Privacy Policy — Gimena / gcraft.com.ar

Overview

This Privacy Policy describes how Gimena ("I", "me", or "my") collects, uses, and discloses information when you use my mobile applications (the "Apps") or visit gcraft.com.ar (the "Site").

By using the Apps or the Site, you agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Words with capitalized initial letters have the meanings defined below. These definitions apply whether the terms appear in singular or plural form.

Application refers to any mobile app developed and published by me under the gcraft.com.ar developer account, available on Google Play Store and/or Apple App Store.
Activity Data means fitness and health-related information obtained through connected third-party platforms, including but not limited to workout activities, GPS routes, performance statistics, and biometric metrics.
Device means any device that can access the Service, such as a smartphone or tablet.
Personal Data means any information that relates to an identified or identifiable individual.
Service refers to the Application and/or the Site.
Service Provider means any third-party company or individual that processes data on my behalf in order to facilitate or improve the Service.
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.
You means the individual accessing or using the Service.

Types of Data Collected

Data you provide through third-party authentication

Some Apps allow you to log in using your existing account on a third-party platform (currently The Movie Database / TMDB and Strava). When you choose to authenticate via one of these platforms, I receive the data that the platform makes available under the permissions you grant. This may include:

Your public profile information (username, display name, profile photo)
An access token that allows the App to make requests on your behalf
Any additional data within the scope you authorize at login

Authentication is handled entirely through each platform's official OAuth 2.0 flow. I do not receive or store your password for any third-party platform.

Activity Data — Strava

Apps that connect to Strava access your activity data via the Strava API, using only the permissions you explicitly grant during the OAuth authorization flow. The data accessed may include:

Athlete profile: name, profile picture, location (city/country level)
Activity statistics: distance, duration, pace, elevation, speed
Activity type and sport category (e.g., run, ride, swim)
GPS route data used to render activity maps within the App
Heart rate and other biometric metrics, if present in the activity
Weekly or aggregate performance summaries

This data is classified as health and fitness data. It is used exclusively to display your own activity information within the App. It is never shared with third parties, used for advertising, or processed for any purpose beyond rendering the features you request.

You can revoke the App's access to your Strava data at any time from your Strava account settings under "My Apps."

Activity Data — Garmin

Apps that connect to the Garmin Health API access your activity and wellness data via Garmin's official API, using only the permissions you explicitly authorize. Depending on the features available, this may include:

Physical activity records: steps, distance, calories, active minutes
Workout and exercise summaries
GPS route and movement data from Garmin devices
Sleep, heart rate, stress, and other wellness metrics recorded by your device
Body composition data, if available on your device

Garmin activity and health data is used solely to display your personal fitness information within the App. This data is not sold, shared with third parties, used for advertising, or processed for any purpose other than providing the features you request. I do not retain Garmin activity data beyond the active session unless explicitly required for a feature you have enabled.

You can revoke the App's access to your Garmin data at any time from your Garmin Connect account settings.

Movie and entertainment data — TMDB

Apps that use The Movie Database (TMDB) API fetch publicly available movie, TV show, and media metadata to display within the App (titles, descriptions, ratings, images). If you are logged in with a TMDB account, the App may also access your watchlist, ratings, or lists as permitted by your account settings. This data is used only to provide the features of the App and is not stored on my servers.

Crash Reports — Firebase Crashlytics

The Apps use Firebase Crashlytics to help me identify and fix technical errors. When the App crashes, Crashlytics automatically collects:

Crash stack traces and error logs
Device model and manufacturer
Operating system version
App version and build number
A randomly generated installation UUID (not linked to your identity)
Time and date of the crash event

This data is used solely to diagnose and resolve technical issues.

Maps — Google Maps SDK

Some Apps use the Google Maps SDK to display maps and allow address search. This may send your search queries or approximate location — only when you actively interact with map features — to Google's servers. The App does not access or track your location in the background.

Use of Your Data

Data accessed through third-party integrations is used exclusively for the following purposes:

To authenticate your identity and maintain your session within the App
To display your personal activity, fitness, and wellness data within the App
To render maps and route visualizations from your activity data
To display movie, TV, or media information linked to your TMDB account
To detect, diagnose, and fix crashes and technical errors (Crashlytics)
To provide map display and address search functionality (Google Maps SDK)

I do not use your data for advertising, user profiling, behavioral tracking, selling to third parties, or any form of automated decision-making.

Disclosure of Activity Data

Activity data obtained from Strava and Garmin — including fitness metrics, GPS routes, health indicators, and biometric data — is treated with the highest level of confidentiality. Specifically:

It is never sold to any third party
It is never shared with advertisers, data brokers, or analytics platforms
It is not used to build profiles, infer sensitive attributes, or make automated decisions about you
It is not retained on external servers beyond what is necessary to render the feature you requested
It is only disclosed to third parties if required by law or in response to a valid legal process

This section is intended to satisfy the activity data disclosure requirements of the Garmin Health API program, the Strava API agreement, and applicable data protection laws.

Cookies

The Apps do not use cookies. The Site (gcraft.com.ar) does not currently implement any first-party or third-party cookies. If this changes in a future version, this policy will be updated accordingly.

Third-Party Services

The Apps integrate with the following third-party services. Each operates under its own privacy terms, which I encourage you to review:

Google LLC (Firebase Crashlytics, Google Maps SDK) — policies.google.com/privacy
Strava Inc. — strava.com/legal/privacy
Garmin Ltd. — garmin.com/privacy
The Movie Database (TMDB) — themoviedb.org/privacy-policy

I may also disclose data if required to do so by law or in response to a valid request by public authorities (e.g., a court or government agency).

Retention of Your Data

I do not maintain a personal database of user information. Data fetched from third-party APIs (Strava, Garmin, TMDB) is used in-session to render App features and is not persistently stored on my infrastructure.

Crash report data collected by Firebase Crashlytics is retained by Google for up to 90 days by default. Authentication tokens are stored only on your device and are cleared when you log out.

Transfer of Your Data

By using third-party services (Google, Strava, Garmin, TMDB), your data may be transferred to and processed on servers outside your country, including outside Argentina and the European Economic Area. Each of these providers applies appropriate safeguards for international transfers, including Standard Contractual Clauses where required by the GDPR.

Delete Your Personal Data

Since I do not directly store your personal data, deletion requests should be directed to the relevant third-party platform:

Strava: Settings → My Apps → Revoke access, or contact Strava support
Garmin: Garmin Connect account settings → Connected Apps
TMDB: Your TMDB account settings
Google: myaccount.google.com/data-and-privacy

You are also welcome to contact me directly and I will assist where possible.

Your Rights

Depending on your location, you may have rights regarding your personal data. If you are located in the European Economic Area or the United Kingdom, under the GDPR and applicable data protection laws, these rights may include:

The right to access personal data held about you
The right to request correction or deletion of your data
The right to object to or restrict certain types of processing
The right to data portability
The right to lodge a complaint with a supervisory authority in your country

Since most data is held by third-party providers, requests should primarily be directed to them. However, you are welcome to contact me and I will assist where possible. I will respond within 30 days.

Children's Privacy

The Apps and the Site are not directed at children under the age of 16. I do not knowingly collect personally identifiable information from anyone under 16. If you are a parent or guardian and believe your child has provided personal data through the Service, please contact me and I will take steps to address it.

Links to Other Websites

The Apps may open links to third-party websites in an external browser. I have no control over and assume no responsibility for the content or privacy practices of those sites. I encourage you to review the privacy policy of any external site you visit.

Security

I rely on the security infrastructure of Google, Strava, Garmin, and TMDB for the processing done through their respective services. Authentication tokens are stored locally on your device. No method of electronic storage or transmission is 100% secure, and I cannot guarantee absolute security.

Changes to This Policy

I may update this Privacy Policy from time to time, for example when new third-party integrations are added to the Apps. When I do, I will revise the "Last updated" date at the top of this page. Continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

Contact

If you have any questions or concerns about this Privacy Policy, you can contact me:

Email: gimena@gcraft.com.ar
Website: gcraft.com.ar