Privacy Policy

1. Scope

This Policy applies to our websites, applications, and services that link to it, including integrations that access data from Garmin devices and Garmin services via the Garmin Developer Program. By using our services, you agree to the practices described here.

2. Data Controller

The data controller is CEBEROUS LLC. You can contact us at privacy@ceberous.org.

3. Information We Collect

• Activity & Health Data: With your authorization, we may receive activity and health information from Garmin devices and services (e.g., steps, heart rate, sleep, GPS activity/route data, VO2 max, training metrics, and related fitness/health signals).
• Account & Profile Data: Name, email, basic profile, and settings if you create an account with us or link your Garmin account.
• Technical & Usage Data: Device identifiers, operating system, app version, crash/error logs, and usage diagnostics to maintain and improve service performance.
• Support & Communications: Information you provide when you contact us (e.g., support requests, feedback).

4. Sources of Information

• Directly from you (e.g., account creation, settings, support requests).
• Garmin services (with your explicit authorization via the Garmin Developer Program/Connect APIs).
• Automatically collected diagnostic and usage data when you use the app.
• Service providers that perform services on our behalf (e.g., cloud hosting, error monitoring).

You can revoke our access to your Garmin data at any time from your Garmin account settings. Data previously synchronized to our systems will remain subject to this Policy and your deletion rights.

5. How We Use Information

• Provide app features, including activity syncing, visualization, and user-requested functionality.
• Maintain, secure, and troubleshoot the service; prevent misuse and fraud.
• Analyze aggregate usage to improve features and performance.
• Communicate with you about service updates, security notices, and support.
• Comply with legal obligations.

We do not use activity or health data for advertising, and we do not sell or rent your personal information.

6. Legal Bases (EEA/UK GDPR)

Where GDPR applies, we process personal data on the following bases:

• Consent: For accessing/synchronizing Garmin activity or health data and certain communications (you may withdraw consent at any time).
• Contract: To provide the services you request and fulfill our agreements with you.
• Legitimate Interests: To maintain and improve the service, secure our systems, and prevent misuse (balanced against your rights and freedoms).
• Legal Obligation: To comply with applicable laws and regulatory requirements.

7. How We Share Information

• With your consent or direction: For example, when you connect or sync with another service.
• Service providers (processors): Trusted vendors that host data, provide infrastructure, analytics, logging, or customer support — bound by confidentiality and data protection obligations.
• For legal reasons: If we believe disclosure is required by applicable law, regulation, or legal process, or to protect rights, safety, and security.

We do not “sell” or “share” personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA).

8. Data Retention

We retain personal information only for as long as necessary to provide the services, comply with legal obligations, resolve disputes, and enforce agreements. Diagnostic logs are typically retained no longer than 12 months unless required for security or legal reasons. You may request deletion at any time (see Your Rights & Choices).

9. Data Location & Transfers

Data may be processed in the United States or other countries where our service providers operate. If you are located outside the U.S., your data may be transferred internationally, subject to appropriate safeguards.

10. Security

We implement reasonable administrative, technical, and physical measures designed to protect information against unauthorized access, use, and disclosure.

11. Your Rights & Choices

Depending on your location, you may have the right to:

• Access, correct, or delete your data.
• Withdraw consent at any time.
• Restrict or object to certain processing.
• Request a copy of your data in portable form.

Contact us at privacy@ceberous.org to exercise your rights.

12. Children’s Privacy

Our services are not directed to children under 16 (or the minimum age required by local law). We do not knowingly collect information from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted at https://ceberous.org/privacy with a new “Effective Date.”

14. Contact Us

CEBEROUS LLC
Website: https://ceberous.org
Email: privacy@ceberous.org

Appendix: California Notice at Collection

For California residents, we collect identifiers, internet/network information, geolocation, and health/fitness data categories as defined by the CCPA. We use this information only for the purposes outlined above and do not sell it.