Gorilla Runner

Privacy Policy

Last Updated: 26th November 2025  |  Effective Date: 26th November 2025

Introduction

Welcome to Gorilla Runner ("we," "us," "our," or the "Platform"). We are committed to protecting your privacy and handling your personal information with care, transparency, and in compliance with applicable laws, including the Nigeria Data Protection Regulation (NDPR) 2019, Nigeria Data Protection Act 2023, General Data Protection Regulation (GDPR) for EU users, and other relevant international data protection laws.

This Privacy Policy explains what information we collect, how we use and share it, your rights and choices, and the safeguards we use to protect your information. By using Gorilla Runner, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Information You Provide to Us

Account Registration:

  • Full name, email address, phone number, password (encrypted), date of birth, gender (optional), and location (optional)

Profile Information:

  • Profile photo, bio, social links, preferences, and interests

Assessment Information:

  • Assessment answers, test results, self-reported data, written reflections

Payment Information:

  • Billing details, payment method (processed via third parties), transaction history, subscription status

Communication Information:

  • Messages, support tickets, forum posts, feedback, surveys

Compatibility Matching (Opt-In):

  • Relationship preferences, goals, values, match criteria, and match conversations

1.2 Information We Collect Automatically

Device & Usage: IP address, browser, OS, device type, screen resolution, language, time zone, referring pages, visited pages, time on page, links clicked, features used.

Cookies & Tracking: Session, preference, analytics, and marketing cookies (with consent). See our Cookie Policy for details.

Location: General location via IP or precise location if you grant permission.

Performance & Error Data: Crash reports, error logs, diagnostics, and performance metrics.

1.3 Information from Third Parties

  • Social Logins: Name, email, profile photo, public profile data.
  • Payment Providers: Transaction confirmations, payment status, fraud prevention data.
  • Analytics & Advertising: Aggregated usage stats, ad performance, anonymized demographics.

2. How We Use Your Information

2.1 Provide & Improve Services

  • Create/manage accounts, process assessments, calculate classifications, show badges/leaderboards
  • Facilitate community features and optional compatibility matching
  • Process payments, send service notifications, provide support
  • Improve functionality, build new features, conduct research with anonymized data

2.2 Communication & Marketing (Consent)

Send newsletters, feature announcements, educational content, event news, and promotional offers via email, SMS/WhatsApp (with explicit consent), push notifications, or in-app messages. You can opt out anytime.

2.3 Analytics & Improvement

Analyze aggregated usage to understand engagement, refine features, detect bugs, optimize performance, A/B test, and measure campaigns.

2.4 Safety, Security & Compliance

  • Verify identities, prevent fraud/spam, enforce policies
  • Respond to legal requests and fulfill regulatory obligations
  • Protect our rights, users, and infrastructure; investigate incidents

2.5 Compatibility Matching (Opt-In)

Analyze assessment data to calculate compatibility scores, show profiles to potential matches, facilitate messaging, and power recommendations. You control what information is visible.

3. How We Share Your Information

We do NOT sell, rent, or trade your personal data.

Service Providers: Hosting (AWS/GCP), payments (Paystack, Flutterwave, PayPal, Stripe), email (Mailchimp, SendGrid), SMS (Twilio, Termii), analytics (Google Analytics, Mixpanel), support (Zendesk, Intercom), security (Cloudflare, reCAPTCHA). Providers are contractually bound to safeguard data.

Community Features: Username, profile photo, content, badges, and leaderboard ranking—visible based on your settings.

Compatibility Matching: Profile visibility depends on opt-in, compatibility score, and privacy controls.

Legal Requirements: We may disclose data when required by law; we notify you unless prohibited.

Business Transfers: In mergers or acquisitions, data may transfer to the new entity, which must honor this policy.

With Consent: We share data with third parties or coaches only when you authorize it.

4. Data Retention

  • Active Accounts: Data retained while your account is active; assessments stored indefinitely for progress tracking.
  • Inactive Accounts: Accounts inactive for 3 years may be deactivated; data anonymized after deactivation.
  • Deleted Accounts: Personal data removed within 30 days except data retained for legal reasons (up to 7 years).
  • Payment Records: Retained for 7 years for compliance.
  • Community Content: Posts may remain (anonymized) after deletion; you can remove them manually.
  • Anonymization: Wherever possible we anonymize or pseudonymize data used for analytics or research.

5. Data Security

Encryption: HTTPS (SSL/TLS), bcrypt passwords, encryption at rest for sensitive data.

Access Controls: Least-privilege employee access, MFA for admins, regular audits.

Infrastructure: Secure cloud hosting, firewalls, intrusion detection, backups, DDoS protection.

Application Security: Input validation, CSRF/XSS protection, rate limiting, prompt patching.

Your Responsibility: Use strong passwords, don’t share credentials, log out on shared devices, enable 2FA (when available), and report suspicious activity.

Data Breaches: We notify affected users and authorities within 72 hours, outlining impact, timing, remediation, and guidance.

6. Your Rights & Choices

  • Access & Correction: Download or update your data via Settings or email privacy@gorillarunner.com.
  • Deletion: Delete your account or specific data; most data removed within 30 days.
  • Marketing Opt-Out: Unsubscribe links, notification settings, or unsubscribe@gorillarunner.com; reply STOP for SMS/WhatsApp.
  • Privacy Controls: Manage profile visibility, community settings, messaging preferences, compatibility matching visibility.
  • Data Portability: Export profile, assessments, community content, and transactions (JSON/CSV).
  • Objection & Restriction: Object to certain processing or request restrictions by contacting privacy@gorillarunner.com.
  • Complaints: Contact the Nigeria Data Protection Commission (ndpc.gov.ng), your local EU Data Protection Authority, or privacy@gorillarunner.com first.

7. International Data Transfers

Your data may be stored or processed in Nigeria, the United States, the European Union, or other countries where our providers operate. We use safeguards such as Standard Contractual Clauses, NDPR/GDPR-compliant vendors, and robust technical/organizational controls to protect your information.

8. Children's Privacy

Gorilla Runner is not intended for users under 18. We do not knowingly collect information from children. If we learn that a minor has provided data, we will delete it and notify the parent/guardian. Contact privacy@gorillarunner.com for assistance.

9. Cookies & Tracking Technologies

Purpose: Remember login state, preferences, usage patterns, personalize content, and measure ads.

Types: Essential, preference, analytics, and marketing cookies (non-essential cookies require consent).

Consent & Control: Manage via cookie banner, Settings > Privacy > Manage Cookies, or browser controls. Blocking essential cookies may affect functionality.

Third-Party Cookies: Google Analytics, Google Ads, Facebook Pixel, YouTube embeds—each with their own policies.

Do Not Track: We honor DNT signals by limiting non-essential tracking.

10. Third-Party Links

Our Platform may contain links to external websites or resources. We are not responsible for their privacy practices, content, or data collection. Review third-party policies before sharing information.

11. Changes to This Privacy Policy

  • Updates: We may revise this policy to reflect legal, feature, or practice changes.
  • Notification: Material updates trigger email and on-platform notices 30 days in advance; non-material updates adjust the "Last Updated" date.
  • Review: Please review periodically to stay informed.

12. Legal Basis for Processing (GDPR/NDPR)

  • Consent: Marketing communications, cookies, compatibility matching.
  • Contract: Deliver requested services, assessments, and subscriptions.
  • Legitimate Interests: Improve functionality, ensure security, prevent fraud.
  • Legal Obligations: Tax, accounting, regulatory reporting, compliance responses.

You may withdraw consent at any time without affecting lawful processing completed before withdrawal.

13. Contact Information

Data Controller: Gorilla Runner, Lagos, Nigeria

Data Protection Officer: dpo@gorillarunner.com

Privacy Inquiries: Email privacy@gorillarunner.com, call +234 909 515 2496, or mail Gorilla Runner - Privacy Team, Lagos, Nigeria. We respond within 30 days.

14. Acknowledgment

By using Gorilla Runner you confirm that you have read, understand, and agree to this Privacy Policy, consent to the described data practices, understand your rights, and agree to receive essential communications.

15. Definitions

  • Personal Data: Information that identifies or can identify you.
  • Processing: Any operation performed on personal data.
  • Data Controller: Entity deciding how and why data is processed (Gorilla Runner).
  • Data Processor: Third parties processing data on our behalf.
  • NDPR: Nigeria Data Protection Regulation / Nigeria Data Protection Act.
  • GDPR: EU General Data Protection Regulation.

This Privacy Policy is Version 1.0 and is effective as of 26th November 2025. 🦍🔒