Privacy Policy

Last updated: 17 May 2026

This Privacy Policy explains how Paddlor ("we", "our", or "us") collects, uses, and protects information when you use the Paddlor app for iPhone and Apple Watch. We are committed to handling your data minimally and transparently.

1. Information We Collect

Session data. When you record a paddle session, we store your GPS route, session duration, distance, speed, and optional notes. This data is stored locally on your device using Apple's SwiftData framework and optionally synced to your private iCloud account via CloudKit.

Location data. Paddlor uses background GPS during an active session to record your route. We do not track your location outside of an active session. Location data is stored only as part of your session record.

Craft profile data. Names, specifications, and optional photos you enter for your paddle craft (boards and kayaks) are stored locally and synced to your private iCloud account if you enable it.

Community spots. If you contribute a paddle spot (Pro feature), the spot name, location coordinates, craft type tags, and difficulty are stored in a CloudKit public database. Your Apple ID user record name is associated with spots you contribute, solely to allow you to edit your own submissions. This data is visible to all Paddlor users.

Health and fitness data. If you enable "Log to Apple Health" in Settings, Paddlor reads your heart rate samples and body weight from Apple HealthKit during and after an active session to calculate calorie burn. Paddlor also writes your paddle sessions (activity type, duration, distance, and calories) back to your HealthKit store. This data is read and written directly on your device — it is never sent to our servers. All HealthKit data remains on your device and within your private Apple Health account, controlled entirely by Apple. Enabling this feature is entirely optional.

Subscription status. We use RevenueCat to manage in-app subscriptions. RevenueCat may collect your device identifier and purchase history to verify your subscription status. See RevenueCat's privacy policy at revenuecat.com/privacy.

2. Information We Do Not Collect

We do not collect your name, email address, or any account credentials. We do not run analytics on your usage behaviour. We do not serve advertising and we do not sell your data to any third party.

3. How We Use Your Information

Your session, craft, and location data is used solely to provide the features of the app — displaying your history, calculating stats, and showing your routes. It is not used for any other purpose.

Community spot data is used to show the public spot map to all users of Paddlor.

Health and fitness data from HealthKit is used solely to calculate calorie burn for your session records and to log your paddle sessions to Apple Health. It is not used for any other purpose and is never transmitted off your device.

Subscription data from RevenueCat is used only to determine whether your account has an active Pro entitlement.

4. Data Storage and Sync

All personal data (sessions, craft profiles, settings) is stored on your device and, if you are signed into iCloud, in your private iCloud account via Apple's CloudKit. This data is encrypted by Apple and is only accessible to you. We do not have access to your private CloudKit data.

Community spot data is stored in a CloudKit public database hosted by Apple. This data is readable by any Paddlor user.

Forecast data is fetched from Open-Meteo (open-meteo.com), an open-source weather API. Only your GPS coordinates are sent to Open-Meteo to retrieve local conditions. No identifying information is transmitted.

5. Third-Party Services

  • Apple CloudKit — iCloud data sync. Governed by Apple's Privacy Policy (apple.com/privacy).
  • RevenueCat — Subscription management. Governed by RevenueCat's Privacy Policy (revenuecat.com/privacy).
  • Open-Meteo — Weather and forecast data. No personal data is collected by Open-Meteo beyond your coordinates for the current request (open-meteo.com/en/terms).
  • Apple HealthKit — Optional health data integration. When enabled, Paddlor reads heart rate and body mass from, and writes workout sessions to, your personal HealthKit store on-device. Governed by Apple's Privacy Policy (apple.com/privacy).

6. Your Rights (GDPR)

If you are located in the European Economic Area, you have the right to access, correct, or delete personal data we hold about you. Because we do not collect or store personal data on our own servers — your data lives on your device and in your private iCloud account — the primary way to manage your data is through the app itself and through your iCloud account settings.

To delete your session and craft data, use the delete option within the app or delete the app from your device. To remove your community spot contributions, delete them within the app before removing it.

For any privacy-related questions or requests, contact us at support@paddlor.app.

7. Data Retention

Your data is retained on your device and in your iCloud account for as long as you keep the app installed. Deleting the app removes locally stored data. Community spots you have contributed remain in the public CloudKit database until you delete them within the app.

8. Children

Paddlor is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided personal information through the app, please contact us at support@paddlor.app.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected in the "Last updated" date at the top of this page. Continued use of the app after an update constitutes acceptance of the revised policy.

10. Contact

For any questions about this Privacy Policy, contact us at support@paddlor.app.