Legal

Privacy Policy

Last updated: March 3, 2026

This Privacy Policy explains how Skrid ("we", "us", "our") handles information when you use the Skrid iOS application and this website. We take your privacy seriously and are committed to processing your data in accordance with the General Data Protection Regulation (GDPR / DSGVO) and applicable German data protection law.

1. Controller

The controller responsible for data processing within the meaning of the GDPR is:

Johannes Gebert
Postfach 81 01 63
70518 Stuttgart
Germany

E-mail: privacy@skrid.app
Phone: +49 152 23146102

2. Minimum Age

Skrid is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you are under 16, you may only use Skrid with the consent of a parent or legal guardian. If we become aware that we have collected personal data from a child under 16 without parental consent, we will delete that data promptly.

3. Data We Process

3.1 User Account

To use Skrid you create an account secured with a passkey. We store the following data on our servers:

The legal basis for processing this data is Art. 6(1)(b) GDPR (performance of a contract — providing the app's core functionality).

3.2 On-Device Data

Some data is processed exclusively on your device and is never transmitted to our servers:

We do not have access to on-device-only data. It is not collected, transmitted, or analysed by us in any form.

3.3 In-App Purchases (RevenueCat)

In-app purchases are processed by Apple via the App Store. We use RevenueCat Inc. (USA) to manage subscription status and purchase entitlements. RevenueCat receives your anonymous App Store transaction data (product purchased, transaction ID, subscription status) and an app user ID. RevenueCat does not receive your payment details, HealthKit data, or any health-related information.

RevenueCat acts as a data processor on our behalf pursuant to a Data Processing Addendum (revenuecat.com/dpa). The legal basis is Art. 6(1)(b) GDPR (contract performance). RevenueCat's privacy policy: revenuecat.com/privacy.

3.4 Website

When you visit this website, your browser transmits standard technical data to our web host Railway (see Section 6) (e.g. IP address, browser type, referring URL, date and time of access). This data is processed on the basis of our legitimate interest in operating a functioning website (Art. 6(1)(f) GDPR) and is not linked to any identified person. Log files are deleted automatically after 7 days.

3.5 Contact via E-mail

If you contact us by e-mail, we process the data you provide (name, e-mail address, message content) solely to respond to your enquiry. The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to queries). We delete correspondence 12 months after your enquiry has been fully resolved, unless longer retention is required by law.

3.6 Push Notifications

Skrid may send you push notifications via Apple Push Notification service (APNs). To deliver notifications, a device token generated by iOS is sent to Apple's APNs servers. We store this token on our server solely for the purpose of sending you notifications. Apple processes the delivery of notifications under its own privacy policy (apple.com/legal/privacy).

The legal basis is Art. 6(1)(b) GDPR (contract performance — providing the app's core functionality). You can disable push notifications at any time in iOS Settings → Notifications → Skrid.

3.7 Email Communications

We may offer email-based communications such as a launch waitlist or a product newsletter. Each type of communication requires its own, separate consent.

Waitlist / Launch Notifications

If you sign up for our launch waitlist, we collect your email address for the sole purpose of notifying you when Skrid launches and sending launch-related updates. The legal basis is Art. 6(1)(a) GDPR (consent).

Newsletter / Product Updates

If we offer a newsletter in the future, subscribing will require a separate opt-in. We would use your email address to send periodic updates about Skrid features, tips, and news. The legal basis is Art. 6(1)(a) GDPR (consent).

Double Opt-In

After you submit a signup form, you will receive a confirmation email containing a verification link. Your email address is only stored and used for the stated purpose after you click this link. If you do not confirm, your address is automatically deleted within 7 days. The confirmation email does not contain advertising.

Email Delivery

Emails are delivered via Lettermint (Zwolle, Netherlands), which acts as a data processor on our behalf pursuant to a Data Processing Addendum (lettermint.co/dpa). Lettermint processes data within the EU. Your email address is also stored on our Railway servers (see Section 6). Lettermint's privacy policy: lettermint.co/privacy-policy.

Retention

Your email address is retained for a maximum of 24 months after signup or until the relevant purpose is fulfilled (e.g. launch notification sent), whichever comes first — unless you withdraw consent earlier.

Withdrawal of Consent

You can unsubscribe at any time via the link included in every email or by contacting us at privacy@skrid.app. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal, in accordance with Art. 7(3) GDPR.

4. Analytics (TelemetryDeck)

We use TelemetryDeck GmbH (Von-der-Tann-Str. 54, 86159 Augsburg, Germany) to collect anonymous usage analytics in the iOS app (e.g. screen views, feature usage). TelemetryDeck anonymises all data on-device before it is transmitted, so no personal data — such as IP addresses, device IDs, or user IDs — reaches TelemetryDeck's servers.

The following anonymised data is collected:

TelemetryDeck does not store IP addresses, cookies, or any persistent identifiers that could be traced back to an individual. TelemetryDeck does not receive any HealthKit data, step counts, or health-related information. We do not use TelemetryDeck — or any other service — for advertising or behavioural targeting.

Because TelemetryDeck anonymises all data on-device before transmission, no personal data reaches TelemetryDeck's servers. To the extent that any personal data is processed before anonymisation, the legal basis is Art. 6(1)(f) GDPR (legitimate interest in improving our app). You may object to this processing at any time (see Section 10). TelemetryDeck's privacy policy: telemetrydeck.com/privacy.

No cookies are set by this website beyond what is technically necessary for serving the page. This website does not use cookies or similar storage technologies requiring consent under § 25 TDDDG (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz). We do not use advertising networks or tracking pixels.

5. Apple HealthKit

Skrid accesses Apple HealthKit to read your step count data. This data is used for two purposes:

  1. Coin calculation — your daily step totals are sent to our server to calculate coin rewards. Server-side processing ensures the integrity of the reward system.
  2. Backup and sync — step history is stored on our server so you can restore your progress or access it on another device.

5.1 What HealthKit Data We Collect

We collect daily step count totals only. We do not access any other HealthKit data types (e.g. heart rate, sleep, workouts, nutrition, or medical records).

5.2 How HealthKit Data Is Used

5.3 Consent and Your Control

Access to HealthKit requires your explicit consent via the iOS HealthKit permission dialog. Before requesting this permission, the app explains why step data is needed. The legal basis for processing your step count data is Art. 6(1)(a) GDPR (consent) in conjunction with Art. 9(2)(a) GDPR (explicit consent for special categories of data), as step count data may qualify as health-related data under GDPR.

In accordance with Art. 7(3) GDPR, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing carried out before the withdrawal. You can revoke HealthKit access in iOS Settings → Privacy & Security → Health → Skrid. Revoking access will prevent the app from reading new step data but will not automatically delete step data already stored on our server. To delete all stored data, use the account deletion feature in the app (see Section 9).

Apple processes HealthKit data on your device under its own privacy policy. We only receive the specific data types described above — Apple does not share any other HealthKit data with us.

6. Hosting and Data Storage

Our backend and this website are hosted by Railway (Railway Corp., USA) in the EU West (Amsterdam, Netherlands) region. All personal data, including step count history and game state, is stored within the European Economic Area.

Railway acts as a data processor on our behalf pursuant to a Data Processing Addendum (railway.com/legal/dpa). Their privacy policy is available at railway.com/legal/privacy.

7. Security Measures

We implement appropriate technical and organisational measures in accordance with Art. 32 GDPR to protect your personal data against unauthorised access, loss, or alteration. These include:

8. Data Transfers Outside the EU

Your core account data (username, step history, game state) is stored exclusively within the EEA on our Railway servers in Amsterdam.

The following US-based processors may receive limited data as described above:

No HealthKit data is transferred to RevenueCat.

Apple Inc. processes data in the context of the App Store, HealthKit, and push notifications (see Section 3.6) under its own privacy policy and transfer mechanisms. Apple acts as an independent controller for App Store data. For details, see apple.com/legal/privacy.

8.1 Users Outside the EU/EEA

If you access Skrid from outside the EU/EEA, your data is transferred to and processed within the EU. By using Skrid, you acknowledge this transfer. Additional local privacy rights may apply depending on your jurisdiction.

9. Data Retention and Deletion

We retain your account data (username, step history, game state) for as long as your account is active. You can delete your account and all associated data at any time directly within the app. Upon deletion, all data is permanently and immediately removed from our servers.

E-mail correspondence is deleted 12 months after the enquiry has been fully resolved, unless longer retention is required by law.

Website server logs are deleted automatically after 7 days (see Section 3.4).

10. Your Rights Under the GDPR

You have the following rights regarding any personal data we process:

To exercise any of these rights, contact us at hello@skrid.app. We will respond within one month as required by law. This period may be extended by two further months where necessary due to the complexity or number of requests, in accordance with Art. 12(3) GDPR.

11. Information for California Residents

Although we may not meet the CCPA/CPRA applicability thresholds, we voluntarily extend the following rights to California residents:

To exercise any of these rights, contact us at hello@skrid.app.

12. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for the controller is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
baden-wuerttemberg.datenschutz.de

If you reside in another EU/EEA member state, you may also contact the supervisory authority in your country of residence.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The current version is always available at this URL. Material changes will be communicated via the App Store update notes.

Stay in the loop

Be the first to know when Skrid launches. No spam, just one email when we're ready.