Privacy Policy for Compare Runs

Effective date: October 22, 2025

1. Controller / Responsible party

Benjamin Waibel
c/o COCENTER
Koppoldstr. 1
86551 Aichach
Germany
E-Mail hi@benjaminwaibel.com

2. Scope and purpose of this Privacy Policy

This Privacy Policy explains how we collect, use, store and protect personal data in connection with the mobile application (hereinafter "app") and your use of the app. It applies worldwide, including to users in the European Union (GDPR/DSGVO) and residents of California (CCPA), and describes the rights available under those laws. Where local mandatory laws provide additional rights, those rights will apply in addition.

3. Data we access from HealthKit

Types of HealthKit data accessed: The app accesses only workout-related HealthKit data necessary for workout analysis — for example: heart rate, running power, steps, walking + running distance, workouts, workout routes. Read-only access: The app only requests read permissions from Apple HealthKit. It does not write, modify or delete any HealthKit data. All workout and health data accessed from HealthKit remains on your device; we do not transfer HealthKit data externally.

4. Purpose and legal basis for processing (EU / GDPR)

Purpose: To analyse workouts and present personalised, on-device insights and summaries. This includes computing metrics, trends and visualisations derived from your workouts. Legal basis (GDPR) for EU users:

• Consent (Article 6(1)(a) GDPR): Where personal data processing requires consent, the user’s explicit permission to access HealthKit via iOS is relied upon. Apple’s permissions flow is used to obtain that consent in the device UI.
• Special categories (health data): Health and fitness data accessed from HealthKit may constitute “special categories” of personal data under Article 9 of the GDPR. For European users, the legal basis for processing such data is the user’s explicit consent obtained via Apple’s Health permission flow on the device (Article 9(2)(a) GDPR and Article 6(1)(a) GDPR). Consent is obtained when you grant HealthKit read access in the iOS permission dialog.

5. Data storage, retention and deletion

• No server storage: We do not transmit, store, back up or otherwise process HealthKit workout data on any server or cloud service controlled by us or third parties. All HealthKit data accessed remains on the user’s device.
• Local device storage: The app may store derived analysis results, summaries or display caches on the device to present the user interface. These are stored only locally on the device. If the app does store local copies or logs, they are retained only as long as necessary to provide the functionality and are deleted when the user uninstalls the app or clears the app data (unless the user independently backs up their device).
• Deletion: To delete any local analysis data, uninstall the app. To prevent future access, revoke Health permissions in the Apple Health app.

6. Sharing, disclosure and third parties

• No sharing of HealthKit data: We do not share HealthKit workout data with third parties, advertisers, analytics providers, or other end points. No accessed HealthKit data is transmitted outside the device.
• Third-party services: The app does not currently integrate third-party analytics SDKs or ad networks. If a third-party service is added in the future, we will update this Privacy Policy and clearly describe what data (if any) is shared with that service. Payment or subscription providers may receive non-health information necessary to process payments (e.g., transaction identifiers), but health data will not be shared.
• Apple and diagnostics: Apple may collect diagnostic, usage and crash data in accordance with your iOS settings. If you enable iOS App Analytics or diagnostic sharing, Apple — not us — may receive device analytics. Consult Apple’s privacy resources for details.

7. Children / age restrictions

The app is not intended for children under the age required by applicable law to consent to processing of personal data. Users under the applicable age must not use the app.

8. Rights of the data subject

8.1 EU / GDPR and general

If you are in the European Union, the GDPR grants you a set of rights concerning your personal data. Below we list each right, a brief plain-language explanation, and the primary GDPR article that contains the right:

• Right to information in accordance with Article 15 GDPR: In particular, you have a right to information about your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data was or will be disclosed, planned storage period or the criteria for determining the storage period, the existence of a right to correction, deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if they were not collected from you by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed which guarantees pursuant to Article 46 GDPR when your data is forwarded to third countries exist;
• Right to rectification in accordance with Article 16 GDPR: You have the right to immediate rectification of incorrect data concerning you and/or completion of your incomplete data stored by us;
• Right to deletion according to Article 17 GDPR: You have the right to request the deletion of your personal data if the requirements of Article 17(1) GDPR are met. However, this right does not apply in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
• Right to restriction of processing in accordance with Article 18 GDPR: You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is being checked, if you refuse to delete your data because of inadmissible data processing and instead request the restriction of the processing of your data if you need your data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved or if you have lodged an objection for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;
• Right to information in accordance with Article 19 GDPR: If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
• Right to data portability in accordance with Article 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible, insofar as this is technically feasible;
• Right to revoke granted consent in accordance with Article 7(3) GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation;
• Right to lodge a complaint pursuant to Article 77 GDPR: If you believe that the processing of your personal data violates the GDPR, you have - without prejudice to any other administrative or judicial remedy - the right to lodge a complaint with a supervisory authority, in particular in the Member State where you live, work or where the alleged infringement took place.
• Health and fitness data accessed from HealthKit may constitute “special categories” of personal data under Article 9 of the GDPR. For European users, the legal basis for processing such data is the user’s explicit consent obtained via Apple’s Health permission flow on the device (Article 9(2)(a) GDPR and Article 6(1)(a) GDPR). Consent is obtained when you grant HealthKit read access in the iOS permission dialog.

8.2 California residents (CCPA/CPRA):

This section describes the rights of California residents under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

• No sale or sharing of personal information. We do not sell or share personal information, including HealthKit workout data, to third parties for monetary or other consideration. We also do not share or disclose HealthKit data for cross-context behavioural advertising.
• Right to know / access / deletion. California residents have the right to request (a) disclosure of the categories of personal information we collect, the categories of sources from which the information is collected, the business or commercial purpose for collecting or sharing personal information, and the categories of third parties with whom we share personal information; (b) a copy of the specific pieces of personal information we have collected about you; and (c) deletion of personal information we have collected from you, subject to certain legal exceptions.
• Right to opt-out of sale or sharing. Although we do not sell or share personal information, California residents have the right to opt-out of sales or sharing if such practices are initiated in the future.
• Right to limit use and disclosure of sensitive personal information. Under CPRA, Californians may request limitations on the use and disclosure of their sensitive personal information (which includes health information). The app currently uses health data only for on-device analysis and does not disclose or transfer such data; if this changes, we will provide a method to exercise limits and will update this policy accordingly.

9. Complaints / supervisory authority

EU / GDPR users:
If you believe your rights under applicable data protection law have been infringed, you have the right to lodge a complaint with a supervisory authority in your EU member state, or with the supervisory authority of your habitual residence, place of work or where the alleged infringement occurred.

California residents:
If you are a resident of California and believe your privacy rights under California law (CCPA/CPRA) have been violated, you may submit a complaint to the California Privacy Protection Agency (CPPA).

10. International transfers

We do not transfer, disclose or make accessible HealthKit workout or other health data to any third party or to servers located outside your device. All HealthKit data accessed by the app remains on your device.

11. Security

The security of your information is important to us, but remember that no method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

12. Disclaimers

We make no guarantees as to the suitability of this app for the user, or for any of its functionality, product price, accuracy, or usefulness, and will not be held responsible in the event that damage is incurred. As the app continues to evolve and new technologies are implemented, it may become necessary to update this Privacy Policy. We therefore recommend that you review this Privacy Policy regularly.