This Privacy Policy describes how CronZeno (“we“, “our“, “the app“) collects, uses, and protects your information when you use the CronZeno mobile/desktop application and the CronZeno.com website and online services.
Last updated: 2026-05-04
1. Cronzeno App – Offline Features
1.1 Data stored locally
All application data created by offline use — including race details, track information, GPS recordings (.gpx files), and athlete profiles — is stored exclusively on your local device, inside the app’s private documents folder.
CronZeno does not transmit or process offline data externally. No telemetry, analytics, or crash-reporting libraries are included.
1.2 Location data (GPS)
The app requests access to your device’s GPS location strictly for:
- Track recording – creating .gpx files of your activities.
- Real-time display – showing your position on the map during recording.
GPS access is requested only while the app is in use (or in the background when an active recording session is running). Location data is converted immediately into track files and never sent to external servers unless you explicitly publish content (see §3).
1.3 Deleting local data
You can delete any race, track, or GPX file from within the app at any time. Uninstalling the app permanently removes all locally stored data.
1.4 Data Sharing
No data is shared or transmitted from your device to external servers or third parties by CronZeno App without your explicit action. You retain full control over your data. Any sharing of files (e.g., GPX tracks, PDF reports, CSV exports) is initiated solely by you, the user, through your explicit choice and action within the application (e.g., using a “share” or “export” function).
CronZeno is not responsible for the privacy practices of any third-party applications or services you may use to share your data.
No Author Responsibility for Shared Data
The authors, contributors, and distributors of CronZeno hold no responsibility or liability for any data that you choose to share outside of the CronZeno application environment. Your decision to export or share files with other applications or services is entirely at your own discretion and risk.
2. CronZeno App – Online Account (Optional)
Creating an online account is entirely optional. Offline features work without any account. If you choose to register, the following applies.
2.1 Authentication provider
Online accounts are managed via Supabase (supabase.com), a GDPR-compliant cloud database and authentication platform. Data is stored in the EU region (eu-central-1).
2.2 Data collected at registration
| Data | Purpose | Visibility |
|---|---|---|
| Email address | Authentication, account recovery | Private – only you and the system |
| Public alias (chosen by you) | Your public display name in shared content | Public when you publish content |
| Password (hashed) | Authentication | Never readable – stored as a secure hash |
We do not collect your real name, phone number, address, or payment information.
Consent
By creating an account you explicitly confirm you have read and accepted this Privacy Policy. This consent is recorded with a timestamp at the moment of registration.
3. Online Features – Data Published Voluntarily
Once you have an account you can choose to publish content online. Publishing is always an explicit, opt-in action. The following data may be stored on Supabase servers when you publish:
3.1 Public Racetracks
- Track name, description, sport type, location label
- Sector/line geometry (JSON)
- GPX file stored in Supabase Storage (private bucket, accessible only to authenticated users with the direct link)
3.2 Public Races
- Race name, dates, status, number of laps
- Run results: athlete name, nationality, team, split times, total time, average speed
- GPX route files for each run, stored in Supabase Storage
Note: athlete names appearing in results are data you enter manually. Do not enter personal data of third parties without their consent.
3.3 Team Management
- Team code and the user ID of the declared team manager are stored in a remote table.
- Athlete join requests (user IDs, team code, request status) are stored in a remote table.
- All team data is accessible only to the involved parties (Row-Level Security enforced at database level).
3.4 Un-publishing
You can un-publish any racetrack or race at any time from within the app. This sets the record to private; associated GPX files are deleted from Storage. Other users’ copies of downloaded data are outside our control.
4. Data Access and Security
- All database tables use Row-Level Security (RLS): each user can read only their own private data plus content explicitly marked as public by its owner.
- All communication between the app and Supabase is encrypted via HTTPS/TLS.
- Authentication uses the PKCE flow; access tokens are short-lived and stored securely on the device.
- We do not sell, rent, or share your personal data with third parties for marketing purposes.
- Supabase may process data as a sub-processor under its own Privacy Policy and Data Processing Agreement.
5. Your Rights (GDPR)
If you are located in the European Economic Area you have the following rights:
- Access – request a copy of the personal data we hold about you.
- Rectification – correct inaccurate data (e.g. change your alias).
- Erasure (“right to be forgotten”) – request permanent deletion of your account and all associated data (see §6).
- Portability – receive your data in a machine-readable format.
- Objection / Restriction – object to or restrict certain processing.
- Withdrawal of consent – you may withdraw consent at any time by deleting your account.
To exercise any of these rights, contact us at support@cronzeno.com.
6. Account and Data Deletion
To permanently delete your online account and all associated data:
- Open the app → Profile tab → Online tab → tap Sign Out.
- Send a deletion request to support@cronzeno.com from the registered email address.
We will delete your authentication record, personal data, and online content (races, tracks, memberships) within 30 days of receiving the request. GPX files in Storage will be removed in the same timeframe. Anonymised aggregate statistics may be retained.
7. Website
The website uses standard web server logs (IP address, browser type, pages visited) for security and diagnostic purposes. These logs are retained for 30 days and are not used for profiling.
No third-party advertising or tracking scripts are used on the website. Registered website users (blog/community area) are subject to the same data handling principles described above.
8. Children
CronZeno is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy to reflect changes in the app’s features or legal requirements. The “Last updated” date at the top will be revised accordingly. We will notify registered users of material changes via in-app notification or email.
10. Contact
For any questions, requests, or concerns regarding this Privacy Policy: