Legal Document

Privacy Policy

📅 Last updated: June 9, 2026 📅 Effective: June 9, 2026 🌍 GDPR · CCPA · COPPA

01 — Introduction

Who We Are

Vlad-Alexandru Vasiu and the Quantified Strides team ("we," "us," or "our") operate the Quantified Strides mobile application available on iOS and Android. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and what rights you have regarding your data.

We are committed to protecting your privacy and handling your data transparently. This policy applies to all users of the App.

🏢

Data Controller

Vlad-Alexandru Vasiu (on behalf of the Quantified Strides team)

Str. Frunzișului 91C, Cluj-Napoca, Romania

support@quantifiedstrides.com

02 — Data Collection

Information We Collect

Information You Provide Directly

Data Type	When Collected	Why
Name, email, username, password	Account registration	Identity verification and login
Date of birth, gender, profile photo	Profile setup	Personalizing recommendations
Body weight, height, body fat %	User-entered profile / check-ins	Training load and performance calculations
Workout logs (exercise, sets, reps, weight, duration)	Each logged session	Core app functionality
Nutrition data	User-entered (optional)	Holistic performance tracking

Health & Fitness Data (Special Category)

The following constitutes special category personal data under GDPR Art. 9 and is collected only with your explicit consent:

Heart rate and HRV data (from connected wearables or manual entry)
Training load metrics (ATL, CTL, TSB) computed from activity logs
Recovery and sleep data (wearable sync or manual entry)
Biometric data entered by you

Apple HealthKit (iOS): With your permission, we may read data from and write data to Apple HealthKit. HealthKit data is never used for advertising, never shared with third parties for their advertising purposes, and never sold.

Google Health Connect (Android): With your permission, we may read and write data via Google Health Connect. The same restrictions apply.

Location Data

Type	Use	Trigger
Precise GPS	Recording outdoor activity routes	Only during active workout with permission
Approximate location	Region-based compliance and recommendations	Only with permission

Payments

Quantified Strides does not currently process payments. The App does not offer paid subscriptions or in-app purchases at this time. This section will be updated before any payment functionality is introduced, and users will be notified.

Device & Usage Data (Collected Automatically)

Device type, OS version
App version, crash logs, and performance telemetry
IP address (used for server communication; not stored long-term)

The App does not currently use any third-party analytics service. Basic crash and error logging may occur to support App stability.

03 — Data Use

How We Use Your Information

Purpose	Data Used	Legal Basis (GDPR)
Delivering core App functionality	All data types	Contractual necessity (Art. 6(1)(b))
Computing training recommendations	Health, fitness, HRV, location data	Explicit consent (Art. 9(2)(a))
Account creation and authentication	Account / profile data	Contractual necessity (Art. 6(1)(b))
Route mapping for outdoor workouts	GPS location	Explicit consent (Art. 6(1)(a))
Crash reporting and debugging	Device, error data	Legitimate interests (Art. 6(1)(f))
Push notifications	Email, device token	Consent (Art. 6(1)(a)) — opt-in only
Legal obligations (fraud prevention, safety)	Account data	Legal obligation (Art. 6(1)(c))

We do not use your health or fitness data to serve advertisements, nor do we sell it to any third party.

04 — Data Sharing

How We Share Your Information

We do not sell your personal data.

Service Providers

Provider	Category	Data Shared	Purpose
Hetzner Online GmbH (Germany)	Infrastructure	All app data	Hosting and storage

All service providers are bound by Data Processing Agreements (DPAs) and may not use your data beyond what is necessary to provide their service. All app data is stored on servers in Germany (EU). No data is routinely transferred outside the EU/EEA.

Wearable & Platform Integrations

Integration	Data Direction	Your Control
Apple HealthKit	Read / Write	Revocable in iOS Settings → Health
Google Health Connect	Read / Write	Revocable in Android Settings

05 — Retention

Data Retention

Data Type	Retention Period	Basis
Account & profile data	Duration of account + 30 days post-deletion	Contractual
Health & fitness logs	Duration of account + 30 days post-deletion	Contractual / Consent
GPS activity routes	Duration of account; deletable per activity in-app	Consent
Crash / error logs	90 days	Legitimate interests
Deleted account data	Purged within 30 days of request	Erasure obligation

06 — Security

Data Security

Encryption in Transit

TLS 1.3 for all data in motion.

Encryption at Rest

Health data and credentials encrypted at rest.

Password Hashing

Passwords stored as salted hashes (bcrypt/Argon2).

Certified Infrastructure

ISO 27001-certified Hetzner data centers in Germany.

No method of transmission or storage is 100% secure. In the event of a data breach affecting your rights, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Art. 33.

07 — Your Rights

Your Rights Under GDPR (EEA / UK)

Access

Obtain a copy of your personal data.

→ Email us

Rectification

Correct inaccurate data.

→ In-app Settings or email

Erasure

Delete your data ("right to be forgotten").

→ Settings → Delete Account

Restriction

Pause processing in certain circumstances.

→ Email us

Portability

Receive your data in JSON/CSV format.

→ Email us

Object

Object to legitimate interest processing.

→ Email us

Withdraw Consent

Revoke any consent-based processing.

→ Settings → Privacy

Lodge a Complaint

Complain to your local supervisory authority.

→ See below

We respond to all verified requests within 30 days (extendable to 60 days for complex requests, with prior notice).

Supervisory Authority (Romania): Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) — dataprotection.ro

08 — California

Your Rights Under CCPA/CPRA (California Residents)

CCPA Category	Examples	Sold?
Identifiers	Name, email, device ID, IP address	No
Health / medical data	Fitness metrics, HRV, biometrics	No
Internet / app activity	App usage, feature interactions	No
Geolocation	GPS routes, approximate location	No
Inferences	Training load scores, recommendations	No

To exercise California rights: email support@quantifiedstrides.com.

09 — Children

Children's Privacy

The App is not directed at children under 16 (EU/EEA) or 13 (United States). We do not knowingly collect personal data from minors. If you believe a minor has provided data through the App, contact support@quantifiedstrides.com and it will be deleted promptly.

10 — Changes

Changes to This Policy

When this Policy is updated, we will update the "Last Updated" date at the top, send an in-app notification for material changes, and email you for changes involving new data processing or new categories of third-party sharing. Continued use of the App after the effective date constitutes acceptance of the updated Policy.

11 — Contact

Contact Us

👤

Vlad-Alexandru Vasiu

on behalf of the Quantified Strides team

support@quantifiedstrides.com

Str. Frunzișului 91C, Cluj-Napoca, Romania

For GDPR complaints, EU/EEA users may contact the ANSPDCP at dataprotection.ro. A formal DPO has not been appointed as current processing does not meet the threshold under GDPR Art. 37.