Privacy Policy

1. Overview

Onfoot ("the App") is built on a simple principle: your health data is yours. This Privacy Policy explains what stays on your device, what limited analytics signals are sent, and how purchases are handled.

Dan Urbánek ("Developer", "we", "us") operates Onfoot. This policy applies to the Onfoot iOS app, watchOS companion app, and associated widgets.

2. Data We Collect

The only data Onfoot works with is:

• HealthKit data — read-only, processed locally on your device only
• Locally stored settings and cached step data — stored exclusively on your device
• Anonymous aggregate analytics events — privacy-safe product signals such as app launches, tab switches, paywall views, premium restores, and bucketed milestones

No account is required. No login is required. The developer does not operate a user account backend for your health data.

3. HealthKit Data

What We Access

Onfoot requests read-only access to the following Apple Health data types:

• Step Count — to display your daily and historical step totals
• Walking + Running Distance — to show distance covered
• Flights Climbed — to track stair climbing as part of your activity
• Active Energy Burned — to show calorie activity

How We Use It

HealthKit data powers the core app experience:

• Driving your daily progress ring and step totals
• Calculating trends, weekly and monthly summaries
• Awarding badges and tracking streaks
• Powering challenges and gamification features
• Populating Home Screen and Lock Screen widgets

All processing happens entirely on your device. We never write to Apple Health — Onfoot is strictly read-only. We never transmit HealthKit data to any server. We never share HealthKit data with third parties.

Your Control

• You grant explicit permission for HealthKit access when you first open the app
• You can revoke permissions at any time in iOS Settings → Privacy & Security → Health → Onfoot
• Without HealthKit access, the app will not display step data but will not crash or malfunction

4. Local Storage

Onfoot stores the following data locally on your device only:

• App Group UserDefaults (group.cz.dnesdan.onfoot): Step goal, streak data, premium flag, app settings, and widget-shared values. This App Group allows the iOS widget and Apple Watch app to read shared state without needing HealthKit access directly.
• JSON file cache: A local cache of your health history (step counts, distances) to avoid re-querying HealthKit on every launch. Stored on-device only, never transmitted.
• Widget data via App Group: Current step count, goal, and progress are written to the shared App Group container so widgets can display up-to-date information without accessing HealthKit.
• Badge & achievement history: Your earned badges, current and longest streaks, missions, and achievement history. Stored in UserDefaults on-device only.

All local data is:

• Protected by iOS device encryption
• Stored only on your device
• Not shared with third parties except for Apple-managed purchase handling and anonymous analytics delivery described below
• Automatically deleted when you uninstall the app

5. In-App Purchases

Payment Information

• Premium subscriptions and one-time purchases are handled by Apple via StoreKit 2
• Onfoot never sees your payment details, credit card numbers, or billing information
• Apple processes all transactions securely on their own servers

Purchase Record

• Premium status is verified locally using Apple's StoreKit 2 transaction verification (VerificationResult)
• The purchase record is stored locally on your device — Onfoot does not run its own subscription backend
• Restoring purchases is handled entirely by Apple

6. Internet Connectivity

7. Third-Party Services

The App does not include:

• ❌ No Google Analytics
• ❌ No Firebase or Google services
• ❌ No Facebook SDK or Meta services
• ❌ No advertising SDKs or ad networks
• ❌ No crash reporting services (Crashlytics, Sentry, Bugsnag, etc.)
• ❌ No social media integrations
• ❌ No cloud storage or backup services for your health data

Third-party services actually used by the app:

• Apple StoreKit — processes subscriptions, purchases, and restores
• TelemetryDeck — receives anonymous aggregate product analytics signals for product improvement

8. Data Sharing

• No raw HealthKit data is collected by the developer
• No raw HealthKit data is transmitted to any server
• No data is sold or shared with third parties
• No advertising or cross-app behavioural tracking
• No location tracking
• No advertising identifiers used

9. Children's Privacy

Onfoot is not directed at children under the age of 13. The App does not require an account and does not collect personal profiles. Health data remains on-device, and analytics events are anonymous aggregate product signals only.

10. Your Rights

GDPR (European Users)

Because health data stays on your device and the app does not maintain user accounts or personal profiles, most GDPR rights are satisfied by design. Specifically:

• Right of access: Your health data lives in Apple Health, which you fully control. No data is held by us.
• Right to deletion: Delete the app to remove all local app data. Revoke HealthKit access in iOS Settings to stop data access.
• Right to portability: Not applicable — we hold no data about you.
• Right to object: Revoke HealthKit permissions at any time in iOS Settings.

CCPA (California Users)

We do not sell personal data. We do not share personal data with third parties for advertising or commercial profiling. Anonymous aggregate analytics used for app improvement are not used for targeted advertising.

Deleting Your Data

To delete all Onfoot data from your device, simply delete the app. All locally stored settings, badges, streaks, and cached health data will be permanently removed.

11. Changes to This Policy

If we update this Privacy Policy, we will:

• Update the "Last Updated" date above
• Notify users via app update release notes if changes are significant

The current version of this policy is always available at ios.dnesdan.cz/onfoot/privacy-policy. Continued use of the app after changes constitutes acceptance of the updated policy.

12. Contact

13. Technical Details

Apple Frameworks Used

• HealthKit: Read-only access to steps, distance, floors climbed, and active energy (with your explicit permission)
• StoreKit 2: In-app purchase processing — handled entirely by Apple
• WidgetKit: Home Screen and Lock Screen widgets reading data from the shared App Group UserDefaults
• WatchConnectivity: iPhone ↔ Apple Watch sync of step goal and streak status over your personal local device connection — no internet required
• TelemetryDeck: Anonymous aggregate analytics for app quality and feature usage, configured not to send HealthKit values or personal profile data

Onfoot uses Apple system frameworks for the core experience and TelemetryDeck for privacy-focused aggregate analytics.

Data Retention

• HealthKit data: Stored in Apple Health on your device — controlled entirely by you
• Local app data (badges, streaks, settings, goal): Stored until you uninstall the app
• Health history cache: Stored on-device, refreshed from HealthKit, permanently deleted on uninstall
• Widget data: Stored in App Group shared container, deleted on uninstall
• Anonymous analytics events: Processed by TelemetryDeck according to its retention policy for aggregate analytics

Security

• All data processing happens on-device
• No raw HealthKit data leaves your device
• Network connections are limited to Apple purchase flows and anonymous analytics delivery
• Data protected by iOS device encryption
• No user accounts or authentication required

14. Compliance

This app complies with:

• ✅ GDPR (General Data Protection Regulation) — EU
• ✅ CCPA (California Consumer Privacy Act) — USA
• ✅ Apple HealthKit Usage Guidelines
• ✅ Apple App Store Review Guidelines