Spraywall

Privacy Policy

Last updated: April 23, 2026

Rauk ("we," "us," or "our") operates the Rauk mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use the App, in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By using the App, you agree to the collection and use of information as described in this policy.

1. Data Controller

The data controller responsible for your personal data is:

Rauk
Email: privacy@rauk.app

If you have any questions about this Privacy Policy or our data practices, please contact us at the address above.

2. What Data We Collect

2.1 Account Data

When you create an account via a third-party OAuth provider (such as Apple or Google), we collect:

  • Email address
  • First name and last name

We do not store your OAuth provider password. Authentication is handled entirely by the third-party provider. We may introduce additional login methods in the future, at which point this policy will be updated accordingly.

2.2 Profile Data

You may optionally provide:

  • A username
  • A profile picture
  • A bio

Bios and problem descriptions are subject to automated content filtering to help maintain a respectful community.

2.3 Climbing Data

When you use the App, we collect data you provide about your climbing activity:

  • Spray wall problems you create or interact with
  • Problem grades and difficulty ratings
  • Progress and performance data (sends, attempts, session history)
  • Tags you assign to problems (private tags for premium subscribers)
  • Circuits you create or join (premium feature)

2.4 Usage Data

We collect anonymized data about how you interact with problems in the App, specifically which problems you like or dislike. This data is used to train recommendation algorithms and potentially machine learning models to improve problem suggestions (such as the "Smart Session" feature).

This usage data is fully anonymized: user identifiers are irreversibly swapped before the data is used for training, meaning it cannot be traced back to any individual user.

2.5 Technical Data

We automatically collect certain technical data when you use the App:

  • Device type and operating system version
  • App version
  • IP address
  • Crash logs and performance diagnostics

2.6 Data We Do Not Collect

We do not collect GPS or location data. We do not access your device's contacts, microphone, or other sensors. We do not serve advertisements or collect data for advertising purposes.

3. Legal Basis for Processing

We process your personal data under the following legal bases (Article 6 GDPR):

  • Performance of a contract (Art. 6(1)(b)): Processing your account data, profile data, and climbing data is necessary to provide the App's services to you, including premium subscription features.
  • Legitimate interests (Art. 6(1)(f)): We process technical data for app stability, security, and improvement. We process anonymized usage data to improve our recommendation algorithms. Our legitimate interest is to maintain, secure, and improve the service.
  • Consent (Art. 6(1)(a)): Where we send you marketing or promotional communications, we rely on your consent. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): We may process data where required to comply with a legal obligation, such as responding to lawful requests from authorities.

4. How We Use Your Data

We use the data we collect to:

  • Create and manage your account via OAuth authentication
  • Provide the App's core features (problem creation, grading, progress tracking, wall membership)
  • Provide premium features (private tags, circuits, Smart Session recommendations)
  • Display your profile (username, profile picture, bio) to other members of walls you belong to
  • Train and improve recommendation algorithms using anonymized usage data
  • Moderate content through automated filtering of bios and problem descriptions
  • Process user reports and enforce community standards
  • Improve app performance and fix bugs
  • Communicate with you about your account, subscription, or service updates

5. Data Sharing and Visibility

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal data to any third party. We do not serve advertisements.

5.2 Visibility to Other Users

The App operates on an invite-only wall model: users can only join a wall if invited by an existing member. Within a wall, the following data is visible to other members by default:

  • Your username, profile picture, and bio
  • Problems you create (public within the wall by default)
  • Your climbing activity on the wall (sends, attempts)

You control which walls you join. There are currently no follow, comment, or direct messaging features.

5.3 Service Providers

We use the following third-party service providers to operate the App:

  • MongoDB Atlas (database hosting, EU and US regions)
  • Amazon Web Services — AWS Lambda (backend processing, EU and US regions)

These providers process data on our behalf under data processing agreements that comply with GDPR. They do not have independent rights to use your data.

5.4 Legal Disclosure

We may disclose your data if required by law, regulation, court order, or other legal process, or to protect our rights, safety, or property.

6. International Data Transfers

Your data is stored and processed in the European Union (EU) and the United States (US). Our infrastructure providers — MongoDB Atlas and AWS — operate in both regions.

When your data is transferred to or processed in the United States, we ensure appropriate safeguards are in place in accordance with GDPR, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • The EU-U.S. Data Privacy Framework, where applicable
  • Any other mechanism recognized under GDPR

As the App scales, we may expand to additional regions. We will update this policy and ensure equivalent safeguards before processing data in any new region.

7. Data Retention

We retain your data as follows:

  • Account and profile data: Retained for as long as your account is active. If you delete your account, we will erase your personal data within 30 days, except where retention is required by law.
  • Climbing data: Retained for as long as your account is active. Deleted when you remove specific content or delete your account.
  • Anonymized usage data: Because this data is fully anonymized and cannot be traced back to you, it may be retained indefinitely for algorithm improvement purposes. Anonymized data is not considered personal data under GDPR.
  • Technical data: Crash logs and diagnostics are retained for up to 12 months.
  • User reports: Report data is retained for as long as necessary to investigate and resolve the report, and may be retained longer if required for legal compliance.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Access (Art. 15): Request a copy of the personal data we hold about you.
  • Rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
  • Restriction (Art. 18): Request that we restrict processing of your data in certain circumstances.
  • Data portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
  • Objection (Art. 21): Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@rauk.app. We will respond within 30 days.

Note: These rights apply to your personal data. Anonymized usage data (as described in Section 2.4) is no longer personal data and is not subject to these rights.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS) and at rest
  • OAuth-based authentication (no passwords stored by Rauk)
  • Access controls and authentication for internal systems
  • EU-based data storage and processing
  • Automated content filtering

While we take reasonable precautions, no system is completely secure. We cannot guarantee absolute security of your data.

10. Children's Privacy

The App is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@rauk.app.

11. Premium Subscription

Rauk offers a premium subscription that unlocks additional features. Payment processing is handled by the applicable app store (Apple App Store or Google Play Store). We do not directly collect or store your payment information. Please refer to the app store's privacy policy for details on payment data handling.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the App and updating the "Last updated" date above. If a change materially affects how we process your personal data, we will provide prominent notice (such as an in-app notification) before the change takes effect.

Your continued use of the App after changes are posted constitutes acceptance of the revised policy.

13. Supervisory Authority

If you are located in the EEA and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

14. Contact Us

For any questions or requests related to this Privacy Policy or your personal data: privacy@rauk.app