Legal

Privacy Policy

Effective May 1, 2026 · Last updated May 26, 2026
The short version. Blocks is a walking app. We collect the location data we need to draw your map, the account info you give us to log in, and a small amount of diagnostic data so we can fix bugs. We do not sell your data, we do not share it with advertisers, and you can delete it all at any time.

1. About this policy

This Privacy Policy describes how Blocks, Inc. ("Blocks", "we", "us") collects, uses, and shares information when you use the Blocks mobile application and the website at nycblocks.com (together, the "Service"). By using the Service, you agree to the practices described here.

2. Information we collect

2.1 Information you give us

  • Account info. When you sign up, we ask for your email address, a display name, a username, and an optional home neighborhood. If you sign in with Apple, we receive a privacy-relay email and your chosen name. If you sign in with Google, we receive your email and basic profile.
  • Profile content. Anything you choose to add or generate — profile photo, bio, friend list, blocked accounts, venue ratings (1–5 stars + optional notes), tastemaker picks — is stored against your account. Per-rating visibility (friends / private) is yours to set.
  • Communications. If you email support, we keep that thread so we can help you.

2.2 Information collected automatically

  • Location data. When you start a walk (manually or via auto-track), we collect GPS coordinates from your device. We use these to determine which NYC street segments and blocks you have walked. iOS's Core Motion classifier filters non-walking activity (driving, cycling, riding the subway) on-device before any sample is sent to us. You control location access via iOS Location permissions and can revoke it at any time.
  • Device and diagnostic data. We collect crash reports, performance metrics, and basic device info (model, OS version, app version) to keep the app stable. This is not tied to your identity in our analytics tool.
  • Usage data. Which screens you open, which features you use, how often you open the app. Used only to make the app better.

2.3 What we do not collect

  • We do not access your contacts, photos, microphone, or camera unless you explicitly grant permission for a specific feature (e.g. profile photo upload, contact-import to find friends). When you import contacts to find friends, we HMAC-hash each phone number on-device and only send the hashes — raw numbers never leave your phone.
  • We do not use third-party advertising SDKs, and we do not load tracking pixels.
  • We do not collect biometric data, health data, or financial data.

3. How we use information

We use the information we collect to:

  • Provide the core Service — drawing your map, counting blocks, calculating tiers and streaks.
  • Sync your data across your devices so you can switch phones without losing your walks.
  • Show your map and tier to friends you have approved (and only to those friends).
  • Send transactional messages (account verification, password reset, security alerts).
  • Improve the app — diagnose crashes, prioritize features, fix bugs.
  • Comply with legal obligations and enforce our Terms of Service.

4. Who we share information with

We share information only in these limited cases:

  • With other users you approve. Your map, tier, and display name are visible to friends you have accepted. Nothing is public by default.
  • With service providers. We use a small number of vendors to run the Service — backend & database (Supabase, hosted on AWS in us-east-1), maps and street geometry (Mapbox), crash reporting (Sentry), product analytics (PostHog, configured without IP collection and with autocapture disabled), authentication (Apple Sign-In, Sign in with Google), push notifications (Apple Push Notification service), and email delivery (Postmark). Each vendor is bound by a Data Processing Agreement and may only use your data to provide their service to us.
  • For legal reasons. If we receive a valid legal request (subpoena, court order), we may disclose information to the extent required by law. We will push back on overbroad requests and notify you where legally permitted.
  • In a corporate transaction. If Blocks is acquired or merged, your data will transfer to the new entity under this same policy. You will be notified in advance.

We do not sell your personal information. We do not share your location data with advertisers, data brokers, or analytics networks.

5. How long we keep information

  • Account & walks. Walked segments, completed blocks, sessions, venue ratings, visits, friends, and tastemaker picks are kept until you delete your account.
  • Diagnostic data. Retained for 90 days, then deleted.
  • Support emails. Retained for two years from your last reply.
  • Deleted accounts. Fully purged from production systems within 30 days. Backups containing your data are overwritten on a rolling 90-day cycle.

6. Your rights

Wherever you live, you can:

  • Access a copy of the personal data we hold about you — request via privacy@nycblocks.com.
  • Correct inaccurate information from your account screen.
  • Delete your account and all associated data at any time. See Delete your account.
  • Export your walking data as a GeoJSON file from the Settings screen.
  • Object to or restrict certain processing.

If you are in the EEA, UK, or Switzerland, you have additional rights under the GDPR including the right to lodge a complaint with your local data protection authority. If you are a California resident, you have additional rights under the CCPA/CPRA — including the right to opt out of sales of personal information, which we do not engage in regardless.

7. Children

Blocks is not directed to children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us information, contact privacy@nycblocks.com and we will delete it.

8. Security

We protect your data with industry-standard practices — TLS in transit, AES-256 at rest, hardware-backed key storage, and least-privilege access controls. No system is perfectly secure, but we work hard to keep yours protected. If we ever experience a breach affecting your data, we will notify you within 72 hours.

9. Changes to this policy

When we make material changes, we will notify you in-app and by email at least 30 days before they take effect. Minor changes (typo fixes, clarifications) are made without notice but always reflected in the "Last updated" date at the top of this page.

10. Contact us

Email us at privacy@nycblocks.com for any privacy question. For general support, use hello@nycblocks.com.

Blocks, Inc.
123 Franklin Avenue
Brooklyn, NY 11238
United States