Privacy Policy for Offline Sport Tracker
Last updated: July 12, 2026
This Privacy Policy applies to the Android app “Offline Sport Tracker”, which may be offered under translated names in other languages and is uniquely identified by the package name com.androho.sporttracker, in its current version and, where technically applicable, to older versions that remain installed.
Individual features, services, permissions or privacy options may vary depending on the app version, Android version, device configuration, region and user selection. We recommend keeping the app up to date so that the latest features, security improvements and privacy options are used.
1. Controller
The controller responsible for data processing is:
Androho Software – Matthias Höpfler
Ziegelweg 1
84164 Moosthenning
Germany
Email: info@androho.com
Website: www.androho.com
2. General data processing in the app
The app is designed to record, display, evaluate and manage sports and outdoor activities, such as running, hiking, cycling or walking. The app can generally be used without creating a user account with Androho Software. No account is created with Androho Software.
The workout database is generally stored locally on the device. Androho Software does not operate its own cloud storage for this app to which workout, location or heart-rate data are uploaded automatically. Such data are transmitted only when users choose to use an optional feature provided for this purpose, particularly the Google Drive backup.
Depending on how the app is used, the following data may in particular be processed locally:
- precise and approximate location data during a started recording
- recorded route points and timestamps
- sport type, workout start, workout end and workout duration
- distance, speed, average speed and pace
- steps and workout values derived from them
- calorie and statistical values
- heart-rate values optionally read from Health Connect
- app settings, map and download status, and other locally stored functional states
Purely local processing and storage of these data do not give Androho Software automatic access to them.
3. Services and technical components used
The app may use the following services and technical components:
- Android and Google Play services for determining location
- Health Connect for optional access to heart-rate data
- Google Drive API for optional backups in the user’s own Google Drive
- MapLibre for map rendering
- OpenStreetMap as the source of the map data used
- Cloudflare for providing map styles, map files and downloads
- Google AdMob for displaying advertisements
- Google User Messaging Platform for consent and privacy management
- Google Play Billing for an optional Premium subscription
Under the current implementation, the app uses neither Firebase Analytics nor Firebase Crashlytics. However, diagnostic, interaction and device information may be processed through Google AdMob while advertising is active.
4. App permissions
Depending on the Android version, app version and feature used, the app may use the following permissions:
Precise and approximate location
The permissions ACCESS_FINE_LOCATION and ACCESS_COARSE_LOCATION are used to record a sports or outdoor activity started by the user, display the route travelled and calculate workout values such as distance, speed and pace. Location permissions are requested at runtime.
Location foreground service
The permissions FOREGROUND_SERVICE and FOREGROUND_SERVICE_LOCATION are required so that an active GPS recording can continue with a visible system notification when the screen is switched off or the app is not displayed in the foreground. The app does not request permission for unnoticed, permanent background location tracking. Recording takes place only as part of an activity started by the user.
Data-sync foreground service
The permission FOREGROUND_SERVICE_DATA_SYNC may be used for longer-running data operations initiated by the user, particularly offline-map downloads and backup or restore operations.
Keeping the device active during a recording
The permission WAKE_LOCK may be used during an active recording so that location updates and workout data can be processed reliably even when the screen is switched off. The lock is released after the relevant feature is paused or stopped.
Exemption from battery optimisations
Using REQUEST_IGNORE_BATTERY_OPTIMIZATIONS, the app may open an Android system dialog through which users can voluntarily allow an exemption from certain battery optimisations. This may be necessary on devices with particularly aggressive power-saving controls to prevent an active GPS recording from being interrupted. The decision remains with the user and can be changed in the Android system settings.
Notifications
The permission POST_NOTIFICATIONS is used from Android 13 onwards, in particular to display the visible notification for an active GPS recording or another active foreground service.
Internet and network status
The permissions INTERNET and ACCESS_NETWORK_STATE are used for online maps, map downloads, Google Drive backups, advertising, consent management, Google Play Billing and the technical communication required for these services.
Google Play Billing
The permission com.android.vending.BILLING is used for the optional Premium subscription and for checking or restoring the purchase status.
Activity recognition and step counting
From Android 10 onwards, the permission ACTIVITY_RECOGNITION may be used to obtain step information from the device’s step counter during an active workout. The permission is requested at runtime. The app can also be used without a step counter or without this permission.
Health Connect
The permission android.permission.health.READ_HEART_RATE is used only when users activate the optional Health Connect feature and permit access. This allows heart-rate values corresponding to a recorded activity to be read from Health Connect and stored in the local workout database.
Advertising ID
The permission com.google.android.gms.permission.AD_ID may be included in the final app manifest by the Google Mobile Ads SDK. It may be used for AdMob advertising and associated measurement, security and fraud-prevention functions where technically and legally permissible. When a Premium subscription is active, no ads are requested and, according to the intended operation of the app, the Google Mobile Ads SDK is not initialised.
5. GPS recording, location and workout data
A GPS recording starts only when users expressly start an activity. During the recording, the app may retrieve precise location data and use them to calculate a route and workout values.
The following data may in particular be processed:
- latitude and longitude
- time of a location point
- accuracy and, where applicable, altitude
- distance travelled
- speed, average speed and pace
- duration, pauses and sport type
- statistics calculated from the measured values
The purpose of this processing is to provide the recording started by the user, display the route and calculate the workout evaluation.
The recorded route is generally stored locally in the app database. It is not transmitted to Google Maps for map rendering because the app does not use the Google Maps SDK. Workout data are transmitted to Google Drive only when users activate the optional Drive backup feature.
Location determination may technically be provided by Android and Google Play services. Depending on the device settings, GPS, Wi-Fi, mobile-network or other location sources provided by the operating system may be used.
6. Step counting and workout evaluation
If the device has a compatible step counter and users grant the required permission, the app may collect step information during an active recording.
The step count and values calculated from it are assigned to the relevant activity and stored locally in the workout database. The automatic evaluation of distance, duration, speed, pace, steps, calories and comparable workout values is generally carried out on the device.
The app remains usable without a step counter or without permission for activity recognition.
7. Health Connect and heart-rate data
Connecting to Health Connect is voluntary and is not required by default. The app reads heart-rate data only after users expressly activate the feature and grant the relevant Health Connect permission.
The following data may be processed:
- heart-rate values in beats per minute
- the times of the respective heart-rate measurements
- the assignment of the values to a recorded activity
The sole purpose is to supplement, display and evaluate the respective sports activity. Heart-rate data obtained through Health Connect are not used for advertising, ad personalisation or user profiles and are not transmitted to Google AdMob or Cloudflare.
The heart-rate values read are stored in the local workout database together with the relevant activity. If users activate the optional Google Drive backup, these values may form part of the backed-up workout database.
Health Connect is provided by Android or Google. Users can manage or revoke granted permissions at any time in Health Connect or the Android settings. Revoking a permission prevents future access but does not automatically delete heart-rate values already transferred to the local app database. Values already stored can be removed by deleting the relevant activity, deleting the local app data or uninstalling the app.
Heart-rate data are personal and particularly sensitive health or fitness data. Where the GDPR applies, their processing is based on the user’s explicit and voluntary activation and permission pursuant to Article 6(1)(a) in conjunction with Article 9(2)(a) GDPR.
8. Maps, MapLibre, Cloudflare and OpenStreetMap
The app uses MapLibre to display maps. MapLibre is a map-rendering component and does not automatically transmit the complete workout database to Androho Software.
The maps used are based on data from OpenStreetMap. Map styles and map files, in particular PMTiles files or comparable map resources, are provided through Cloudflare services used by Androho Software. The app therefore generally does not retrieve map data directly from servers operated by the OpenStreetMap Foundation.
When online maps are used or offline maps are downloaded, the following technical data may in particular be transmitted to Cloudflare:
- IP address and the approximate region that can be inferred from it
- time and duration of the request
- requested map styles, map files, zoom levels or map sections
- HTTP and connection information
- device, operating-system, app or user-agent information, to the extent technically transmitted
- error, security and abuse-prevention information
The requested map sections may allow conclusions to be drawn about the geographical area displayed in the app or selected for an offline map. The complete recorded GPS route is not deliberately transmitted to Cloudflare as a workout data record.
Offline maps are downloaded only after a corresponding user action and are stored locally. After downloading, they can be used without a new map request. GPS recording generally works without an online map or a downloaded offline map.
The purposes of processing by Cloudflare are the delivery, acceleration, availability and protection of map files, as well as the prevention of misuse and attacks. Further information is available in the Cloudflare Privacy Policy.
The map data are provided by OpenStreetMap contributors and are used under the licence terms stated there.
9. Local backups and restoration
The app may provide a local backup and restore feature. This creates a backup file in a storage location selected by the user or reads a backup file from such a location.
Depending on the available data, a local backup file may in particular contain:
- workout and route data
- precise GPS track points
- step, distance, speed, calorie and statistical values
- optionally stored heart-rate values
- app settings and metadata required for restoration
Local backups are not automatically transmitted to servers operated by Androho Software. Users determine the storage location and manage the file themselves. The confidentiality and security of an exported backup file therefore also depend on the selected storage location, the device settings and whether a device lock has been configured.
10. Optional Google Drive backup
Users may voluntarily activate a backup of the workout database in their own Google Drive. For this purpose, the app uses the OAuth scope drive.appdata, which is limited to app data. This allows the app to create, read, update or delete backup files in a special app-data area intended for this app and hidden from the normal Google Drive file view.
In connection with this feature, the following data may in particular be processed and transmitted to Google Drive:
- the backup file containing the data described in Section 9
- file name, file size, modification time and technical file metadata
- OAuth access tokens and technically required authorisation information
- IP address, connection, device and security information processed by Google to provide the service
For this feature, the app does not request general access to all visible files in the user’s Google Drive. It also does not request permission to retrieve the user’s name, email address or profile picture. We receive neither the user’s Google password nor complete payment or sign-in credentials.
The Google Drive backup is optional. Users can use the app without a Drive connection. Access can be revoked at any time in the app or Google Account settings. Revocation prevents future access but does not necessarily remove app data already stored. Hidden app data can be deleted through the Google Drive settings in the area for managing connected apps.
Androho Software does not receive its own administrative access to the user’s personal Google Drive or the backup files stored there. Google’s Privacy Policy additionally applies to processing carried out by Google.
11. Advertising with Google AdMob
The free version of the app may use Google AdMob to display advertisements. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
In this context, the following data may in particular be collected, processed and shared with Google:
- IP address and the approximate location derived from it
- device and app IDs, including the Advertising ID or App Set ID, where available and permitted
- app interactions such as app launches, taps and ad interactions
- device, operating-system and app information
- diagnostic and performance data, such as app start time, hanging rate or energy consumption
- ad impressions and information concerning ad delivery
- fraud-prevention, security and compliance data
The purposes of processing are:
- displaying and technically delivering advertisements
- personalising advertisements where users have provided the relevant consent
- measuring and analysing advertising performance
- limiting and controlling advertisements
- fraud prevention, security and compliance
- financing and further developing the app
The app does not deliberately transmit recorded GPS routes, workout data or heart-rate values read from Health Connect to AdMob and does not use these data for ad personalisation.
In regions where consent is required, ad delivery is based on the consent status determined through the Google User Messaging Platform. Without consent, non-personalised, limited or purely technically delivered ads may be used where technically and legally permissible. Certain technical processing may also be necessary for ad delivery, security, fraud prevention and compliance in connection with non-personalised or limited advertising.
According to the intended operation of the app, no advertising is displayed while a GPS recording is actively running.
When a Premium subscription is active, no ad requests are made and, according to the intended operation of the app, the Google Mobile Ads SDK is not initialised.
The legal basis for personalised advertising and associated access to stored information is Article 6(1)(a) GDPR where the GDPR applies and consent is required. For technically necessary ad delivery, limited advertising, security, fraud prevention and misuse detection, Article 6(1)(f) GDPR may apply where legally permissible.
12. Consent management with the Google User Messaging Platform
The app uses the Google User Messaging Platform (UMP) to determine whether a consent or privacy dialog must be displayed for the respective user and to manage the corresponding privacy decisions for advertising.
Depending on the region, app version, device configuration and Google configuration, a dialog may be displayed for personalised advertising, non-personalised advertising, limited advertising or other privacy options. Ad requests are made only after the consent status has been checked and UMP or Google’s advertising configuration permits ads to be requested.
Users may grant or refuse consent. Where Google requires or provides a permanently accessible entry point for privacy options, decisions can later be changed through the corresponding feature in the app.
UMP may process technically necessary information concerning consent status, regional classification, app and device configuration, and dialog delivery. The provider is Google Ireland Limited.
13. Premium subscription and Google Play Billing
The app may offer an optional Premium subscription through Google Play Billing, particularly for ad-free use.
Payment processing is carried out through Google Play. Androho Software does not receive complete payment details such as credit-card or bank-account information.
However, the app and Google Play Console may process or display technical purchase and subscription information where this is required for purchase processing, activation, restoration, management, support, fraud prevention, accounting or legal documentation obligations. This may include:
- purchase or subscription status
- product ID
- order or renewal time
- price and currency
- country or region
- order, purchase or transaction identifiers
A subscription is voluntary. Purchase-related data are processed only when users complete a purchase, restore a purchase or when a corresponding status check is required.
The legal bases are Article 6(1)(b) GDPR for contractual performance and activation, Article 6(1)(c) GDPR for legal obligations, and Article 6(1)(f) GDPR for support, evidence and fraud prevention.
14. No proprietary analytics or crash-reporting services
Under the current implementation, the app does not use Firebase Analytics, Firebase Crashlytics or a comparable proprietary analytics or crash-reporting service.
Independently of this, Google Play may process and provide the developer with technical, aggregated or Google-provided information concerning installations, uninstalls, device categories, stability, crashes, ANRs, ratings, purchases and revenue through the Play Store, Android Vitals and Play Console. This processing takes place as part of the Google Play platform and not through an Analytics or Crashlytics service activated in the app by Androho Software.
15. Recipients and categories of recipients
Depending on the region, consent status and feature used, data may be transmitted to the following recipients or categories of recipients:
- Google Ireland Limited and Google LLC
- Google Play services and Android system services for the technical provision of location, subscription and system functions
- Health Connect, where users activate access to heart-rate data
- Google Drive, where users activate the optional backup feature
- Google AdMob, where the advertising-supported version of the app is used
- Google User Messaging Platform for managing consent and privacy options
- Google Play and its payment and processing services, where the Premium subscription is concerned
- Cloudflare, Inc. and Cloudflare subprocessors used to provide and protect map resources
- local storage or backup services selected by users themselves when they export a backup file to such a service
The OpenStreetMap Foundation generally does not receive direct app requests during normal map use because the map files used are delivered through the Cloudflare infrastructure used by Androho Software.
16. Transfers to third countries
When Google and Cloudflare services are used, personal data may be processed in or transferred to countries outside the European Union or the European Economic Area, particularly the United States.
Such transfers may be based on appropriate safeguards, such as an adequacy decision, the EU-U.S. Data Privacy Framework, Standard Contractual Clauses or other mechanisms provided for by law.
17. Storage periods and deletion
Local workout, location, step, heart-rate, settings and other app data generally remain stored on the device until users delete them within the app, remove the app data through the Android settings or uninstall the app.
Revoking a location, activity-recognition or Health Connect permission prevents future access but does not automatically delete data already stored in the local workout database.
Local backup files remain at the storage location selected by the user until the user deletes or overwrites them.
Google Drive backups remain stored in the app-specific Google Drive data area until they are deleted or overwritten through the app or Google Drive management, or until the user removes the associated hidden app data. Merely revoking access to the Google Account prevents future access but does not necessarily delete backup files that already exist.
Cloudflare may store technical request, security and log data in accordance with the services used, account settings, security requirements and legal obligations. The specific storage period may vary depending on the type of data and Cloudflare service.
AdMob data, advertising reports and associated technical data are stored in accordance with the applicable Google policies, account settings, security requirements and legal obligations. Storage periods may vary depending on the type of data and purpose of processing.
Google Play purchase, payment, billing and order data may be retained in accordance with statutory retention periods, Google policies and billing requirements.
18. Data security
Online connections to Google Drive, Cloudflare, Google AdMob, the Google User Messaging Platform and Google Play are generally established using encrypted HTTPS or TLS connections.
Workout and location data are stored in the local app database within the app storage area protected by Android. The actual security of local data also depends on the Android version, device security, whether a screen lock has been configured, possible root access and the general security status of the device.
Exported local backup files are stored outside the app’s internal storage. Users should therefore choose a trustworthy storage location and adequately protect access to the device or backup storage.
Google Drive backups are stored in the user’s Google Account. The app does not use intermediate storage operated by Androho Software for the backup file. Unless the app offers additional end-to-end encryption, protection of the file stored in Google Drive depends in particular on Google’s security measures and account settings and on the security of the user account.
19. Legal bases for processing
Where applicable, personal data are processed on the following legal bases:
| Processing | Legal basis |
|---|---|
| Local GPS recording, workout evaluation, step counting, statistics and local storage | Article 6(1)(b) GDPR for providing the app features initiated by the user |
| Optional Health Connect connection and processing of heart-rate data | Article 6(1)(a) in conjunction with Article 9(2)(a) GDPR, based on express voluntary activation and permission |
| Local backup and restoration | Article 6(1)(b) GDPR for providing the backup feature requested by the user |
| Optional Google Drive backup of general workout and location data | Article 6(1)(b) GDPR for providing the voluntarily activated backup feature |
| Inclusion of stored heart-rate data in an optional Google Drive backup | Article 6(1)(a) in conjunction with Article 9(2)(a) GDPR, based on voluntary activation of Health Connect and backup |
| Provision of map styles, online maps and offline-map downloads through Cloudflare | Article 6(1)(b) GDPR for providing the selected map feature; Article 6(1)(f) GDPR for security, availability and misuse prevention |
| Personalised advertising and associated access to stored information | Article 6(1)(a) GDPR where consent is required |
| Technical ad delivery, limited or non-personalised advertising, ad measurement, fraud prevention, security and compliance | Article 6(1)(a) GDPR where consent is required; otherwise, only where legally permissible, Article 6(1)(f) GDPR |
| Premium subscription through Google Play | Article 6(1)(b) GDPR for contractual performance and activation; Article 6(1)(c) GDPR for statutory retention obligations; Article 6(1)(f) GDPR for support, evidence and fraud prevention |
| Compliance with legal obligations, accounting and documentation requirements | Article 6(1)(c) GDPR |
Where processing is based on Article 6(1)(f) GDPR, our legitimate interests lie in particular in the secure and reliable technical provision, financing and improvement of the app, the availability of map content, fraud prevention, support and misuse detection.
20. User rights
Subject to the requirements of the GDPR, you have the following rights in particular:
- right of access
- right to rectification
- right to erasure
- right to restriction of processing
- right to data portability
- right to object to certain processing
- right to withdraw consent with effect for the future
- right to lodge a complaint with a data protection supervisory authority
To submit a privacy-related request, please contact us at:
Please note that workout, location, step and heart-rate data are generally stored locally on your device or, where voluntarily activated, in your own Google Drive. Androho Software normally has no access to these data and therefore cannot centrally display, correct or delete them for you.
Local data can be removed using the deletion features in the app, by deleting the app data in the Android settings or by uninstalling the app. Local backup files must be deleted at the selected storage location.
Health Connect permissions can be revoked in Health Connect or the Android settings. Copies of heart-rate values already stored in the app must additionally be removed by deleting the relevant activity or the local app data.
Access to Google Drive can be revoked in the Google Account settings. Hidden app data can be deleted through the Google Drive settings in the area for managing apps.
Where data are processed directly by Google as an independent controller, you may also exercise your rights directly against Google. This applies in particular to Google Account, Drive, payment, advertising and Play data.
Statutory retention obligations, particularly for purchase, billing, tax or accounting data, may mean that certain data cannot be deleted immediately.
21. Changing consent and privacy options
Where a consent dialog or an entry point for privacy options is displayed, consent for advertising can be granted, refused or changed later. Changes can be made through the corresponding privacy feature in the app, where available depending on the region, app version and Google configuration.
The Health Connect connection and Google Drive access are independent of advertising consent. These optional features can each be activated, revoked or disconnected separately.
Withdrawal of consent takes effect for the future. It does not affect the lawfulness of processing carried out on the basis of consent before the withdrawal.
Users can also manage the Advertising ID, personalised advertising, Google privacy settings, Health Connect permissions and connected apps in the Android or Google settings.
22. No medical function and no automated decision-making
The app is not a medical device. It is intended for recording and general evaluation of sports and outdoor activities and does not provide medical diagnoses, treatment recommendations or other medical services. Heart-rate and calorie values may be inaccurate or incomplete depending on the device, sensor, data source and calculation.
Androho Software does not use workout, location or heart-rate data processed by the app for its own automated decision-making or profiling that produces legal effects concerning users or similarly significantly affects them. Advertising services may use their own processes to select and personalise ads depending on consent; however, the app does not transmit GPS routes or Health Connect heart-rate data for this purpose.
23. Changes to this Privacy Policy
We may amend this Privacy Policy if the app’s features, services used, permissions, legal requirements or technical processes change. The current version will be made available on our website.
Androho Software