freiventures
|
Back to Tracklete

Privacy Policy — Tracklete

Last updated: 15.02.2026

1. Introduction

This Data Privacy Policy explains how Tracklete (the “App”) processes personal data when you use our mobile application and related services.

The App is operated by an individual based in Switzerland (the “operator”). Details about the data controller are provided in Section 2 below.

The operator is committed to protecting your privacy and processing personal data in accordance with:

  • The Swiss Federal Act on Data Protection (FADP, rev. 2023)
  • The EU General Data Protection Regulation (GDPR), where applicable
  • Other applicable data protection laws depending on your location

This Policy applies to users worldwide.

By using the App, you acknowledge that your personal data is processed as described in this Policy.
Where required by law, processing is based on your explicit consent.

2. Controller and Contact Information

The data controller responsible for processing your personal data is:

Thomas Frei, acting as an individual based in Switzerland, operating the App under the name Tracklete.

Contact email: contact@tracklete.app

3. Categories of Personal Data We Collect

3.1 Account and Profile Data

  • Name or username
  • Email address
  • Password (stored in hashed form)
  • Birth year
  • Country or region (if provided)

3.2 Health and Fitness Data

Only if you actively connect a device or manually provide metrics:

  • Heart rate data (including maxHR, measured or estimated)
  • Power data (from power meters or smart bikes)
  • Cadence, speed, distance, elevation
  • FTP (user-defined or estimated)
  • Training stress score (TSS), intensity factor (IF)
  • Derived performance and efficiency metrics
  • Time-series activity data recorded during workouts using relative timestamps (e.g., seconds since activity start), without requiring absolute time-of-day information

3.3 Location Data (Ride Tracking)

If you enable GPS and start a ride in the App, the App collects precise GPS location data (latitude and longitude) from your device while the ride is active and the App remains open in the foreground.

This location data is used to:

  • Calculate distance, speed, duration, and route
  • Display your recorded route within the App
  • Store ride history in your account

Location tracking stops when you deactivate GPS, end the ride or close the App. The App does not perform background location tracking.

3.4 Device and Technical Data

We collect limited technical data strictly necessary to operate, secure, and maintain the App, such as:

  • IP address (processed transiently for network communication, security, and abuse prevention)
  • Server logs and timestamps related to authentication and API requests

Tracklete does not use analytics services, crash reporting tools, behavioral tracking, profiling, advertising identifiers, or cross-app tracking technologies.

3.5 Usage Data

  • Ride history and activity logs
  • Training goals and preferences

3.6 Payment Data (if applicable)

Payment processing is handled entirely by third-party providers (e.g., Google Play Billing).

Tracklete does not store full payment card details.

4. Sources of Personal Data

Personal data is obtained from the following sources:

  • Directly from you when you create an account or use the App
  • Automatically through your use of the App (limited technical data only)
  • From connected third-party devices or platforms, with your authorization
  • From your device’s GPS functionality, with your authorization

5. Purposes of Processing

We process personal data to:

  • Provide and operate the App and its features
  • Record, analyze, and display cycling activities
  • Generate fitness insights and performance metrics
  • Calculate and display ride routes using GPS location data
  • Estimate fitness metrics where user-provided values are unavailable
  • Personalize training settings and preferences
  • Ensure security, stability, and performance of the App
  • Communicate with you regarding service-related matters
  • Comply with legal obligations
  • Send service-related updates or promotions if you have opted in
  • Upload cycling activities to third-party fitness platforms at your request (e.g., Strava)

AI-based analysis and coaching advice are processed only if you have explicitly enabled this feature. No analytics, marketing tracking, or behavioral profiling is performed.

6. Legal Bases for Processing (GDPR)

Where GDPR applies, personal data is processed on the following legal bases:

  • Performance of a contract (Art. 6(1)(b) GDPR): to provide requested services
  • Consent (Art. 6(1)(a), Art. 9(2)(a) GDPR): for health data, precise location data,AI-based analysis, and third-party platform integrations
  • Legitimate interests (Art. 6(1)(f) GDPR): limited to essential security, fraud prevention, and system integrity operations
  • Legal obligation (Art. 6(1)(c) GDPR): where required by law

Legitimate interests do not include analytics, profiling, or user tracking.

Consent may be withdrawn at any time without affecting the lawfulness of prior processing.

7. AI and Automated Processing

  • AI-based coaching and performance analysis is disabled by default and is only performed if you explicitly opt in
  • You can enable or disable AI analysis at any time in the App settings
  • If AI analysis is disabled, new rides and activities are not analyzed by AI
  • AI models provided by OpenAI generate coaching advice based on selected ride metrics and profile data
  • Tracklete does not train or improve AI models
  • OpenAI processes data according to its own terms and policies
  • AI outputs are informational only and intended for fitness guidance; no legally binding or automated decisions are made
  • No free-text user input is collected for AI processing
  • Prompts and AI outputs are stored only as long as necessary to provide the service and in accordance with Section 10 (Data Retention)

By enabling AI features, you consent to the processing of relevant data by OpenAI, including cross-border processing in the United States.

8. Data Sharing and Disclosure

8.1 Cloud and Infrastructure Providers

  • Google Firebase (Google Ireland Ltd.): authentication, database storage, and cloud functions
    (Firebase Analytics and Firebase Crashlytics are not used.)

8.2 AI Service Providers

  • OpenAI: generation of AI-based coaching advice using minimized and selected data only

8.3 Fitness Platform Integrations (Strava)

If you choose to connect your account with Strava, selected activity data — including route information, ride metrics, and Time-Series Data — is transmitted at your request.

  • Tracklete and Strava act as independent data controllers
  • Tracklete has no technical ability to access, modify, or delete data once transmitted to Strava
  • Requests regarding data stored by Strava must be directed to Strava directly

Health and Fitness Data and Location Data are transmitted to Strava only when you explicitly choose to upload an activity.

8.4 Other Recipients

  • Authorities or legal entities where required by law

9. International Data Transfers

  • OpenAI may process data in the United States
  • Transfers rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms under GDPR and FADP

10. Data Retention

  • Account and activity data is retained as long as your account remains active
  • Upon account deletion, personal data is deleted as soon as reasonably possible, unless retention is required by law
  • Tracklete does not control retention practices of third-party platforms following user-initiated uploads

11. Data Security

Appropriate technical and organizational measures are implemented, including:

  • Encryption in transit and at rest (where supported by service providers)
  • Access controls and authentication mechanisms
  • Periodic security reviews

No system can guarantee absolute security.

12. Your Rights

Depending on your location, you may have the right to:

  • Access your personal data
  • Rectify inaccuracies
  • Request erasure
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent

These rights apply to data processed by Tracklete.
For data processed independently by third-party platforms such as Strava, you must contact the respective platform directly.

To exercise your rights, contact: contact@tracklete.app

13. Children’s Data

The App is intended for adults 18 years or older.
We do not knowingly collect data from minors.

14. Third-Party Links and Services

The App may contain links or integrations with third-party services.
Tracklete is not responsible for their privacy practices.

15. Changes to This Policy

This Policy may be updated periodically.
Material changes will be communicated via the App or other appropriate means.

16. Governing Law

This Policy is governed by Swiss law, without prejudice to mandatory local consumer or data protection laws.

17. Data Processing Agreements (DPAs)

  • Firebase: governed by Google’s DPA (link)
  • OpenAI: governed by OpenAI’s API terms (link)

If you have questions or concerns, please contact the operator at contact@tracklete.app.

Back to TrackleteAll apps