Privacy Policy for TalariaTreadTracker

Last Updated: May 4, 2026
Effective Date: November 3, 2025

TL;DR: We don't collect, sell, or share your data. Everything stays on your device and in your personal iCloud account. The only exception is if you choose to connect your Strava account — then shoe-to-activity assignments are sent to Strava on your behalf. Strava is fully optional.

Introduction

TalariaTreadTracker ("the App") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information.

Information We Access

Health and Fitness Data (via HealthKit)

The App requests read-only access to the following HealthKit data:

• Workout Data: Running, walking, and hiking workouts (distance, duration, date, route GPS data, elevation)
• Running Biomechanics: Stride length, ground contact time, vertical oscillation, and running power
• Workout Metadata: Weather temperature (if recorded by your device during the workout)

User-Provided Data

You provide the following information when using the App:

• Shoe information (name, brand, purchase date, mileage limit, activity types)
• Photos of your shoes (optional, from camera or photo library)
• Workout-to-shoe assignments
• Shoe retirement status and dates
• App preferences (distance units, display settings)

Strava Integration (Optional)

If you choose to connect your Strava account, the App accesses the following data with your explicit authorization:

• Strava Profile: Athlete ID and basic profile information (used to identify your account)
• Strava Gear: Your existing shoes/gear in Strava, used for mapping to your TalariaTreadTracker shoes
• Recent Activities: Activity start time, distance, and duration — read only to match HealthKit workouts to Strava activities for gear assignment
• OAuth Tokens: Access and refresh tokens issued by Strava are stored securely in your device's Keychain

The integration is fully optional. If you do not connect Strava, none of this data is accessed and no data is exchanged with Strava.

How We Use Your Information

On-Device Processing

All data analysis happens locally on your device:

• Terrain Classification: Trail vs. road detection using GPS route analysis (elevation gain, surface roughness)
• Wear Analysis: Terrain-adjusted shoe wear calculations based on elevation, pace, duration, and temperature
• Performance Tracking: Pace change detection comparing recent vs. historical workouts
• Biomechanics Analysis: Impact calculations based on your running form metrics
• Schedule Prediction: Predicted next run calculations based on your workout patterns

Strava Sync (If Connected)

When Strava is connected, the App performs forward-only sync of shoe assignments:

• Activity Matching: When you assign a workout to a shoe in TalariaTreadTracker, the App fetches your recent Strava activities and matches by start time (±2 minutes) and distance (±5%)
• Gear Assignment: On match, the App sends a single API call to Strava attaching the corresponding Strava gear ID to the activity
• Removal: Removing a workout from a shoe clears the gear ID on the matching Strava activity
• What's Never Sent: HealthKit data, biomechanics, route GPS, wear estimates, photos, shoe metadata, or any analytics

Data Storage

• Local Storage: Shoe data is stored locally using SwiftData in an App Group container
• iCloud Sync: If you're signed into iCloud, shoe metadata and workout assignments sync across your devices via CloudKit
• Photos: Shoe photos are stored locally and sync via iCloud
• Preferences: App settings (distance units, etc.) are stored locally via UserDefaults

Important: HealthKit workout data remains on each device. Only workout UUIDs (identifiers) sync via iCloud, allowing each device to calculate mileage from its own HealthKit database.

Data Sharing and Disclosure

Data transmission is limited to:

• iCloud (your account): Sync between your own devices via your personal iCloud account, if enabled
• Strava (opt-in): If you connect Strava, gear assignments on matched activities are sent to Strava on your behalf. Strava's handling of this data is governed by Strava's Privacy Policy
• Talaria Labs OAuth Worker: A stateless Cloudflare Worker proxies Strava token exchange. It does not store, log, or retain any user data

Your Data Rights and Controls

Access and Deletion

You have complete control over your data:

• Delete Shoes: Swipe to delete any shoe and its associated data
• Unassign Workouts: Remove workout assignments at any time
• Revoke HealthKit Access: Settings → Health → Data Access & Devices → TalariaTreadTracker → Turn Off All
• Disconnect Strava: In the App, go to Settings → Integrations → Disconnect Strava. This deletes the OAuth tokens from your Keychain. You can also revoke access directly from your Strava account at strava.com/settings/apps
• Delete All Data: Uninstalling the app removes all local data and Strava tokens. iCloud data can be deleted by signing out of iCloud or deleting the app from all devices.

iCloud Sync Control

• Disable Sync: Sign out of iCloud on your device to prevent syncing
• Delete Synced Data: Delete the app from all devices while signed into the same iCloud account

Data Security

We protect your information through:

• Encryption: All iCloud synced data is encrypted in transit and at rest using Apple's CloudKit security
• Local Storage: Data stored locally is protected by your device's security (passcode, Face ID, Touch ID)
• No External Access: Since we don't use external servers, there's no risk of data breaches from our side
• Minimal Data Collection: We only access what's necessary for the app's core functionality

Children's Privacy

The App does not knowingly collect information from children under 13. The App is not directed at children, and we do not knowingly collect personal information from anyone under 13 years of age.

Third-Party Services

The App does not use analytics platforms or advertising networks. Third-party services are limited to:

• Strava (optional): Only if you explicitly connect your Strava account. Governed by Strava's Privacy Policy and Terms of Service
• Cloudflare Workers (Talaria Labs): A stateless OAuth proxy used solely to exchange Strava authorization codes for tokens. No user data is stored or logged

The App also relies on Apple's built-in frameworks:

• HealthKit: For reading workout and biomechanics data
• CloudKit: For syncing your data across your own devices
• SwiftData: For local data storage

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Updating the "Last Updated" date at the top of this policy
• Displaying an in-app notification (for material changes)

Continued use of the App after changes constitutes acceptance of the updated policy.

International Users

The App processes data locally on your device. If you use iCloud sync, your data is stored in Apple's iCloud infrastructure, which may involve data transfers across borders. Apple's iCloud is subject to Apple's Privacy Policy and Terms of Service.

California Privacy Rights (CCPA)

California residents have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request what personal information we collect (see "Information We Access" above)
• Right to Delete: You can delete all your data by uninstalling the app
• Right to Opt-Out of Sale: We do not sell personal information
• Right to Non-Discrimination: We do not discriminate based on privacy choices

Since all data is stored locally or in your personal iCloud account, you have direct control without needing to contact us.

GDPR Compliance (European Users)

If you're in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Data Controller: You are the controller of your own data; we provide the tool
• Legal Basis: Processing is based on your consent (HealthKit authorization) and contract performance (app functionality)
• Data Portability: Export your data by accessing your iCloud account
• Right to Erasure: Delete data by uninstalling the app and removing iCloud data

Contact Information

If you have questions about this Privacy Policy or our privacy practices:

Developer: Griffith Boggs
Email: talarialabs@proton.me
Website: talarialabs.app

For HealthKit data privacy questions, please refer to Apple's Privacy Policy.

App Store Privacy Labels

For App Store compliance, here's how we answer Apple's privacy questions:

Data Used (Not Linked to You)

• Health & Fitness: Workout data, running biomechanics (via HealthKit)
• Photos: Shoe photos (optional, user-provided)
• User Content: Shoe names, brands, settings

Data Linked to You (Optional, Strava Only)

If you connect Strava:

• User ID: Strava athlete ID (used to identify your Strava account)
• Other Data: Strava gear list and recent activity metadata (start time, distance, duration) used for matching

Data Not Collected

• Contact information
• Location (beyond workout routes already in HealthKit)
• Advertising or marketing identifiers
• Usage data
• Diagnostics
• Financial information
• Browsing history

Tracking

We do not track you across apps or websites.

Your Trust Matters

We built TalariaTreadTracker with privacy as a core principle. Your health data is yours alone.

• Everything processes on your device
• No analytics, tracking, or advertising
• No data sales or sharing
• Strava integration is opt-in and minimal
• Complete user control over all data

If you have concerns or questions, please reach out. We're here to help.