Oarsum

Privacy

Oarsum is a kayaking and paddle-sports app for iPhone and Apple Watch, plus the oarsum.com website. This page explains what data Oarsum collects, what stays on your device, what we receive when you contact us or opt into analytics, and the controls you have.

The short version

Your trips, routes, and metrics are stored on your device using Apple’s SwiftData.
Precise GPS, motion, and HealthKit data are processed on-device and not uploaded as raw routes or raw samples.
With your permission, Oarsum reads heart rate, active energy, paddle-sports distance, workouts, and workout routes from Apple Health, and writes Oarsum-recorded paddle workouts (with active energy, paddle-sports distance, and the workout route) back to Apple Health.
Apple handles all subscription payments. Oarsum never sees your card details.
We do not sell your data, do not run ads, and do not track you across other apps or sites.
You can use core paddle tracking without an account. Sign in with Apple is optional and used for Oarsum+ and account-backed support context.

1. Scope

This policy covers the Oarsum iOS app, the Oarsum watchOS app, and the oarsum.com website (including contact, invite, support, and feedback forms). “Oarsum,” “we,” and “us” refer to Eric Shine, the developer of Oarsum, based in the United States.

2. Data stored on your device

Oarsum is local-first. The following are stored in Apple’s SwiftData on your iPhone (and on your Apple Watch where applicable):

Trip records (name, start/end time, duration, status, identifier).
Route data (latitude, longitude, altitude, accuracy, speed, timestamps).
Aggregated stroke metrics (stroke count, average stroke rate, distance per stroke). Raw accelerometer data is processed on-device and not retained.
Heart rate and energy summaries associated with a trip.
App settings, preferences, and your in-app history.

This data is sandboxed by iOS and protected by iOS file protection. If you have iCloud Backup enabled for Oarsum, your device backup may include Oarsum data; this is controlled in iOS Settings under your Apple Account.

3. Data Oarsum uses with your permission

Location (precise GPS)

When you start a paddle session, Oarsum uses CoreLocation to record precise GPS while recording is active. This is used to draw your route, calculate distance and speed, and power on-device metrics. Location data is processed and stored on your device. It leaves your device only when you choose to export a GPX file or share it, or if you opt into the coarse regional analytics described below.

Manage in iOS Settings → Privacy & Security → Location Services → Oarsum.

Motion & Fitness (CoreMotion)

With your permission, Oarsum uses the device accelerometer to detect paddle strokes and calculate cadence and distance per stroke. Raw accelerometer streams are not stored; only the aggregated stroke metrics for the trip are saved.

Manage in iOS Settings → Privacy & Security → Motion & Fitness → Oarsum.

Apple Health (HealthKit)

With your permission, Oarsum integrates with Apple Health in both directions:

Reads heart rate, active energy burned, paddle-sports distance, workouts, and workout routes so it can show paddle metrics and reconcile sessions recorded on Apple Watch or another paddling app.
Writes Oarsum-recorded paddle workouts back to Apple Health when you grant write permission. The written workout includes active energy burned, paddle-sports distance, and the associated workout route. Oarsum can also delete Oarsum-authored workouts and their attached route samples on your request.

HealthKit permissions are granular. You can grant read access without granting write access, and you can change either at any time in iOS Settings → Health → Data Access & Devices → Oarsum. Revoking access does not delete data already stored in Apple Health or in Oarsum’s on-device records; you can remove those in the Health app and in Oarsum respectively.

Notifications and Live Activities

Oarsum uses ActivityKit to show a Live Activity for the current session on the Lock Screen and Dynamic Island. This data stays on your device.

4. Sign in with Apple and Oarsum+

You can use core paddle recording, route viewing, local trip history, duration, distance, heart rate, and active energy without an account.

Sign in with Apple is optional. If you choose to sign in, Apple shares a stable identifier and (at your choice) your name and a real or relay email address. Oarsum uses this to associate your Oarsum+ entitlement with your Apple account, to provide account-backed support context, and to support future cross-device features.

Oarsum+ is an optional auto-renewable subscription that unlocks advanced analytics, Paddle Intelligence, records, trends, stroke analysis, and GPX export beyond the included free allowance. All payments are handled by Apple through the App Store; Oarsum receives only the subscription/entitlement status from StoreKit and never sees your card, billing address, or Apple ID password.

You can manage or cancel your subscription in iOS Settings → [Your Name] → Subscriptions.

5. Data sent to Oarsum’s backend (Supabase)

Oarsum operates a small private backend on Supabase to handle support, diagnostics, and optional analytics. The backend receives only what is described below — it does not receive raw routes, ordered GPS points, raw HealthKit samples, or full trip replay history.

Support, contact, feedback, and bug reports. When you submit a message from the app or the website, we receive the message text, the topic or category you selected, an optional name and reply email, the app version and build, and limited device/app context needed to reply or debug.
Optional support profile context. If you opt in from in-app Settings, Oarsum may sync the profile fields and aggregate context you chose to share so a future support reply has useful background.
Diagnostics. Minimal pseudonymous diagnostics may include app launches, session counts, sanitized last-known screen or action, app version and build, and crash/hang summary counts.
Optional aggregate analytics. If you enable the corresponding switch in Settings, Oarsum may upload daily trip summary rollups (e.g., trip count, total duration, total distance) and aggregate fitness totals (e.g., workout count, total active energy).
Optional coarse heat-map cells. If you enable regional analytics, Oarsum may upload coarse geohash cells derived from a trip rather than raw GPS points or route order, so popular paddling regions can be shown without revealing your exact route.
Optional shared routes. If you enable route sharing, Oarsum may send simplified route contributions and related trip summaries to CloudKit for the shared-route feature. Support messages, diagnostics, and analytics use Supabase rather than CloudKit.

These uploads are keyed to a random per-install identifier (and, for signed-in users, to your Sign in with Apple identifier) so the backend can deduplicate, rate-limit, and count active devices. They are pseudonymous, not anonymous: combined with other information they could in principle be re-identified, which is why we keep them minimal and retain them only as long as needed.

6. Website forms and Cloudflare

The oarsum.com website includes contact, invite, support, and feedback forms. If you submit one, we store the details you provide (name, email, message, paddling context, Apple setup, request category) along with operational details such as timestamps, source page, basic request context, a country signal, spam-protection status, and internal follow-up notes. We use this to reply to you, manage TestFlight interest, handle support and feedback, prevent abuse, and improve the launch experience.

The website is served through Cloudflare Pages and may use Cloudflare’s privacy-preserving Web Analytics and security services. Cloudflare Web Analytics is cookieless and does not use cross-site identifiers; it helps us understand site traffic and protect forms from abuse without a third-party ad tracker. The website currently ships with a noindex meta tag while Oarsum is in prelaunch.

7. What Oarsum does not do

We do not sell, rent, or trade your data.
We do not show ads or use advertising identifiers for ad targeting.
We do not track you across other apps or websites.
We do not upload raw GPS routes, ordered GPS points, full trip replay history, or raw HealthKit samples to our backend.
We do not require an account to record paddles or use core features.

8. Apple frameworks Oarsum uses

Oarsum is built on Apple frameworks that run on your device: SwiftUI, SwiftData, CoreLocation, CoreMotion, HealthKit, MapKit, ActivityKit, CloudKit, and StoreKit 2. Maps and routes are rendered with MapKit (Apple Maps); Apple’s Maps Terms of Use apply. Map data may be inaccurate or incomplete. Do not rely on Oarsum for navigation — carry proper charts and know your route before launching.

9. Retention and deletion

Trip, route, location, motion, and health-summary data is retained on your device for as long as the trip exists. Deleting a trip removes it from your device.
Uninstalling Oarsum removes all on-device app data. (Removing data already saved to Apple Health is done in the Health app; removing data already exported is up to you.)
Support messages, feedback, bug reports, and optional support-profile records are retained only as long as needed to respond, debug, and improve Oarsum, and can be deleted on request.
Pseudonymous diagnostic and aggregate analytics records use rotating per-install identifiers and are retained for a limited operational window.
To request deletion of records associated with your support submissions or app-install identifiers, email [email protected]. Some records may be retained where we have a legal obligation or where deletion is not technically feasible (for example, within encrypted infrastructure backups).

10. Your choices and controls

Location: iOS Settings → Privacy & Security → Location Services → Oarsum.
Motion & Fitness: iOS Settings → Privacy & Security → Motion & Fitness → Oarsum.
Apple Health: iOS Settings → Health → Data Access & Devices → Oarsum (read and write toggles are independent).
Notifications and Live Activities: iOS Settings → Notifications → Oarsum.
Subscriptions: iOS Settings → [Your Name] → Subscriptions.
Optional analytics, support profile sharing, and regional analytics: toggles inside Oarsum’s in-app Settings.
Access, correction, or deletion requests: for app-related records, email [email protected].

Depending on where you live, you may have additional rights under laws such as the GDPR, UK GDPR, or CCPA/CPRA — including the right to access, correct, delete, port, or object to processing of your personal data, and the right to lodge a complaint with your supervisory authority. We do not sell or share personal information as those terms are defined under CCPA/CPRA. To exercise any of these rights, contact the email addresses above.

11. Children’s privacy

Oarsum is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact [email protected] and we will take appropriate steps. Parents and guardians can use iOS Screen Time and the Privacy settings above to manage app and permission access.

12. International processing

Oarsum is developed in the United States. On-device data stays on your device and is subject to the laws of where you use the app. Support messages, diagnostics, optional aggregate analytics, and optional support-profile context may be processed by Supabase infrastructure outside your country of residence. Where required, we rely on appropriate safeguards for international transfers.

13. Security

On-device data is protected by iOS sandboxing and file protection. Network communication between Oarsum and our backend, and between your browser and the website, uses HTTPS/TLS. We do not store passwords, payment credentials, or API keys on your device beyond what Apple provides through Sign in with Apple and StoreKit. No system is perfectly secure; please keep iOS and Oarsum up to date and protect your device with a passcode.

14. Changes

We may update this policy as Oarsum evolves. When we do, we will update the “Last updated” date below and, for material changes, surface a notice in the app or on the website.

15. Contact

App privacy, website forms, and support: [email protected]

Last updated April 29, 2026.