Privacy Policy
Last updated: June 18, 2026
Privacy isn't a feature of Athlr — it's the foundation. This policy explains what data the app handles, where it lives, and the choices you control. The short version: your activities are private by default, stored on your device, and never sold.
1. Data Stored On Your Device
When you record an activity, the following is stored locally in the app's database on your phone — not on our servers:
- GPS route points (location, altitude, speed, accuracy);
- Activity statistics (distance, time, pace, elevation, splits);
- Average heart rate captured via a paired Bluetooth monitor;
- Workouts imported from Apple Health or Google Health Connect, including heart rate and calories where available.
This data never leaves your device unless you explicitly share an activity.
2. Body Weight (Optional)
To personalise calorie estimates, you may optionally enter your body weight inside the app. If you do:
- Your weight is stored on this device only — it is never sent to our servers, never included in any network request, and never written to Firestore or any other cloud service;
- It is used solely to improve the accuracy of your per-activity calorie burn estimates, which are calculated locally;
- You can update or remove it at any time from your Profile settings.
3. Bluetooth Heart Rate Monitors
Athlr can optionally connect to Bluetooth Low Energy (BLE) heart rate monitors (such as chest straps and sport watches) during a recording session. When you use this feature:
- Bluetooth is used only during an active session when you explicitly tap “Connect HR Monitor”. The app never scans for Bluetooth devices in the background;
- Live heart rate readings are held in memory for the duration of the session and averaged into a single number (“Avg HR”) that is saved with the activity on your device;
- The averaged heart rate may be included in the activity summary if you choose to share the activity to the community feed (the same sharing choice you make for all other stats);
- No device identifier, Bluetooth address, or raw reading stream is stored or transmitted.
4. Data We Process In The Cloud
If you create an account and choose to share an activity to the community feed, we store the following with our cloud provider (Google Firebase):
- Your display name and email address (for authentication);
- Summary statistics of shared activities (distance, duration, pace, elevation, splits) and a static route thumbnail image;
- Kudos you give or receive.
Raw GPS point data is never uploaded — shared activities include only summary stats and a low-resolution map preview.
5. Health Data (Apple Health & Google Health Connect)
With your permission, Athlr reads and writes the following data types via Apple Health (iOS) or Google Health Connect (Android):
- Reads: Workouts, Heart Rate, Distance (walking/running/cycling/swimming), Active Energy Burned, Total Calories Burned, Flights Climbed, Steps, Elevation Gained.
- Writes: Workouts, Distance, Active Energy Burned — written only when you finish a recording session in Athlr, so your activities appear in your health record.
All health data is read into the on-device database only. We never upload health data to our servers. You can revoke access at any time:
- iOS: Open the Health app → tap your profile photo → Apps → Athlr → toggle individual data types off.
- Android: Open Health Connect → App permissions → Athlr → revoke any category.
6. What We Don't Do
- We don't sell or rent your personal data. Ever.
- We don't show ads or use advertising trackers.
- We don't access your location when you're not recording.
- We don't share data with third parties except the infrastructure providers listed below.
7. Service Providers
We rely on a small set of infrastructure providers to run the community features:
- Google Firebase — authentication and the community feed database;
- Google Maps Static API — generating route thumbnail images for shared activities;
- Vercel — hosting this website.
8. Your Choices & Rights
- Visibility: every activity defaults to “Only me” and can be changed or reverted at any time;
- Export: download any activity as a GPX file, free;
- Deletion: delete activities locally at any time; deleting your account removes all cloud data associated with it;
- Permissions: location and health access can be revoked at any time in your phone's system settings.
9. Data Retention
On-device data persists until you delete it or uninstall the app. Cloud data for shared activities persists until you make the activity private, delete it, or delete your account.
10. Children
Athlr is not directed at children under 13, and we do not knowingly collect personal information from them.
11. Changes To This Policy
If we make material changes to this policy, we'll notify you in the app before they take effect.
12. Contact
Privacy questions? Email privacy@athlr.brilworks.com.