Stride7 Privacy Policy
Last updated: 8 May 2026
Operator: STRIDE LT, VŠĮ (“we”, “us”, “Stride7”)
Address: Vilkpedės g. 22, Vilnius 03151, Lithuania
Contact: stridelapple@gmail.com
This Privacy Policy describes how Stride7 (“the App”) collects, uses, and shares information when you use the Stride7 mobile application (Android: com.stride7; iOS: com.stride7) and related services. By using Stride7, you agree to the collection and use of information in accordance with this policy.
1. Information we collect
1.1 Account information
When you sign up for Stride7, we collect:
• Email address — used as your login identifier and for account-related communications (email verification, password reset, important service notices).
• Password — stored as a cryptographic hash by Firebase Authentication. We never see or store your plaintext password.
• Display name — optional, shown on your profile and to other Stride7 users.
1.2 Activity data
When you use Stride7 to record or join activities, we collect:
• Activities you create or join — title, description, date/time, location (route), participants, group association.
• Comments — text you post on activities or groups.
• Group memberships — groups you create or join.
• Activity participation events — start, finish, fail status; route history during the activity.
1.3 Location data
Stride7 collects your device’s location:
• Foreground location (ACCESS_FINE_LOCATION, ACCESS_COARSE_LOCATION on Android; NSLocationWhenInUseUsageDescription on iOS): when the app is open, to display nearby activities, plot your current position on the map, and assist with location-based searches (e.g., places autocomplete during activity creation).
• Background location (ACCESS_BACKGROUND_LOCATION on Android; NSLocationAlwaysUsageDescription on iOS, with UIBackgroundModes: location capability): only while you are actively participating in an activity, to record your route uninterrupted even when your screen is locked or the app is minimized. Background location collection stops as soon as the activity ends.
Location data is stored in our ActivityParticipantLocations Firestore database collection, associated with your account, and used solely to:
• Display your route on activity maps.
• Share your real-time progress with other participants in the activity.
• Calculate activity statistics (distance, duration, route).
We do not use location data for advertising, third-party data brokering, or any purpose unrelated to activity tracking.
1.4 Push notification tokens
If you enable push notifications, we collect a Firebase Cloud Messaging (FCM) device token to send activity reminders, invitations, and other in-app notifications. You can disable notifications anytime in your device settings or in Stride7 → Settings.
1.5 Email queue
When Stride7 needs to send transactional emails (e.g., activity invitations, password resets, account notifications), the message is written to our mail Firestore collection and processed by the Firebase Extensions Trigger Email integration. We do not retain message bodies after sending; metadata (recipient, timestamp, subject) may be retained for delivery diagnostics.
1.6 Information we do NOT collect
• Contacts or phone book.
• Photos/media library outside files you actively upload.
• Microphone or camera (unless you actively grant permission for a specific feature).
• SMS or call logs.
• Calendar.
• Health/fitness data from device sensors (heart rate, steps) — Stride7 does not integrate with Apple HealthKit or Google Fit at this time.
2. How we use your information
We use the information collected to:
• Provide core app functionality (activities, groups, comments, participation tracking).
• Authenticate you and protect your account.
• Send transactional notifications (activity reminders, invitations, status updates).
• Display your profile, activities, and contributions to other Stride7 users (per privacy settings).
• Detect and prevent abuse, spam, or violations of our Terms of Service.
• Improve app stability through crash reporting.
• Comply with legal obligations (e.g., responding to lawful requests from authorities).
3. How we share your information
We share information in the following limited circumstances:
3.1 With other Stride7 users
• Profile data (display name) is visible to other authenticated users.
• Activities and groups are visible per their privacy settings (public, private, group-restricted).
• Activity participation, location data, and comments are visible to other participants in the same activity.
3.2 With service providers
We use the following third-party services to operate Stride7:
• Google Firebase (Cloud Firestore, Authentication, Cloud Functions, Cloud Messaging) — backend infrastructure. Data shared: account, activity, location, FCM token.
• Mapbox — map tiles and route visualization. Data shared: map view requests (no PII, just tile coordinates).
• Google Maps Platform (Places API) — location autocomplete during activity creation. Data shared: search query, approximate location (foreground only).
• Firestore Send Email Extension — transactional emails. Data shared: recipient email, message subject and body.
Each provider operates under its own privacy policy. We do not sell your data to any third party.
3.3 With law enforcement
We may disclose information when required by law (court order, lawful subpoena, regulatory inquiry), or when we believe in good faith that disclosure is necessary to protect rights, safety, or property.
4. Data retention
• Account data and activity data: retained while your account is active. Upon account deletion, we initiate removal of associated data within 72 hours via our auth-user-delete Cloud Function. Some metadata may be retained briefly in audit logs and backups (up to 30 days).
• Location data: retained as part of activity history. Deletion follows account deletion.
• Email queue: processed and removed after delivery; metadata retained for diagnostics up to 30 days.
5. Your rights
Stride7 is offered to users in the European Union and European Economic Area (including Lithuania). Under the EU General Data Protection Regulation (GDPR), you have the following rights:
• Access — request a copy of your personal data.
• Rectification — request correction of inaccurate data.
• Erasure — request deletion of your data (“right to be forgotten”).
• Restriction of processing — limit how we use your data.
• Data portability — receive your data in a machine-readable format.
• Objection — object to processing for direct marketing or legitimate-interest grounds.
• Withdrawal of consent — withdraw consent at any time.
To exercise these rights, contact us at stridelapple@gmail.com. We respond within 30 days.
5.1 All users
• Account deletion: Settings → Delete account. Triggers our auth-user-delete Cloud Function for full data removal within 72 hours.
• Permission revocation: Device Settings → Apps → Stride7 → Permissions; revoke Location, Notifications, etc. anytime.
• Notification opt-out: Settings → Notifications.
6. Security
We use industry-standard security practices:
• HTTPS/TLS for all client-server communication.
• Firebase Authentication for credential storage (passwords are hashed).
• Firebase Security Rules restrict data access to authenticated users.
• Cloud Functions run with least-privilege service accounts.
• Backend infrastructure (Google Cloud Platform) operates SOC 2, ISO 27001, GDPR-compliant data centres in europe-central2 (Cloud Functions) and europe-west3 (Firestore database).
We cannot guarantee absolute security; please use a strong, unique password for your Stride7 account.
7. Children’s privacy
Stride7 is intended for users 13 years and older. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information without parental consent, contact us at stridelapple@gmail.com and we will delete the account.
8. International transfers
Stride7 stores data in Google Cloud Platform’s european data centres (Firestore database in europe-west3, Cloud Functions in europe-central2). Some service providers (Mapbox, Google Maps Platform) may transfer data to other regions in accordance with their respective privacy policies; we ensure adequate safeguards (Standard Contractual Clauses or equivalent) for such transfers.
9. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated via in-app notification and updated “Last updated” date. Continued use of Stride7 after policy changes constitutes acceptance.
10. Contact us
For privacy-related questions, requests, or complaints:
• Email: stridelapple@gmail.com
• Address: STRIDE LT, VŠĮ, Vilkpedės g. 22, Vilnius 03151, Lithuania
• EU/UK Data Protection Authority: if you reside in the EU or UK and believe we have not handled your data appropriately, you may complain to your local Data Protection Authority.
This Privacy Policy is effective as of 8 May 2026.