Privacy Policy

Your data stays on your device. We sell nothing. GDPR compliant.

📋 TL;DR

✓ 100% offline operation — all riding data stays on your device
✓ Anonymous analytics are opt-in only, and contain no GPS, email, or personal data
✓ Waitlist emails: kept only to notify you of launch, deletable on request
✓ No third-party tracking, no advertising networks, no data sold
✓ GDPR + Austrian DSG compliant, processed in EU

Part A — Website (mtbcoach.app)

Data Controller

Dipl.-Ing. Mihajlo Grmaš, Gmeinstraße 12b/12, 8055 Graz, Austria. Contact: privacy@mtbcoach.app

Android Notify Form

When you sign up for Android launch notification, we store:

Email address — to send a single launch notification
Language — to send the email in your preferred language
SHA-256 hashed IP — for rate-limiting only, cannot be reversed
Timestamp — for capacity tracking

Legal basis: consent (GDPR Art. 6(1)(a)). Retention: until launch + 30 days, then deleted automatically. Right to deletion: email privacy@mtbcoach.app with your address.

Plausible Analytics

We use Plausible Analytics, a privacy-friendly EU-based analytics service. Plausible:

Does not use cookies
Does not track you across sites
Does not collect personal data (just country, browser, page views)
Hosts data in the EU (Germany)

No consent banner is needed under GDPR ePrivacy guidelines.

Hosting

The website is hosted by Hostinger (Lithuania, EU). Server logs (standard Apache logs with IP + user agent) are retained 7 days for security purposes only.

Part B — Mobile App (MTBCoach for iOS, Android)

100% offline by default.

All riding data — sessions, scores, GPS tracks, history — is stored only on your device's local SQLite database. None of it is transmitted unless you explicitly opt in.

Data Stored Locally (on your device only)

GPS tracks of your rides
Accelerometer / gyroscope / barometer sensor data
Flow Score breakdown and history
Session metadata (location name, duration, run count)
App preferences (skill level, coaching mode, language)
Emergency contact phone number (if you set one)

Opt-in Anonymous Analytics

You can optionally enable anonymous analytics in Settings → Privacy. When enabled, we transmit only:

Aggregated Flow Score (number)
Session duration (number)
Country (from app store region)
App language
Random anonymous device ID (regenerated yearly)

Never transmitted: email, name, GPS coordinates, IP address, emergency contact, accelerometer raw data.

Strava Integration (Optional, opt-in)

If you connect Strava, MTBCoach uses Strava's OAuth flow. You authorize on Strava's website — we never see your password. We only request the "activity:write" scope to upload your ride. You can disconnect at any time.

Crash Detection & Emergency Contact

If you set an emergency contact and crash detection triggers, the app may call or SMS that number with your GPS location, using your phone's native dialer/SMS — no data passes through our servers.

In-App Purchases

Processed entirely by Apple App Store (and Google Play when available). We see only purchase receipts, not your payment details. See Apple's privacy policy for details.

Your Rights (GDPR)

Right to access: request a copy of any data we hold about you
Right to deletion: we delete your data within 30 days of a request
Right to rectification: correct any wrong data
Right to data portability: export your in-app data anytime via Settings → Export
Right to object: opt out of analytics in Settings → Privacy
Right to lodge a complaint: with the Austrian DSB (dsb.gv.at)

Contact for all data requests: privacy@mtbcoach.app

Last updated: May 14, 2026 · Version 2.0 (Phase 2)