Privacy Policy for Oarsum

Effective Date: April 1, 2026 Last Updated: May 24, 2026 Developer: Eric Shine Contact: [email protected]

1. Overview

Oarsum ("App," "we," "our," or "us") is a kayaking and paddle sports tracking application developed by Eric Shine for iOS 26+. We are committed to protecting your privacy and being transparent about how we collect, use, and store your data.

Key privacy principle: Your data belongs to you. Oarsum keeps your trips, routes, and trip history local-first on your device using Apple's SwiftData framework. We also operate private backend services for support messages, diagnostics, optional aggregate analytics, water-pack delivery, and Oarsum water-name database corrections. Raw routes, ordered GPS points, trip history, exact launch/end points, Apple Maps names, and raw HealthKit samples are not uploaded to those services unless you explicitly attach route points to a support report.

2. What Data We Collect

2.1 Location Data (GPS)

What we collect: When you start a paddle session, Oarsum records your precise GPS location at regular intervals to track your route, calculate distance traveled, and measure your speed and speed variations.

Specific data:

  • Latitude and longitude
  • Altitude (elevation)
  • Horizontal accuracy
  • Speed (calculated from location updates)
  • Timestamp for each location point

Why we collect it:

  • Display your paddle route on the map
  • Calculate total distance, average speed, and maximum speed
  • Create a trip history you can review, export, or share
  • Measure distance per stroke (DPS), an advanced paddling metric

Where it's stored: All precise location data is stored locally in SwiftData on your device. Precise GPS tracks are not uploaded to our backend. Location data leaves your device only when you:

  • Explicitly export a trip as a GPX file (standard GPS file format)
  • Share a GPX file with another person or service of your choice
  • Enable optional Community Water Evidence / water matching analytics, which may send reduced water-match signals such as confirmation or correction outcomes, candidate/confidence buckets, GPS quality buckets, coarse or bucketed water-area support, pack/version context, and optional watercraft or experience buckets. Raw route points, route order, Apple Maps names, and raw HealthKit samples are not uploaded for map improvement.
  • Save, confirm, reject, or correct a water body name, which may send the selected or typed water name, Oarsum database candidate identifiers, candidate ranks or confidence buckets, pack/version context, and coarse route sample cells for Oarsum's private water-name review system. This does not send your full route, route order, exact launch location, exact end location, HealthKit data, or Apple Maps names.

How to control it:

  • You can deny location permission in iOS Settings > Oarsum > Location
  • If you deny permission, the App cannot record new paddle sessions
  • Existing location data remains on your device; you can delete trips manually in the App
  • You can revoke permission at any time; previously recorded trips are unaffected

2.2 Health Data (HealthKit)

What we collect and save: With your permission, Oarsum uses Apple HealthKit to read fitness data for paddle metrics and save Oarsum-authored paddle workouts back to Apple Health.

Specific data:

  • Heart rate (beats per minute) during paddle sessions
  • Active energy / calorie burn (kilocalories) during paddle sessions
  • Paddle-sports distance
  • Paddle workouts
  • Workout routes associated with paddle sessions

Why we collect it:

  • Display average and peak heart rate during your paddle
  • Show estimated energy expenditure (calories burned)
  • Save Oarsum-recorded paddle workouts, paddle-sports distance, active energy, and workout routes to Apple Health when you grant write permission
  • Help you track fitness progress over time

Where it's stored: Heart rate, calorie, distance, workout, and route summaries associated with your paddle sessions are stored locally in Oarsum's SwiftData database on your device. Oarsum also writes Oarsum-authored paddle workout records to Apple Health when you grant Health write permission. Raw HealthKit samples and Apple Health workout routes are not transmitted to our backend. If you enable optional fitness analytics, Oarsum may upload daily aggregate fitness totals such as workout count and total active energy.

How to control it:

  • You can deny HealthKit access in iOS Settings > Health > Data Access & Devices > Oarsum
  • If you deny permission, Oarsum will not display heart rate or calorie data, but the App continues to function
  • Revoking HealthKit permission does not delete previously recorded heart rate or calorie data in Oarsum
  • Oarsum can delete Apple Health workouts and workout routes that Oarsum authored when you choose to delete both the paddle and its Health data; iOS does not allow Oarsum to delete Health records authored by other apps
  • You can manually delete trip records that contain health data from within the App

2.3 Motion Data (CoreMotion)

What we collect: With your permission, Oarsum uses your device's accelerometer to detect paddle strokes and measure stroke rate, cadence, and stroke count.

Specific data:

  • Accelerometer data (device motion)
  • Calculated stroke count per session
  • Average stroke rate (strokes per minute)
  • Distance per stroke (DPS), derived from distance and stroke count

Why we collect it:

  • Accurately measure your paddling cadence and efficiency
  • Provide SWOLF-equivalent metric (distance per stroke) for kayaking
  • Help you track technique improvements over time

Where it's stored: Motion data is processed on your device and only aggregated stroke counts and rates are stored in your trip record. Raw accelerometer data is not stored. Stroke metrics are stored locally in SwiftData; optional analytics may send aggregate stroke totals only.

How to control it:

  • You can deny motion permission in iOS Settings > Oarsum > Motion & Fitness
  • If you deny permission, stroke metrics will not be recorded, but the App continues to function
  • Revoking motion permission does not delete previously recorded stroke data

2.4 Trip Metadata

What we collect: To organize and manage your paddle sessions, Oarsum stores the following information:

Specific data:

  • Trip name (user-entered or AI-generated)
  • Start and end date/time
  • Total duration
  • Trip completion status (active vs. completed)
  • Unique trip identifier

Why we collect it:

  • Organize your paddle history in a searchable list
  • Display session summaries with duration and date
  • Enable trip editing, deletion, and export
  • Provide trip-level statistics and analytics

Where it's stored: Trip metadata is stored locally in SwiftData; optional analytics may send aggregate daily trip counts and totals only.

2.5 Water Body Names and Corrections

What we collect: Oarsum uses a private water-name database to suggest lake, bay, river, and other water body names for your paddles. When you choose, approve, reject, edit, or manually enter a water body name, Oarsum may send a privacy-minimized correction event to Oarsum's backend review system.

Specific data:

  • The water body name you selected or typed
  • Oarsum database candidate identifiers, candidate ranks, confidence buckets, and match-quality fields when available
  • Coarse route sample cells derived from reduced route evidence used for local recommendations
  • App version/build, installed water-name pack version, and a pseudonymous install identifier used for deduplication, rate limiting, and abuse prevention
  • Optional Community Water Evidence context such as GPS quality buckets, pack/version context, and optional watercraft or experience buckets when you have enabled the related sharing setting

Why we collect it:

  • Save the correct water body on your paddle
  • Improve future Oarsum water-name recommendations
  • Identify missing, ambiguous, incorrectly ranked, or incorrectly matched water bodies for private review
  • Help maintain Oarsum's water database without uploading full routes

Where it's stored: The water name is saved locally on your trip. Correction events are staged through Oarsum's private Cloudflare backend and may be mirrored into private Supabase review tables for approval and database maintenance. User corrections do not automatically change the published Oarsum water-name database.

What is not sent: Water-name corrections do not include raw route points, full route geometry, launch coordinates, end coordinates, route replay history, HealthKit samples, heart rate, calories, motion data, or Apple Maps place names collected in the background.

3. Data We Do NOT Collect

To be clear, Oarsum does not:

  • Require user accounts, registration, or login
  • Collect or use cookies or advertising identifiers for tracking
  • Upload raw routes, ordered GPS points, trip IDs, or trip replay history to Supabase except only when you explicitly attach route points to a support report
  • Upload raw routes, ordered GPS points, trip IDs, trip replay history, exact launch points, or exact end points as part of water-name corrections
  • Upload raw crash logs, stack traces, or full diagnostic dumps in the current release
  • Share data with advertising networks or data brokers
  • Sell, rent, or trade your data
  • Use HealthKit or location data for purposes other than what you see in the App
  • Include ads, in-app browser tracking, or behavioral profiling
  • Collect information about other apps on your device
  • Access your contacts, photos, or other personal data

4. Data Storage and Security

4.1 Local-First Storage

Oarsum stores trips, routes, health summaries, and stroke metrics locally on your iOS device using Apple's SwiftData framework. SwiftData provides:

  • Automatic encryption — Data is encrypted on disk using iOS file protection
  • Sandboxing — App data is isolated from other apps and inaccessible to other apps or malicious software
  • Local-first trip storage — Your trip history is not synced to an Oarsum account or cloud trip database in this release

4.2 Support, Diagnostics, Water-Name Corrections, and Pseudonymous Analytics Backend

  • If you use iCloud Backup and have enabled App Data backup, your Oarsum data may be included in your iCloud Backup. This is controlled by your iOS Settings > [Your Name] > iCloud > iCloud Backup
  • You can exclude Oarsum from iCloud Backup if you prefer; this does not affect data on your device
  • Oarsum uses private backend services, including Cloudflare and Supabase, to receive support/contact messages, bug reports, feature requests, pseudonymous diagnostics, optional aggregate analytics, private water-pack requests, and water-name correction review data
  • If you contact the developer in the App, Supabase receives the message text, selected topic/category, optional name, optional email address, app version/build, and limited device/app context needed to reply or debug
  • If you submit a trip-trouble support report, route attachment is off by default; route points are sent only when you explicitly attach route points to a support report
  • If you opt into profile/support sharing, Supabase may receive the profile fields and aggregate support context you chose to share, keyed to a random app-install ID rather than an Oarsum account
  • Minimal diagnostics may include app launches, sessions, crash or hang summary counts, app version/build, and sanitized last-known screen or action
  • Optional analytics may include daily trip summaries, Community Water Evidence / water matching analytics, and aggregate fitness totals when you enable those switches in Settings
  • Product analytics may use PostHog when that SDK is linked/configured and you enable general analytics. These events are limited to sanitized app/product events, screen names, app/version context, and bucketed or non-sensitive properties. Oarsum disables PostHog autocapture, session replay, surveys, feature-flag preload events, and default person profiles, and must not send raw routes, exact coordinates, water names, email addresses, Apple IDs, Supabase IDs, raw HealthKit samples, exact trip metrics, payment details, or cross-app tracking data to PostHog.
  • Water-name correction data may include selected or typed water body names, Oarsum database candidate identifiers, pack version, and coarse route sample cells used to review or improve Oarsum's private water database
  • These uploads use app-install identifiers so the backend can prevent duplicates, rate-limit spam, and count active devices without creating an account system

4.3 Security Practices

  • Oarsum does not transmit trip data over the network except when you explicitly export (GPX), share files, or explicitly attach route points to a support report
  • Oarsum also transmits support messages, pseudonymous diagnostics, optional aggregate analytics, private water-pack requests, and water-name correction events described in this policy
  • No passwords, encryption keys, or credentials are hardcoded
  • All network communication uses HTTPS/TLS
  • Oarsum complies with iOS security best practices and Apple App Store security guidelines

4.4 Data Retention

  • Location, health, and motion data is retained as long as the trip record exists
  • Deleted trips are permanently removed from your device
  • Exporting a trip does not delete it from Oarsum; you must manually delete the original
  • We do not retain copies of exported files; data you export is your responsibility to manage
  • Short-lived rotating app-install hashes used for diagnostics dedupe and Community Water Evidence thresholding expire automatically from the backend
  • Support messages, feedback reports, and support profile records are retained only as long as needed to respond, debug, and improve the App

5. In-App Purchases and Payment Data

5.1 Overview

Oarsum is free to download, and core paddle recording, routes, duration, distance, heart rate, calories, and local trip history are available without a subscription or account.

Oarsum+ is an optional auto-renewable subscription for advanced Oarsum-calculated stats, Paddle Intelligence, records, trends, patterns, efficiency, stroke analysis, and GPX export after the included free GPX export. Oarsum+ may be offered as Seasonal Pass and Annual Pass subscriptions. No Apple introductory offer or Apple free trial is configured for v1.

5.2 Payment Information

  • Apple handles all payments. We do not collect, store, or process credit card numbers, billing addresses, or payment methods
  • Payment processing is handled entirely by Apple through the App Store
  • Apple provides transaction and entitlement status needed to unlock Oarsum+ and provide purchase support
  • Your billing information is stored securely in your Apple ID account, not on Oarsum's servers or devices

5.3 What's Offered

  • Core paddle recording, route viewing, local trip history, duration, distance, heart rate, and calories remain usable without purchase.
  • Oarsum+ unlocks advanced aggregate stats, Paddle Intelligence, records, trends, patterns, efficiency, stroke analysis, and GPX export after the included free export allowance.
  • Oarsum+ renews automatically unless cancelled through your Apple ID account settings at least 24 hours before the current period ends.
  • Earlier one-time tip products, if present in App Store Connect, are no longer part of the app experience and do not unlock features.

6. Third-Party Services

Oarsum does not use third-party services for advertising, cross-app tracking, or behavioral profiling.

Oarsum uses Cloudflare for private water-pack delivery and water-name correction ingestion. Cloudflare may process:

  • App Attest-protected requests from the app
  • Private water-pack download requests
  • Water-name correction events, including selected or typed water names and coarse route sample cells
  • Private review/archive records used to improve Oarsum's water database

Oarsum uses Supabase for support messages, diagnostics, optional aggregate analytics, and mirrored water-name correction review summaries. Supabase processes:

  • Contact messages, bug reports, feature requests, optional reply email addresses, and limited device/app context when you submit them
  • Optional profile/support context you choose to share in Settings
  • Minimal diagnostic summaries needed to keep the app reliable
  • Optional daily trip summary rollups
  • Optional Community Water Evidence / water matching analytics
  • Optional aggregate fitness totals
  • Review-ready water-name correction summaries mirrored from Cloudflare for private approval and database maintenance

Supabase does not receive raw trip routes, ordered GPS points, full trip history, exact launch/end points, or raw crash logs from the app except when you explicitly attach route points to a support report. Water-name correction mirrors use coarse route evidence, not full routes.

Oarsum may use PostHog for optional product analytics when the SDK is linked/configured and you enable general analytics. PostHog may receive sanitized product event names, screen names, app/version context, and bucketed or non-sensitive event properties. PostHog must not receive raw routes, exact coordinates, water names, email addresses, Apple IDs, Supabase IDs, raw HealthKit samples, exact trip metrics, payment details, session replay, autocaptured screen contents, advertising identifiers, or data used for cross-app tracking.

Oarsum does not use third-party services for the following:

  • Cloud storage
  • Maps (we use Apple's built-in MapKit framework, which is part of iOS)
  • Authentication or user accounts
  • Advertising or ad networks

6.1 Apple Frameworks and Service Providers

Oarsum uses the following Apple frameworks and service providers:

| Framework | Purpose | Data Shared | |-----------|---------|-------------| | MapKit | Display maps and routes | Location coordinates only, used to render maps on your device | | HealthKit | Read heart rate, active energy, paddle distance, paddle workouts, and workout routes; save Oarsum-authored paddle workouts, active energy, paddle distance, and workout routes | Raw HealthKit samples are not uploaded to Oarsum's backend; Oarsum-authored workout records are stored in Apple Health when you grant write permission | | CoreLocation | Record GPS coordinates | Handled entirely on your device; no transmission | | CoreMotion | Detect paddle strokes | Processed on your device; only aggregated metrics stored | | CloudKit | Optional shared-route contribution when enabled | Stores opt-in shared route records only; support, diagnostics, and analytics are not sent to CloudKit | | StoreKit 2 | Process Oarsum+ subscriptions | Entitlement, transaction, and subscription status only; Apple handles payment data | | SwiftData | Store all app data | All data stored locally on your device | | Cloudflare | Private water-pack delivery and water-name correction ingestion | App Attest-protected requests, private water-pack downloads, selected or typed water names, and coarse route sample cells for water-name review | | Supabase | Support messages, diagnostics, optional aggregate analytics, optional support profile context, optional trip-trouble route attachments, and mirrored water-name correction review summaries | Support submissions, daily summaries, and review-ready water-name correction summaries only; raw route points are included only when you explicitly attach route points to a support report | | PostHog | Optional product analytics when linked/configured and general analytics is enabled | Sanitized app/product events, screen names, app/version context, and bucketed or non-sensitive properties only; no session replay, autocapture, raw routes, exact coordinates, emails, Apple IDs, Supabase IDs, raw HealthKit samples, payment details, or cross-app tracking | | ActivityKit | Live Activity on lock screen | Real-time trip metrics shown only on your device; no transmission |

7. Apple Maps Attribution

Oarsum uses Apple Maps, provided by Apple as part of MapKit. Apple's Maps Terms of Use apply.

Oarsum may use Apple Maps transiently to help name a completed paddle after a likely body of water. Apple-returned map names are used only during naming and are not stored in Oarsum's backend, included in Community Water Evidence analytics, or used to build a persistent map-data database.

Map Disclaimer: Maps, routes, and location data displayed in Oarsum are provided by Apple Maps and are for informational purposes only. Map data may be inaccurate, incomplete, or outdated. Do not rely on this app for navigation on waterways. Always carry proper navigational charts, a compass, and know your route before launching. Oarsum is not a substitute for proper navigational equipment or local knowledge of waterways.

8. Children's Privacy

8.1 Age Restrictions

Oarsum is not designed for, and we do not knowingly collect data from, children under 13 years old. If you are under 13, please do not use this App.

8.2 COPPA Compliance

Oarsum does not:

  • Collect location data from users under 13 without verifiable parental consent
  • Collect health or motion data from users under 13 without verifiable parental consent
  • Use data from children to target advertisements or build user profiles

If we become aware that a child under 13 has used Oarsum and we have collected their data, we will delete that data immediately. If you believe your child's data has been collected, please contact us at [email protected].

8.3 Parental Controls

Parents and guardians can restrict app access and control permission grants through iOS Settings > Screen Time > App Limits and iOS Settings > Privacy.

9. Your Privacy Rights

9.1 Access Your Data

Your trip, route, location, health, and motion history is stored on your device, so you have direct access to that data within Oarsum:

  • View all your recorded trips, routes, and statistics in the App
  • Use the included free GPX export, then unlock additional GPX exports with Oarsum+
  • Review HealthKit and motion data associated with each trip

9.2 Data Portability

You can export your trip data in the following formats:

  • GPX (GPX Trackpoint XML) — Industry-standard format compatible with mapping software, fitness trackers, and GPS devices
  • Future versions may support CSV, FIT (Garmin), or TCX (TrainingPeaks) formats

9.3 Deletion

You can delete your data at any time:

  • Delete individual trips — Swipe to delete in the trip list, or tap Delete in trip detail
  • Delete all data — Uninstall the App or go to iOS Settings > General > iPhone Storage > Oarsum > Offload App, then Reinstall (this removes all App data)
  • Delete HealthKit data — Delete Oarsum-authored Apple Health workouts and attached route samples from Oarsum when the App offers that option, or manage Health records directly in the Health app. Oarsum cannot delete Health records authored by other apps
  • Delete from iCloud Backup — Change iCloud Backup settings or remove Oarsum from backup in iOS Settings

9.4 Backend Support and Analytics Records

Oarsum Account setup is optional. For backend records:

  • You can request a copy of support, entitlement, diagnostics, and optional analytics records associated with your app-install identifiers where feasible
  • You can request deletion of support records and backend analytics records where feasible
  • You can withdraw consent for optional analytics and support-profile sharing in the App at any time
  • We will respond to access, deletion, and privacy-rights requests within the time required by applicable law

9.5 GDPR Rights (EU Users)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to access — Request a copy of your personal data (email [email protected])
  • Right to rectification — Correct inaccurate data (edit trip names within the App)
  • Right to erasure — Delete your data (use in-app deletion or uninstall)
  • Right to restrict processing — Limit how we use your data (revoke permissions in iOS Settings)
  • Right to data portability — Request your data in a portable format (export GPX)
  • Right to object — Object to processing (email [email protected])

We will respond to GDPR requests within the time required by applicable law.

9.6 CCPA Rights (California Residents)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know — Know what personal information we collect (see Section 2 of this policy)
  • Right to delete — Delete local trip data in the App or by uninstalling; contact [email protected] to request deletion of support records or backend analytics records associated with your app-install identifiers where feasible
  • Right to opt-out — Opt out of selling or sharing your data (we do not sell data)
  • Right to correct — Correct inaccurate data (edit trip names within the App)
  • Right to data portability — Get your data in a portable format (export GPX)

We do not "sell" or "share" personal information as defined by CCPA. Raw route, precise location history, and raw HealthKit samples are not disclosed to third parties.

9.7 Australian and New Zealand Privacy Rights

If you are located in Australia or New Zealand, you may request access to or correction of personal information that Oarsum holds about you, and you may contact us about privacy questions or complaints at [email protected].

For clarity, Oarsum does not currently store your full paddle history, raw routes, ordered GPS points, or raw HealthKit samples on Oarsum servers unless you explicitly attach route points to a support report. Those paddle records are otherwise stored locally on your device and can be viewed, exported, or deleted in the App. A data-access request is still relevant for the backend records Oarsum may hold, such as support messages, optional reply email addresses, limited device/app context, pseudonymous diagnostics, optional aggregate analytics, optional support profile context, and subscription/support context.

Health, fitness, precise location, and motion data can be sensitive. Oarsum handles that data only for the App purposes described in this policy and does not sell or disclose it for advertising or behavioral tracking. Support submissions, diagnostics, optional aggregate analytics, and optional support profile context may be processed outside Australia or New Zealand, including in the United States or other locations where Supabase infrastructure operates.

We will respond to Australian and New Zealand privacy inquiries within the time required by applicable law. If you are not satisfied with our response, Australian users may be able to contact the Office of the Australian Information Commissioner (OAIC), and New Zealand users may be able to contact the Office of the Privacy Commissioner.

10. Sharing Your Data

10.1 User-Initiated Sharing

You may choose to share your data:

  • Export GPX files — You can export trip data as GPX files and send them to anyone via email, messaging, or cloud storage of your choice
  • Support and feedback submissions — If you contact the developer or opt into support profile sharing, the submitted support content and limited app/device context are sent to Oarsum's private Supabase backend
  • Optional analytics — If enabled, aggregate summaries and Community Water Evidence / water matching analytics may be sent to Supabase using app-install identifiers for duplicate protection and rate limiting
  • Opt-in shared routes — If you enable route sharing, Oarsum may send simplified route contributions and related trip summaries to CloudKit for the shared-route feature. Support messages, diagnostics, and analytics continue to use Supabase rather than CloudKit.
  • We do not automatically share raw trip routes, ordered GPS points, full trip history, or raw HealthKit samples

10.2 We Do NOT Share Data

We never share, sell, or disclose raw trip routes, ordered GPS points, full trip history, raw HealthKit samples, or support records to:

  • Third-party analytics providers
  • Advertising networks
  • Data brokers or marketing companies
  • Social media platforms
  • Government agencies (except as required by law with proper legal process)
  • Other app developers or services

10.3 Legal Requests

If we receive a valid legal request (subpoena, warrant, court order) for your data, we will: 1. Notify you of the request unless legally prohibited 2. Require the requesting party to demonstrate they have proper legal authority 3. Disclose only the minimum data necessary to comply with the request 4. Document and retain records of all such requests

Because trip, route, precise location history, and raw health data are stored on your device, we do not have copies of those records to produce. Oarsum may have support submissions, diagnostics, optional aggregate analytics, and optional support profile context in Supabase.

11. Data Security and Breach Notification

11.1 Security Measures

  • All data is encrypted at rest using iOS file protection
  • Oarsum uses secure coding practices and follows OWASP security guidelines
  • We do not transmit raw route history, ordered GPS points, or raw HealthKit samples except when you explicitly export/share them or explicitly attach route points to a support report
  • Support, diagnostics, and optional analytics network communications use HTTPS/TLS
  • We do not store passwords, API keys, or other credentials

11.2 What We Cannot Protect Against

For local trip, route, location, health, and motion history stored on your device:

  • Device theft or loss — Protect your iPhone with a strong passcode and use Find My iPhone
  • Jailbroken devices — Jailbreaking disables iOS security protections
  • Malware or stolen credentials — Keep your iOS system and all apps updated

11.3 Breach Notification

In the unlikely event that Oarsum infrastructure is breached, we will: 1. Notify affected users and regulators as required by applicable law 2. Describe the breach and data affected 3. Provide steps to protect themselves 4. Provide additional remediation if legally required or appropriate for the data affected

Backend breach scope is limited to support submissions, diagnostics, optional aggregate analytics, and optional support profile context; raw trip routes, ordered GPS points, full trip history, and raw HealthKit samples are not uploaded to that backend.

12. International Data Transfers

Oarsum is developed in the United States by Eric Shine. Trip, route, location, health, and motion history is stored locally on your device. Support submissions, diagnostics, optional aggregate analytics, and optional support profile context may be processed by Supabase infrastructure.

If you are located outside the United States and use Oarsum:

  • Your trip, route, location, health, and motion history remains on your device under its local laws
  • iCloud Backup (if enabled) is subject to Apple's data residency agreements with your country
  • Export data remains under your control
  • Support submissions, diagnostics, optional aggregate analytics, and optional support profile context may be processed outside your country of residence

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes by:

1. Posting the updated policy in the App and on our website 2. Updating the "Effective Date" and "Last Updated" fields 3. If the change materially affects your privacy, we may prompt you to review the updated policy

Your continued use of Oarsum after changes become effective constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or Oarsum's privacy practices, please contact:

Eric Shine Developer, Oarsum Email: [email protected]

We will respond to privacy inquiries within the time required by applicable law.

15. Additional Resources

16. Disclaimer

This Privacy Policy is provided for informational purposes. While we have made every effort to ensure accuracy, this policy does not constitute legal advice. If you have concerns about privacy law compliance, please consult with a licensed attorney in your jurisdiction.

Version: 1.0 Status: Effective April 1, 2026 Developer: Eric Shine