Privacy Policy

Effective date: August 8, 2025

Controller: Gustav Manthorpe

Contact: gustav.manthorpe@gmail.com

What the app does

Footprints helps you discover new places in your neighborhood by visualizing how much of each district/street you’ve covered based on activities you connect from services like Strava and Garmin.

Personal data we process

• Account details: name/alias and email (if provided).
• Authorization: OAuth access/refresh tokens from Strava/Garmin – only after you approve via their official login flows.
• Activity data: date/time, distance, duration, route/coordinates (GPS), pace, etc.
• Derived data: district/street coverage, badges, statistics.
• Device/operational data (non-tracking): app version and error/performance logs for debugging.
• Location in app: “center on me” uses your current position on device for map display (we do not store it unless required by a feature you explicitly use).

Note We do not collect Apple Health/Google Fit health data, do not use advertising identifiers (IDFA/AAID), and do not sell personal data.

Purposes & legal bases (GDPR)

• Core features: show routes, compute/visualize coverage, badges, and stats. (Art. 6(1)(b) – contract)
• Synchronization: import past/new activities via Strava/Garmin. (Art. 6(1)(b))
• Security/troubleshooting: operations, logging, abuse prevention. (Art. 6(1)(f) – legitimate interests)
• Extended access: private activities are processed only if you explicitly consent in Strava/Garmin. (Art. 6(1)(a) – consent)

Sources

Data comes from you and the services you choose to connect (Strava/Garmin). You can revoke access anytime in Strava or Garmin Connect settings.

Retention & deletion

• Account, tokens, derived coverage, and imported activity snapshots are kept while your account is active.
• Deletion: delete your account (and associated data) in the app under Settings → Delete account or by contacting us.
• We complete deletion within 30 days of a verified request (subject to legal requirements and dispute resolution).
• Operational logs are typically retained short-term (e.g., 30–90 days) for security/debugging.

Sharing & processors

• No sale/sharing with advertisers.
• Processors (operations): hosting/infrastructure (e.g., Render) and database providers. They process data only under our instructions and appropriate agreements.
• Connected services: Strava/Garmin receive only the requests needed to import your activities based on your consent with them.

International transfers

Where processing occurs outside the EU/EEA, we rely on valid transfer mechanisms (e.g., EU Standard Contractual Clauses) and appropriate safeguards.

Security

Data is transmitted over TLS. System access is restricted on a need-to-know basis; tokens/secrets are protected. We continuously improve technical and organizational measures.

Your rights

You may access, rectify, erase, restrict, port, and object. You can withdraw consent at any time (effective going forward).

Children

Footprints is not directed to children under 13. We do not knowingly collect data from children under 13.

Changes

We may update this policy. Material changes will be communicated in-app or via email. The latest version is available in the app and/or on the website.

Disconnecting Strava/Garmin

You can revoke access in Strava or Garmin Connect at any time. You can also disconnect within Footprints settings and/or delete your account.