Data Processing & Retention Policy

1. Who We Are (Data Controller)

2. What This Policy Covers (Plain English)

• What data the AYF Android app uses
• Why it's used and how it's processed
• How long it stays on your device
• Your privacy rights and how to exercise them

3. Lawful Bases (UK GDPR)

We process your personal data under the following lawful bases:

• Contract (Art. 6(1)(b)): To provide the app's core functions and your account
• Consent (Art. 6(1)(a)): Location permissions. You can withdraw consent in Android Settings → Apps → Are You Faster → Permissions
• Legitimate interests (Art. 6(1)(f)): On-device performance optimization and security
• Special category data (Art. 9(2)(a)): Limited health-related inferences (pace, distance, calories, elevation) processed with your explicit consent when you start a run. Delete runs or your account to withdraw consent

4. Data We Use (On Your Device)

A. Account Information

Anonymous Mode (Default):

• Random UUID generated locally as your user ID
• No personal information collected
• No internet connection required

Google Sign-In (Optional):

• User ID (Google's unique identifier)
• Email address (optional - you can use limited account feature)
• Display name (optional)
• Profile photo URL (optional)

Storage: EncryptedSharedPreferences (AES256-GCM) for OAuth tokens, Room Database for profile

B. Location (GPS) - During Runs Only

What We Collect:

• GPS coordinates (latitude, longitude, altitude)
• Location accuracy (meters)
• Speed (meters/second)
• Timestamps for each location point
• Encoded polyline for route visualization

When Collected:

• Only during active runs (foreground service with notification)
• Background location ONLY while run is active (not when app closed)
• Persistent "Tracking Run" notification required by Android

Storage: Room Database (RunEntity.route field), encrypted if device encrypted

Retention: Until you delete the run or account (CASCADE delete)

C. Fitness & Activity Data (Derived)

• Distance (meters)
• Duration (seconds)
• Average & maximum speed (m/s)
• Elevation gain & loss (meters)
• Calculated calories burned
• Run start/end times
• Game mode, opponent animal, outcome (win/loss)
• XP earned, level, achievements unlocked

Purpose: Fitness tracking and gamification features

Storage: Room Database (RunEntity table)

D. Progress & Preferences

• Total XP, current level, lifetime statistics
• Unlocked achievements and challenge completions
• Units preference (km/mi)
• Map style (liberty, bright, dark)
• Audio/haptics/voice cues settings
• Accessibility toggles

Storage: DataStore Preferences (local only)

E. Device & App Information

• Device model (for support)
• Android API level (for compatibility)
• App version (for debugging)

Purpose: Displayed in Settings for user reference and support troubleshooting

NOT transmitted: This information stays on your device

5. Why We Use It (Purpose)

• Core Functionality: Track your runs and show maps/statistics
• Game Features: Power virtual animal opponents, achievements, XP system
• Personalization: Remember your preferences and accessibility settings
• Account Management: Link runs to your profile (if you sign in)

We do NOT use your data for:

• Advertising or marketing
• Third-party analytics
• Data brokering or selling
• Behavioral tracking
• Any purpose other than providing app features

6. How Long We Keep It (User-Controlled Retention)

• Run data & GPS routes: Kept per-run until you delete the run or delete your account
• Profile & progression: Kept for your account lifetime
• Preferences: Kept until you clear app data or delete account
• OAuth tokens: Kept until logout or account deletion

No Server Backups:

• We don't keep server copies (because there's no server for fitness data)
• Older data may exist only in your Android backups (Google Drive, local backups)
• To fully wipe data, delete account + clear Android backups

Account Deletion Effects:

When you delete your account (Settings → Account Management → Delete Account):

• ✅ User profile deleted (CASCADE deletes all runs)
• ✅ All GPS routes deleted
• ✅ All run history deleted
• ✅ All achievements and progression deleted
• ✅ Preferences cleared
• ✅ OAuth tokens cleared from EncryptedSharedPreferences
• ⚠️ This action is irreversible

7. Sharing & Transfers

Independent Controllers:

• Google (Google Sign-In): Handles authentication under their own privacy policy. We receive minimal fields (opaque ID, optional email/name/photo URL)
• Review Google's privacy policy: policies.google.com/privacy

Map Data:

• OpenFreeMap: Map tiles requested from self-hosted tile server (tiles.openfreemap.org)
• Data Sent: Tile coordinates (lat/lon bounding boxes) - NOT your GPS route
• Third Party: OpenStreetMap contributors (map data under ODbL license)

User-Initiated Sharing:

• Data Export: You choose where to export JSON via Android share sheet
• Run Sharing: Static image placard (NO GPS data included) via share sheet
• Your Control: All sharing is opt-in and user-triggered

No Third-Party Sharing:

• ✅ NO analytics services
• ✅ NO advertising networks
• ✅ NO social media auto-sharing
• ✅ NO data brokers

International Transfers:

• We don't transfer your fitness data to our servers (local-only design)
• OAuth authentication requests handled by Google with their transfer safeguards (SCCs/UK data bridge)
• Map tile requests handled by OpenFreeMap (HTTPS encrypted)

8. Your Rights (UK GDPR - Simple Path)

Email support@areyoufaster.com from your sign-in email to exercise your rights:

Right to Access (Art. 15)

• View all your data in-app (run history, statistics, account info)
• Request a copy via email (we'll help extract from device backup)

Right to Portability (Art. 20)

• Export your data in JSON format: Settings → Export My Data
• Machine-readable format for transfer to other fitness apps

Right to Rectification (Art. 16)

• Change display name/avatar in-app (Settings → Profile)
• Edit or delete individual runs

Right to Erasure / "Right to be Forgotten" (Art. 17)

• Individual Runs: Delete via run history screen
• Full Erasure: Settings → Account Management → Delete Account
• All data permanently wiped from device (irreversible)

Right to Restriction (Art. 18)

• Revoke location permissions in Android Settings → Apps → Are You Faster → Permissions
• Stop using the app temporarily without deleting data

Right to Object (Art. 21)

• Withdraw consent by revoking permissions or deleting account
• Stop using the app at any time

Response Time:

We respond to data subject requests within 1 month (extendable by up to 2 months for complex requests; we'll notify you within the first month).

Identity Verification: We verify your identity via your sign-in account to protect your privacy.

9. Security (What We Do)

Encryption:

• At Rest: EncryptedSharedPreferences with AES256-GCM for session tokens
• In Transit: HTTPS for all network calls (OAuth, map tiles)
• Database: Room database with default SQLite encryption (if device encrypted)

Access Control:

• Android app sandbox isolation
• No external server access to fitness data
• Clean cascade deletion to avoid data leftovers

Minimal Network Surface:

• Network calls limited to: OAuth authentication, map tiles
• No fitness data transmitted
• No tracking pixels or analytics beacons

Security Recommendations (Implemented):

• ✅ HTTPS-only network calls
• ✅ No cleartext traffic allowed (production)
• ✅ Secure credential storage (EncryptedSharedPreferences)
• ✅ Runtime permission requests with rationale

Breach Notification:

If a personal-data incident within our control ever posed risk to you:

• We'd notify the ICO within 72 hours (where required)
• We'd notify affected users without undue delay
• Our local-only design significantly limits central breach risk

10. Children (Age Restriction)

AYF is not intended for children under 13 years of age (COPPA/GDPR compliance).

• We do not knowingly collect personal information from children under 13
• If you believe an under-13 has used the app, contact us immediately
• We'll guide parent/guardian to remove account and all on-device data

Parental Guidance: Children 13-17 should use the app with parental consent and supervision.

11. Google Play Data Safety (FYI)

Our Google Play Data Safety form declares:

Data Collected:

• ✅ Location: Precise location for app functionality (required)
• ✅ Personal Info: Email, name, photos (optional, via Google Sign-In only)
• ✅ Health & Fitness: Fitness info for app functionality
• ✅ Device IDs: Generated UUID for anonymous users

Data NOT Collected:

• ❌ App activity / analytics
• ❌ Advertising IDs
• ❌ Photos, videos, audio (except optional profile picture via Google)

Security Practices:

• ✅ Data encrypted in transit (HTTPS)
• ✅ Data encrypted at rest (EncryptedSharedPreferences)
• ✅ User can delete data
• ✅ Data NOT shared with third parties
• ✅ Data NOT transmitted to servers (local-only)

12. Google OAuth Limited Use Policy

When you use Google Sign-In, we comply with Google API Services User Data Policy:

• Scope Minimization: We only request email, profile, openid scopes
• Limited Use: Data used ONLY for authentication and account management
• No Selling: We do not sell your Google account data
• Secure Storage: OAuth tokens stored in EncryptedSharedPreferences
• User Transparency: Clear disclosure in Privacy Policy
• Account Deletion: Google account data deleted when you delete AYF account

Review Google's Limited Use Policy: developers.google.com/terms/api-services-user-data-policy

13. Related Pages

• Privacy Policy (Android)
• Terms of Service (Android)
• Support & Contact
• Android Policy Hub

14. Changes to This Policy

If we update this policy, we'll change the "Effective Date" and show an in-app notice for material changes.

You can delete your account at any time if you disagree with updated policies.

15. Contact & Complaints

Supervisory Authority:

If you're not satisfied with our response, you have the right to lodge a complaint with: