Back to home

    Privacy Policy

    Last updated: March 2026

    1. Data Controller

    SO-BUZZ SAS, with its registered office at 23 rue Jean-François Leca, 13002 Marseille (SIRET: 538 485 996 00051), is the data controller for personal data collected through the WALK&Co mobile application and associated website, in accordance with French Data Protection Act No. 78-17 of 6 January 1978 (as amended) and the General Data Protection Regulation (GDPR) No. 2016/679/EU of 27 April 2016.

    DPO contact: dpo@so-buzz.com

    2. Data Collected

    In the course of using the WALK&Co application, the following categories of data may be collected:

    • Identification data: first name, last name, email address, user identifier.
    • Physical activity and health data: daily step count, distance covered. On iOS, this data is read from Apple HealthKit with your explicit consent. On Android, it is read from Google Health Connect with your explicit consent. This data is used solely to calculate your score within the walking challenge organised by your company. It is never shared with third parties for advertising or commercial purposes.
    • Challenge data: accumulated points, ranking, badges earned, quiz participation history.
    • Technical data: device identifier, push notification token (FCM), operating system, app version, error logs.
    • Voluntarily submitted data: custom fields defined by your company (e.g. department, site, team).

    3. Purposes of Processing

    Your data is processed for the following purposes:

    • Managing your user account and authentication.
    • Tracking your physical activity and calculating your validated steps within the challenge.
    • Displaying the individual or team leaderboard within your company.
    • Awarding points, badges and rewards.
    • Sending push notifications (activity reminders, challenge updates) with your consent.
    • Improving the application and detecting technical anomalies.
    • Complying with our legal obligations.

    4. Legal Bases

    • Performance of contract (app terms of use): account creation, step tracking, leaderboard.
    • Explicit consent: access to health data (HealthKit / Health Connect), sending push notifications. You may withdraw your consent at any time in your device settings.
    • Legitimate interest: improving the application, security and fraud prevention.
    • Legal obligation: retaining certain data for regulatory purposes.

    5. Health Data — HealthKit & Health Connect

    WALK&Co accesses your physical activity data (step count) via Apple HealthKit on iOS and Google Health Connect on Android, solely with your prior authorisation.

    • Access to this data is limited to the strict minimum: the daily step count.
    • This data is never used for advertising purposes, nor sold or shared with third parties.
    • It is transmitted securely (HTTPS / TLS) to our servers hosted in France.
    • You can revoke access at any time from the Health settings on your iPhone or the Health Connect settings on your Android device.

    6. Data Recipients

    Your data is accessible to the following parties and services:

    • Your company: your company's HR administrators access aggregated participation statistics (step count, ranking). No individual health data is exposed without your consent.
    • SO-BUZZ: as the app publisher, for maintenance and support purposes.
    • Firebase (Google): for sending push notifications (Firebase Cloud Messaging). The data transmitted is limited to the notification token and device identifier. Firebase is subject to GDPR via Google's standard contractual clauses.
    • OVH: hosting provider for the application servers, based in France.

    No transfer of data outside the European Union takes place, except for the use of Firebase Cloud Messaging (Google LLC, United States), governed by GDPR-compliant standard contractual clauses.

    7. Data Retention

    • Account and activity data: retained for the duration of use of the application, then deleted within 30 days following an account deletion request.
    • Health data (daily steps): retained for the duration of the challenge, then archived for 12 months for statistical purposes before permanent deletion.
    • Technical data (logs): retained for 90 days.
    • Billing data: retained for 10 years in accordance with legal obligations.

    8. Data Security

    SO-BUZZ implements appropriate technical and organisational measures to protect your data against unauthorised access, loss or alteration: encrypted communications (TLS), restricted data access, secure hosting in France, time-limited JWT token authentication.

    9. Your Rights

    To exercise these rights, contact our DPO: dpo@so-buzz.com

    Under the GDPR, you have the following rights regarding your data:

    • Right of access: obtain a copy of the data concerning you.
    • Right of rectification: correct inaccurate data.
    • Right to erasure: request the deletion of your account and data.
    • Right to restriction: temporarily suspend processing.
    • Right to portability: receive your data in a structured format.
    • Right to object: object to certain processing based on legitimate interest.
    • Withdrawal of consent: revoke health data access at any time from your device settings.

    You also have the right to lodge a complaint with the French Data Protection Authority (CNIL).

    10. Push Notifications

    The application may send you push notifications (activity reminders, challenge updates) only if you have granted this permission during installation or from your device settings. You can disable these notifications at any time in your iPhone or Android smartphone settings.

    11. Minors

    The WALK&Co application is intended for adults in a professional setting. It is not intended for persons under the age of 16. SO-BUZZ does not knowingly collect data relating to minors.

    12. Policy Changes

    SO-BUZZ reserves the right to modify this privacy policy at any time. Any material changes will be notified to you via the application or by email. The date of the last update is shown at the top of this document.