Privacy Policy

Last updated: April 5, 2026

Overview

EpicReel ("we", "our", "us") is operated by Lab360 AI. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the EpicReel mobile application and related services. We are committed to protecting your privacy and being transparent about our data practices.

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address
• Authentication credentials (managed securely by Firebase Authentication)

You may sign in using Email/Password or Google Sign-In. We never store your password directly.

Health & Fitness Data

With your explicit permission, we access activity data from Apple HealthKit, including:

• Activity sessions (activity type, duration, start and end times)
• Heart rate (average and maximum)
• Distance traveled
• Active energy burned (calories)
• Speed, power, and cadence metrics
• Elevation and flight data
• GPS route data associated with activities

We do not write data to HealthKit. Health data is only accessed with your authorization and is used solely to create activity videos and display your fitness statistics.

Photos & Videos

With your permission, we access photos and videos from your device library that were captured during your activity time windows. We do not access your entire photo library — only media whose capture timestamps fall within your activity periods.

Device Information

We collect limited device information including device name, model, and timezone offset. This is used to correctly display activity times and identify the source of activity data.

Third-Party Fitness Data

If you choose to connect external fitness platforms, we collect activity data from:

• Polar — exercise data, heart rate, GPS routes
• Fitbit — activity data, heart rate
• Wahoo — activity data, power metrics, GPS routes

These connections are optional and require your explicit authorization via OAuth. You can disconnect any integration at any time.

Analytics

We use Firebase Analytics to collect anonymous usage data such as app opens, screen views, and feature usage. This data is aggregated and does not personally identify you. It helps us understand how the app is used so we can improve the experience. You can opt out of analytics data collection through your device settings.

What We Do Not Collect

• We do not serve advertisements
• We do not track your location in the background — GPS data comes only from your recorded activities via HealthKit or connected fitness platforms

2. How We Use Your Data

• Activity videos: Create and render shareable activity highlight videos with your stats, routes, and media
• Activity history: Display your activity history with maps, statistics, and titles
• Maps and routes: Generate map images and reverse-geocode GPS coordinates to create meaningful activity titles (e.g., "Breckenridge Snowboarding")
• Push notifications: Notify you when your activity videos are ready to view and share
• Fitness platform sync: Import activity data from connected third-party services

3. Data Storage & Security

Your data is stored using Google Cloud infrastructure through Firebase services:

• Firebase Authentication: Secure account management
• Cloud Firestore: Activity records, user profiles, and integration credentials
• Firebase Cloud Storage: Activity sample files (FIT/GPX format), map images, and generated videos
• Firebase Cloud Messaging: Push notification delivery

OAuth access tokens for third-party integrations are stored securely in Firestore and are revoked upon account deletion or when you disconnect an integration.

Some data is cached locally on your device for performance, including activity data and map images.

4. Third-Party Services

We use the following third-party services to operate EpicReel:

• Firebase (Google): Authentication, database, file storage, cloud functions, and push notifications
• Mapbox: Server-side reverse geocoding (converting GPS coordinates to place names) and static map image generation. Your GPS coordinates are sent to Mapbox servers for processing. No Mapbox tracking occurs on your device.
• Polar, Fitbit, Wahoo: Optional fitness platform integrations, governed by their respective privacy policies

We use Firebase Analytics for anonymous usage insights. We do not use advertising or data broker services.

5. Data Sharing

• We do not sell your personal data to third parties
• We do not share your data for advertising purposes
• Your data is shared only with the third-party services listed above, solely for app functionality
• Your generated videos are private unless you explicitly choose to share them

6. Your Rights & Data Deletion

You have the right to:

• Access your data: View all your activity data within the app
• Delete your account: Full account deletion is available in the app's Settings. This permanently deletes all your data including activities, videos, map images, sample files, integration credentials, push notification tokens, and your authentication account
• Disconnect integrations: Remove any connected fitness platform independently without deleting your account
• Revoke HealthKit access: Manage HealthKit permissions at any time through your device's Settings

When you delete your account, we revoke all third-party OAuth tokens and maintain a GDPR-compliant audit log with only a hashed (non-reversible) version of your email address.

7. Children's Privacy

EpicReel is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page. Your continued use of EpicReel after changes constitutes acceptance of the updated policy.

9. Contact Us

For privacy concerns or questions about your data, please contact us at privacy at epicreel dot ai.