data collected is shared only with persons authorized to process it for the purposes detailed above:

  • The Publisher's employees and managers involved in processing the data within the scope of their duties;
  • The technical service providers and subcontractors necessary for hosting the data and operating the Application (see the list in article 6);
  • Marketing operations providers, in order to offer Users relevant advertising content;
  • Other Users, for the portion of data made public on the Application (public Profile, Activities you create or join, group messages);
  • Where necessary, third parties representing a state or judicial authority, in particular in the case of a legal obligation or in order to assert the Publisher's rights;
  • The third parties concerned in the event of possible corporate operations such as a merger, acquisition, sale of assets or judicial reorganization procedure.

6. Storage and transfer of data

The personal data of Users collected by the Application is hosted in the European Union in the databases of the Data Controller or those of its service providers.

Main technical subcontractors:

  • Google / Firebase: authentication, database, photo storage, push notifications, audience measurement and crash reports;
  • RevenueCat: technical management of subscriptions;
  • Resend: sending emails containing the single-use login code.

Some of these service providers (notably Google / Firebase and RevenueCat) may process data outside the European Union. In such cases, these transfers are governed by appropriate safeguards in accordance with the GDPR, such as the standard contractual clauses adopted by the European Commission or the provider's certification under the Data Privacy Framework (EU–United States). You can obtain a copy of these safeguards by contacting us at the address indicated in section 10.

7. Data retention period

The Data Controller retains your data according to the following periods:

  • Active account: your data is retained for the entire duration of your registration on the Application.
  • After account deletion: your profile immediately stops being visible, and your personal profile data (name, photographs, bio, location) as well as your matches, messages, likes and Activities are erased. Only a minimal, restricted-access record is kept for 6 months — your account identifier, your email address in encrypted (hashed) form and the deletion date — for the sole purposes of (i) ensuring the safety of users (handling a report or an authority's request received after deletion) and (ii) defending legal rights. This record is not used to prevent re-registration: you can re-register immediately. At the end of the 6 months, it is automatically erased.
  • Analytics cookies: 13 months maximum.

The Publisher processes no banking or billing data: payments are managed exclusively by the App Store (Apple) or the Play Store (Google).

In addition, an account inactive for two years may be deleted, after prior notice to the User. In the event of exclusion for serious misconduct (security, fraud, illegal content), minimal data may be retained for longer, strictly to the extent necessary to protect users.

Beyond the aforementioned periods, the data is irreversibly deleted or anonymized.

8. Data security

The Data Controller implements appropriate technical and organizational measures to ensure the security and confidentiality of your personal data, in particular:

  • Encryption of data in transit (HTTPS/TLS) and at rest;
  • Restricted access to personal data to authorized persons only, with reinforced authentication;
  • Logging of access to sensitive data;
  • Regular and secure backups;
  • Regular updating of software components and security patches.

It is nonetheless your responsibility to exercise caution regarding the disclosure of your personal data on the Application and to keep your means of access (email) secure.

9. Your rights and how to exercise them

In accordance with Regulation (EU) 2016/679 of 27 April 2016 (GDPR) and the amended French Data Protection Act No. 78-17 of 6 January 1978, you have the following rights:

  • Right of access: obtain confirmation that your data is being processed and access it (Art. 15 GDPR);
  • Right to rectification: request the correction of inaccurate or incomplete data (Art. 16 GDPR). Some data can be modified directly from the Application;
  • Right to erasure: obtain the erasure of your data under the conditions of Art. 17 GDPR. You can delete your account directly from the Application; your data is then erased as described in article 7 (immediate erasure, except for the minimal record kept for 6 months for security and legal-defense purposes);
  • Right to restriction: request the restriction of processing under the conditions of Art. 18 GDPR;
  • Right to object: object at any time to the processing of your data, in particular for prospecting purposes (Art. 21 GDPR);
  • Right to portability: receive your data in a structured, machine-readable format, and transmit it to another data controller (Art. 20 GDPR);
  • Right to withdraw your consent: where processing is based on your consent (for example, preferences relating to the gender sought), you can withdraw it at any time, without affecting the lawfulness of processing carried out before such withdrawal (Art. 7 GDPR);
  • Post-mortem directives: give directives regarding the retention and communication of your data after your death.

To exercise your rights, send your request by email to contact@dowefit.app. Your request will receive a response within one month. Proof of identity may be requested in case of doubt.

In the case of a connection via Apple or Google, the data obtained through these third parties cannot be rectified without their cooperation.

In the event of a dispute, you have the right to lodge a complaint with the CNIL or any other competent supervisory authority in your country of residence.

10. Contact us

For any question relating to this privacy policy or any request relating to your personal data, contact us at: contact@dowefit.app, or by post at: Barcobist, 60 rue François Ier, 75008 Paris, France.