HERO2 Logo

Privacy Policy

Effective date: May 13, 2026

Genius at Large Inc. ("HERO2", "we", "our", or "us") operates the HERO2 mobile application (the "App"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. By using the App, you agree to the practices described here.

1. Information We Collect

Account Information

When you create an account we collect your email address and, once you set it, your username. If you sign in with Google, we receive your email address and name from Google solely to create and identify your account.

Location Data

The App collects precise GPS location data continuously in the background. This data is used exclusively to detect and classify your transportation trips (walking, cycling, public transit, driving) so we can calculate your CO2 savings and award Power Tokens. Location data is not sold or shared with advertisers. You can revoke location access at any time in your device settings, though doing so will disable trip tracking.

Motion and Fitness Data

We use your device's motion sensors and, with your permission, Apple HealthKit data (walking distance, running distance, step count) to improve the accuracy of trip classification. We do not write any data back to HealthKit.

Trip and Activity Data

We store records of your detected trips, including transportation mode, distance, duration, and estimated CO2 impact. This data is used to calculate your Power Token balance, your position on the leaderboard, and your cumulative environmental impact.

Rewards Activity

We record which rewards you have saved, claimed, locked in, and redeemed. Redemption data is shared with the relevant merchant partner only to the extent needed to verify your redemption at their location.

Device Information

We collect your device's timezone to ensure trip timestamps are recorded accurately relative to your local time.

2. How We Use Your Information

  • To detect transportation trips and calculate your CO2 impact and Power Token balance
  • To operate the rewards system and verify redemptions with merchant partners
  • To display your ranking on global and local leaderboards
  • To send you account-related communications (verification codes, password resets)
  • To improve our trip detection algorithms and overall app performance
  • To comply with applicable law

We do not use your data for advertising, profiling, or sale to third parties.

3. Information Sharing

We share your information only in these limited circumstances:

  • Merchant partners: When you redeem a reward, we share confirmation of the redemption with the merchant. We do not share your location history or account details with merchants.
  • Authentication providers: We use Keycloak for authentication management. If you sign in with Google, your email is passed through Google's OAuth service.
  • Infrastructure providers: We use standard cloud infrastructure (object storage, databases, queue services) to operate the App. These providers process data only on our behalf and under confidentiality obligations.
  • Legal requirements: We may disclose information if required by law, court order, or to protect the rights and safety of our users or the public.

4. Data Retention

We retain your account and trip data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

5. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your account and associated data (available directly in the App under Profile → Delete Account)
  • Withdraw consent for location or HealthKit access at any time via your device settings
  • Request a copy of your data in a portable format

To exercise any of these rights, contact us at admin@hero2.org.

6. Children's Privacy

The App is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

7. Security

We use industry-standard security measures including HTTPS for all data in transit and encrypted storage for authentication tokens on your device. No method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date at the top of this page and, where appropriate, by in-app notification. Continued use of the App after changes take effect constitutes acceptance of the updated policy.

9. Contact

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

Genius at Large Inc.

admin@hero2.org