Privacy Policy

1. Who We Are

Falcata Run is developed by Radim Simanek, an independent developer located in Switzerland. For the purposes of the General Data Protection Regulation (GDPR), Radim Simanek, Unterfeldstrasse 2, 4332 Stein, Switzerland, is the Data Controller. If you have questions about this policy, contact us at info@falcatarun.com.

2. Data We Collect

Health & Fitness Data

When you grant HealthKit permissions, the app reads and writes:

• Workout sessions (sprint type, duration, distance)
• Heart rate, resting heart rate, and heart rate variability
• Running dynamics (ground contact time, stride length, vertical oscillation, running power)
• Active energy burned
• Workout effort score (your self-reported RPE)

This data is stored in Apple HealthKit on your device and synced via iCloud Health under your Apple account. We do not have access to your iCloud Health data.

Motion Sensor Data

During sprints, the Apple Watch records accelerometer and gyroscope data at 100 Hz. This data is used to analyze:

• Sprint acceleration and deceleration curves
• Arm swing mechanics and range of motion
• Ground contact time and step cadence
• Stride symmetry and gait analysis

Curve data is stored locally on your device and in your personal iCloud Drive container. If you opt in to data sharing, anonymous curve data and sprint metrics may be securely uploaded to Firebase Firestore to help us improve our sprint detection algorithms. This data is not linked to your identity.

Location Data

When you grant location permissions ("While Using"), the app collects GPS coordinates during sprints to:

• Verify sprint distance
• Detect track curves and lane position (for 200m and 400m sprints)
• Record workout routes in HealthKit

Location data is only collected during active sprint sessions, not in the background.

Usage Analytics

We use Google Firebase Analytics (also referred to as Google Analytics) to understand how the app is used and to improve it. Analytics are collected in two tiers — a minimal always-on tier of baseline diagnostics, and a detailed opt-in tier that describes how you use the app.

Tier 1 — Baseline Diagnostics (always collected)

When the app launches, the Firebase SDK records baseline information needed to keep the app working, secure, and compatible across devices. This is collected under GDPR Article 6(1)(f) — legitimate interest in app stability, security, and compatibility, and does not require your consent (analogous to crash reports). It contains no information about how you use the app — no sprint data, no screen-by-screen navigation, no settings changes. It includes:

• App lifecycle markers (first install, app launches, app updates, OS updates)
• Approximate country, derived from your IP address at the moment of upload and then anonymized — your full IP is not stored long-term by Firebase
• App version, build number, OS version, device model, system language, time zone
• A random per-install device identifier (Firebase "app instance ID" — a UUID generated when you install the app, not linked to your name, Apple ID, IDFA, or any cross-app tracking identifier; reset on reinstall)

In addition to the Firebase SDK's automatic baseline, the app sends a small number of explicit reliability and integrity events under the same legitimate-interest basis. These events carry only technical metadata or short verdict labels — no sprint content (no times, distances, durations, routes, biomechanics), no screen-by-screen navigation, no settings changes:

• Watch→iPhone transfer reliability. When sprint data syncs from your Apple Watch to your iPhone, we record whether the transfer succeeded, failed, or was deferred, along with the file size in kilobytes, the transfer latency in seconds, and the retry count. Failed transfers also carry a short label naming the stage that failed (e.g. "encoding", "transport", "ack-timeout"). This lets us measure how reliably the Watch app is delivering workouts and diagnose sync regressions.
• Game Center leaderboard pipeline outcome. When a sprint at a leaderboard distance (100 m, 200 m, 400 m, 800 m) reaches the submission path, we record one short outcome label describing the verdict — one of "submitted", "validation_failed", "heart_rate", "elite_tier", "passport", "submit_error", or "not_authenticated" — together with which of the four fixed leaderboard buckets the sprint was attempted on (100 m, 200 m, 400 m, or 800 m), and, when the verdict is "validation_failed", a short reason code naming the anti-cheat rule that triggered (e.g. "gpsDistanceMismatch", "averageSpeedExceedsHumanLimit", "strideLengthTooShort"). For rejection outcomes, we additionally record a short board label ("all_time" or "monthly") indicating which of the two leaderboards the submission was attempting — these are the same four bucketed leaderboards (100/200/400/800 m), one all-time Hall of Fame and one rolling 4-week monthly board, with the monthly board running a relaxed subset of the same anti-cheat rules. The label lets us tune each board's gates independently. When the rule that triggered is GPS-based, we additionally record a signed integer delta in meters between the GPS-measured polyline and the rule's threshold (negative when the GPS reading is short of the threshold), capped at ±50 m. The delta is a measurement of the rule violation, not of how far you ran — it lets us tell whether rejected attempts cluster just below the threshold (suggesting the rule is too strict) or fall far below (suggesting genuine GPS loss or short-course attempts). When the verdict is "submitted", we additionally record the sprint time in milliseconds — the same integer score that was just submitted to the public Game Center leaderboard for that bucket. We log it under legitimate interest because it is the only way to verify, after the fact, that the score-submission pipeline produced a plausible time for each bucket (a successful submission of an implausibly fast time is itself an integrity signal that the anti-cheat gates failed to catch). The bucket is not a measurement of how far you ran; it is the leaderboard category you selected, drawn from a fixed set of four. The event carries no absolute measured distance, no route, no biomechanics, and no identifier of the sprint itself; the sprint time is recorded only on successful submission, where it is already a public score on Game Center. This lets us measure the integrity of the leaderboard pipeline and the false-positive rate of our anti-cheat gates per category, which is necessary for our legitimate interest in protecting leaderboard integrity from cheating.

Tier 1 exists solely so we can answer questions like "are installs alive in the wild," "which app versions are in use," "on which devices/OS versions do crashes cluster," "are Watch→iPhone transfers reliable," and "is the leaderboard pipeline working as intended." It cannot be disabled in-app. If you wish to opt out of Tier 1 as well, please uninstall the app or contact us at info@falcatarun.com to request data deletion.

Tier 2 — Detailed Usage Analytics (opt-in only)

If you opt in via the Settings toggle, the app additionally records anonymous events describing how you use it. This is collected under GDPR Article 6(1)(a) — consent, and you can revoke it at any time in the app's Settings. Examples:

• Workout lifecycle events (started, completed, cancelled)
• Sprint events (distance selected, sprint recorded, sprint metrics such as reaction time and false-start flag)
• Screen views and feature usage (e.g., dashboard viewed, sprint detail opened) — recorded as a standard screen_view event with the screen's name and class
• Settings changes (theme, notifications, audio detection)
• Game Center interactions (authentication outcome, score submitted, score rejected with reason, leaderboard or achievements viewed, achievement unlocked)
• Onboarding progress (started, step completed, completed) and app rating prompt outcomes
• Data management actions (backup exported / imported, session or sprint deleted, Watch sync triggered / completed / failed, automatic recovery actions)
• Sprint validation audit data (per-sprint anti-cheat audit: distance, GPS margin percentage, trust score, validation status, anomaly count and types, GPS verification status). Used to monitor anti-cheat accuracy. No sprint identifier is included.

Tier 2 events are anonymous — they are tagged with the same per-install UUID as Tier 1 and contain no personal identifiers. Sprint workout data included in Tier 2 (such as distance, duration, and performance metrics) is used exclusively to improve the app's algorithms and features — never for advertising or marketing.

Advertising Data — Never Collected

Regardless of which tier is active, the app sets Firebase's ad-related consent signals (ad_storage, ad_user_data, ad_personalization) to denied. We do not request the iOS App Tracking Transparency permission, do not collect the IDFA, and do not enable Google Signals or any cross-product profiling.

Crash Reports

If the app crashes, we receive an anonymized crash report including the stack trace, device model, and OS version. This helps us fix bugs. Crash reports are collected under GDPR Article 6(1)(f) (legitimate interest in app stability) and do not require opt-in consent.

3. Data We Do Not Collect

• Name, email address, or other personal contact information
• Age, gender, or demographic data
• Photos, microphone audio, or camera data
• Advertising identifiers (IDFA)
• Cross-app tracking data
• Background location data

The app does not require you to create an account.

4. Third-Party Services

Data sent to Google Firebase is processed in accordance with Google's Firebase Privacy Policy. Google acts as a data processor on our behalf and does not use this data for advertising purposes. When data is transferred to Google servers outside of the European Economic Area (EEA), it is protected by Standard Contractual Clauses (SCCs) as required by the GDPR.

5. Sprint Data Collection for App Improvement

The same Tier 2 opt-in described in Section 2 also enables uploads of anonymous sprint session data — motion sensor curves (100 Hz accelerometer and gyroscope), sprint metrics, and GPS-derived distance measurements — to Firebase Firestore and Firebase Storage. This is collected under GDPR Article 6(1)(a) — consent, and you can opt out at any time in the app's Settings. The same toggle controls Tier 2 events and sprint uploads; they are not separable. This data is used exclusively to:

• Analyze sprint detection accuracy and improve algorithms
• Debug reported issues
• Validate performance analysis features

Uploaded data does not include your name, Apple ID, or any personal identifiers.

6. How We Use Your Data

All data we collect is used solely to:

• Provide sprint tracking and performance analysis features
• Sync your data across your Apple Watch and iPhone
• Improve app stability and fix bugs
• Improve sprint detection algorithms and performance analysis using anonymous workout data
• Understand feature usage to guide development
• Validate sprint results for leaderboard integrity (via Apple Game Center)

We do not sell, rent, or share your data with third parties. We do not use your data for advertising, ad targeting, or marketing purposes. All data collection exists solely to improve Falcata Run.

7. Data Storage and Security

• On-device: Health data is stored in Apple HealthKit's encrypted store. Curve data is stored in your iCloud Drive container. App settings are stored in the app sandbox.
• In transit: All data transferred between your Watch and iPhone uses Apple's encrypted WatchConnectivity framework. All data sent to Firebase uses HTTPS/TLS encryption.
• Cloud: Firebase data is stored in Google Cloud infrastructure with encryption at rest.

8. Data Retention

We retain collected data for the minimum period necessary:

• HealthKit data is retained according to your Apple Health settings and is under your control.
• iCloud Drive data is synced across your devices (iPhone, Apple Watch, iPad) and retained as long as you use the app. You can delete individual sprints from within the app.
• Firebase Analytics data is retained for 2 months, then automatically deleted.
• Crashlytics data is retained for 2 months, then automatically deleted.
• Firestore sprint data (opt-in only) is retained for 6 months to allow sufficient data for improving sprint detection algorithms, then automatically deleted. This data is used exclusively to improve the app — never for marketing, advertising, or any other purpose.

9. Your Rights

You can:

• Delete your sprint data from within the app at any time
• Revoke HealthKit permissions in Settings > Health > Data Access & Devices
• Revoke location permissions in Settings > Privacy & Security > Location Services
• Export your data using the app's backup feature
• Opt out of Tier 2 usage analytics and sprint data uploads at any time in the app's Settings. Tier 1 baseline diagnostics cannot be disabled in-app — to opt out of Tier 1, uninstall the app or email us to request deletion
• Request deletion of any data stored in Firebase by contacting us at info@falcatarun.com
• Lodge a complaint with your local data protection supervisory authority if you reside in the EEA or UK

10. Children's Privacy

Falcata Run is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with data, please contact us and we will delete it.

11. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the app after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this privacy policy or your data, contact us at:
info@falcatarun.com