top of page

Privacy policy

PRIVACY NOTICE

Updated: 2026-02-26

​

Challengize is developed by Challengize AB (Orgnr: 556920-3945). If you have any questions about your personal data, contact us at info@challengize.com.

​

This notice explains how we collect, use, and protect your personal data when you use Challengize. By registering and activating your account, you agree to our Terms of Use and this Privacy Notice.

 

1. Who We Are and What This Covers

  • Challengize – our platform and services

  • Challenge – a digital health initiative run via Challengize

  • User – anyone participating in a Challenge

  • Client – the company purchasing Challengize for its employees

  • Website – challengize.com and sub-page go.challengize.com

  • App – Challengize mobile application for Android/iOS

 

Challengize AB, Edsbäcksvägen 46, 19135 Sollentuna, Sweden, is responsible for how your personal data is handled.

​

This Privacy Notice covers data collected via the website, app, emails, or linked third-party apps.

 

2. What Personal Data We Collect

We collect information to deliver the service safely and meaningfully. This includes:

  • Basic info: name, email, age, height, weight (age, height, weight are voluntary)

  • Health data: survey responses, activity results, metrics needed to calculate Challenge Points

  • Activity data: type of activity, duration, distance, start/finish time

  • Location data: if you allow GPS tracking on your device

  • App usage data: dashboard interactions, mini-challenges, and social features

  • Website usage data: session information, newsletter sign-ups and contact form submissions

I

f you connect a third-party app (e.g., Strava, Runkeeper, Apple Health), we may receive your activity data from that app.

 

3. How We Use Your Data

We use your personal data to:

  • Display your activity and progress on individual, team, and unit levels

  • Calculate Challenge Points and generate reports

  • Provide team chats, social feeds, and interactive widgets like “ME” and “My Activities”

  • Send service-related emails, push notifications, and in-app messages (if you opted in)

  • Share aggregated Health Points results with the Client at a company and team level

  • Improve the platform, maintain securitya nd run analytics

 

We never share individual health survey results with your employer. Personal data used for reports is always aggregated to protect privacy.

 

4. Legal Basis for Processing

We process your data under the following legal grounds:

  • Performance of Contract – necessary to provide Challengize services, including account management, challenge participation, communication, and team features

  • Explicit Consent – health data (activity, survey, weight, height, age, gender) and location tracking are processed only with your explicit consent, obtained separately from Terms of Use

  • Legitimate Interests – we process some data to improve the service, run analytics, and ensure security; legitimate interests do not override your rights

 

5. How Consent Works

Participation in a Challenge is entirely voluntary. Employees are under no obligation to participate, and choosing not to participate or withdrawing consent will not result in any employment-related consequences.

 

The processing of special category health data, including activity and survey responses, is necessary to calculate Challenge Points and provide the core functionality of the service. For this reason, explicit consent is required to activate an account and participate in a Challenge. If consent is not provided, the service cannot be delivered, and the account will not be activated.

​

Consent for health data is obtained separately from acceptance of the Terms of Use. GPS/location consent is handled via your device permissions.

​

Users can withdraw consent at any time via app settings or by contacting info@challengize.com. Withdrawal of consent will prevent further participation in ongoing or future Challenges but does not affect processing carried out prior to withdrawal.

 

6. How Long We Keep Your Data

  • Default: 3 months after a Challenge, for reporting, support, and administrative purposes

  • After 3 months, data is deleted or anonymized

  • If a future Challenge is planned, data may be retained up to 12 months to simplify re-registration

 

Retention is based on contract performance and/or legitimate interests. Users may request deletion at any time.

 

7. Access While Traveling

Your data is stored securely in the EU. When you access the app or website abroad:

  • Data may temporarily pass through local networks

  • All transmissions are encrypted

  • No personal data is permanently stored outside the EU

 

This temporary access does not count as a formal cross-border transfer because data remains on EU servers. Users should take standard precautions.

 

8. Third-Party Apps and Subprocessors

Challengize is the controller of personal data collected through the app and website, including activity and health-related information. When users connect third-party apps such as Strava, Runkeeper, or Apple Health, these apps remain independent controllers for the data they collect. Challengize receives data from these apps solely to calculate Challenge Points and provide the service. We do not share personal data with these apps.

​

To provide and maintain the service, Challengize uses subprocessors. These include cloud hosting providers, email delivery services, push notification providers, and other service providers that support the operation of the platform. All subprocessors are bound by GDPR-compliant agreements to ensure data protection standards equivalent to those described in this Privacy Notice.

​

Currently, our subprocessors include:

  • AWS Stockholm, Sweden – secure cloud hosting of app and website data

  • OneSignal – push notifications, emails, and in-app messages (personal data includes email address, push token, and user ID)

  • ​

We will update this list if additional subprocessors are engaged. Users may request details about all subprocessors by contacting info@challengize.com.

​

All personal data is stored on secure servers within the EU. Temporary access while traveling abroad is encrypted and does not constitute a cross-border transfer, as data remains on EU servers. We do not share personal data with subprocessors outside the EU without ensuring appropriate legal safeguards are in place.

 

9. Your Rights and Supervisory Authority

Under the General Data Protection Regulation (GDPR), you have the following rights with respect to your personal data:

  • Access: to see what data we hold about you

  • Rectification: to correct inaccuracies in your data

  • Erasure: to request deletion of your personal data

  • Restriction: to limit processing in certain circumstances

  • Data portability: to receive your data in a machine-readable format

  • Object: to object to processing based on legitimate interests

  • Withdraw consent: to revoke consent at any time

 

To exercise any of these rights, you may contact info@challengize.com. We will respond in accordance with GDPR timeframes.

 

You also have the right to lodge a complaint with a supervisory authority. For users in Sweden, this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten – IMY). Users in other EU member states may contact their local supervisory authority. For users in the UK, the relevant supervisory authority is the Information Commissioner’s Office (ICO).

 

10. How We Protect Your Data

  • Stored on secure servers in the EU (AWS Stockholm)

  • Encryption, SSL, firewalls, and antivirus in place

  • Access limited to authorized employees with unique logins

 

11. Cookies and Website Functionality

Challengize uses strictly necessary cookies to enable secure login, authentication, and session management on the website.

​

These cookies are essential for providing the requested service and ensuring that users can access their accounts securely without having to log in repeatedly during an active session. We do not use analytics, advertising, or tracking cookies on the website.

​

Because these cookies are strictly necessary for the operation of the website, they do not require consent under applicable EU cookie regulations.

​

Session cookies are deleted when you close your browser. Persistent authentication cookies may remain for a limited period to allow continued login functionality and can be deleted at any time through your browser settings.

 

12. Changes to This Privacy Notice

We may update this notice to reflect legal, technical, or service changes. Updates are posted on the website.

bottom of page