Skip to content

Privacy Policy

Last updated: May 20, 2026

Privacy Policy

Last updated: 2026-05-20

This Privacy Policy describes how Felix Thron ("we", "us", or "our") collects, uses, and protects your information when you use the Interval Timer mobile application ("App").

1. Information We Collect

1.1 Account Information

No account required. Interval Timer is fully anonymous. We do not collect names, email addresses, phone numbers, or other personal identifiers.

1.2 Workout Data

When you use the timer for a workout:

  • Workout metadata (work duration, rest duration, rounds, round-by-round timing) is saved to Apple HealthKit on your device
  • Heart rate data is read from your paired Apple Watch during workouts via HealthKit
  • All workout data is stored in Apple's HealthKit database on your device
  • We do not store workout data on any server

1.3 Exercise Photos

If you create custom workout programs:

  • You may optionally capture photos of exercises using the camera
  • Photos are stored locally on your device via SwiftData
  • Photos are never uploaded, transmitted, or shared with any server or third party
  • Deleting a workout program removes all associated photos

1.4 User Settings

The App stores your preferences locally:

  • Timer settings (work duration, rest duration, number of rounds)
  • Audio and haptic preferences (voice announcements, sound alerts, haptic feedback)
  • Notification preferences (daily reminders)

Settings are shared between the iPhone app, Apple Watch app, and widgets via Apple's App Groups secure container on your device.

1.5 Apple Watch Data

If you use Interval Timer with an Apple Watch:

  • Timer settings are synced to your Watch via Apple's WatchConnectivity framework over local wireless
  • Heart rate is read from Watch sensors via HealthKit during workouts
  • No data is transmitted over the internet during Watch communication

1.6 Achievement Data

The App tracks workout milestones locally:

  • Workout streaks (consecutive days)
  • Badge achievements (e.g., "7-day streak", "30 workouts")
  • This data is stored in UserDefaults on your device and never transmitted

1.7 Analytics and Crash Data

When the App runs, Firebase Analytics and Firebase Crashlytics (see Section 3) collect the following, with no link to your identity:

  • Device ID: Firebase's anonymous installation token (not the IDFA, not your Apple ID, not linkable across apps).
  • Product Interaction: anonymous events for screen views and feature usage (e.g., "started workout", "opened settings").
  • Crash Data: stack traces and device state at the moment of a crash.
  • Performance Data: app launch time and similar non-personal performance traces.

These four data types are declared on the App Store listing under "Data Not Linked to You" and are not used to track you. No advertising identifier is collected. No user identifier is set. No HealthKit data is included.

1.8 Purchases

If you make an in-app purchase, Apple processes the transaction. We receive a purchase receipt from Apple's StoreKit to verify the purchase and unlock features on your device. Receipts contain the product identifier and transaction ID - no payment details, no name, and no email. Receipts are stored on-device. Apple's own privacy policy covers the payment itself: https://www.apple.com/legal/privacy/.

2. How We Use Your Information

We use collected information to:

  • Provide interval timer functionality
  • Log workouts to Apple HealthKit for your fitness history
  • Display workout statistics and achievement badges
  • Send local notification reminders (if enabled)
  • Deliver haptic alerts to your paired Apple Watch during workouts
  • Display timer status in widgets and Live Activities
  • Receive anonymous crash reports so we can fix bugs
  • Understand aggregate feature usage to prioritize improvements

3. Third-Party Services

Interval Timer uses two third-party SDKs from Google, hardened to minimize data collection. No advertising, no IDFA, no user identifiers, no cross-app tracking.

3.1 Firebase Analytics

We use Firebase Analytics, provided in the EEA by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), to understand which features are used and how the app performs in aggregate. The integration is hardened as follows:

  • The advertising identifier (IDFA) is disabled. The IDFA-free SDK variant is used.
  • No user ID is set. Each install is identified only by Firebase's anonymous installation token (IDFV-free), which Apple's nutrition label classifies as a Device ID.
  • Ad personalization, ad user data, and ad storage are disabled at the SDK level.
  • Event parameters are restricted to a fixed allowlist of enum values. No free-form text, no workout content, and no health data is ever sent.
  • Apple HealthKit data (heart rate, workout records, calories) is excluded by design and cannot reach Firebase per Apple App Store Review Guideline §5.1.3.

Data sent: anonymous app events (screen views, feature usage), session metadata, and bucketed counters (e.g., "0-10 workouts", "11-50 workouts"). Google's data handling: https://firebase.google.com/support/privacy.

Processing only occurs after your explicit consent under § 25 (1) TDDDG and Art. 6(1)(a) GDPR. You can withdraw your consent at any time in the App under Settings -> About -> Analytics.

3.2 Firebase Crashlytics

We use Firebase Crashlytics, provided in the EEA by Google Ireland Limited, to receive crash reports when the app stops unexpectedly. Reports contain device model, iOS version, the crash stack trace, and non-personal performance traces. No user identifiers, no workout data, and no HealthKit data are attached. Reports are sent only when the app crashes.

This processing is strictly necessary for service stability under § 25 (2) no. 2 TDDDG and is based on our legitimate interest in detecting and fixing software errors under Art. 6(1)(f) GDPR. You can disable crash reporting at any time in the App under Settings -> About -> Crash reports.

3.3 Apple HealthKit

The App reads heart rate data and writes workout records to HealthKit. This data stays in Apple's Health database on your device. HealthKit may sync data to other devices via iCloud if you have enabled Health data sync in iOS Settings - this is controlled by Apple, not by our App. HealthKit data is never sent to Firebase or any other third party.

3.4 Apple Notification Services

Local notifications are scheduled and delivered by iOS on your device. No push notification server is involved.

4. Data Storage and Security

  • Workout data is stored in Apple's HealthKit database (on-device, encrypted by iOS)
  • Custom workout programs and exercise photos are stored via SwiftData (on-device)
  • Settings and achievements are stored in UserDefaults via App Groups
  • Anonymous analytics and crash data described in Section 3 are processed on Google's Firebase infrastructure; no other external storage is used
  • Data on your device is protected by iOS Data Protection. Network traffic to Firebase is TLS-encrypted.

5. Data Retention and Deletion

  • Workouts: Stored in HealthKit indefinitely. Delete individual workouts from the History view or via the Apple Health app
  • Workout programs: Delete via the Programs view - this removes all associated exercises and photos
  • Settings: Persist for the lifetime of the app installation. Reset by deleting and reinstalling the app
  • Achievements: Stored until app is uninstalled
  • Anonymous analytics and crash data (Firebase): Retained for up to 14 months per Firebase default, after which records are automatically aggregated or deleted. Crash reports are discarded once stability analysis is complete.
  • Complete data removal: Uninstalling Interval Timer removes all app data. HealthKit workouts persist in the Health app and must be deleted separately if desired

6. Children's Privacy

Interval Timer does not knowingly collect data from children. The App does not require or collect any personal information regardless of age. In jurisdictions where the digital consent age is higher than 13 (e.g., Germany, 16 under GDPR Art. 8), users below that age should obtain parental consent before using the App.

7. Your Rights

Under GDPR (European Economic Area)

Data controller: Felix Thron, Kuglerstraße 22, 10439 Berlin, Germany. Contact via the email in Section 9.

Legal basis (Art. 6 GDPR + § 25 TDDDG):

  • Firebase Analytics (feature usage): consent under § 25 (1) TDDDG together with Art. 6(1)(a) GDPR. Disabled by default; only active after your explicit opt-in during onboarding. Withdraw at any time in the App under Settings -> About -> Analytics.
  • Firebase Crashlytics (crash reports): § 25 (2) no. 2 TDDDG ("strictly necessary" for service stability) together with Art. 6(1)(f) GDPR (legitimate interest in detecting and fixing software errors). Disable at any time in the App under Settings -> About -> Crash reports.
  • HealthKit data (workouts, heart rate): remains on your device and is not processed by us.

Your rights:

  • Access: workout history, settings, and achievements are visible inside the App. Anonymous analytics data is not linked to you and cannot be retrieved per-user.
  • Deletion: delete workouts in History, programs in Programs, or uninstall the App. Uninstalling stops all future analytics and crash reporting from your device.
  • Portability: export workouts as CSV via the share button in History.
  • Complaint: you may lodge a complaint with your national data protection authority. Our competent supervisory authority is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit, BlnBDI), Alt-Moabit 59-61, 10555 Berlin, https://www.datenschutz-berlin.de.
  • Withdrawing consent: to revoke or re-grant your Firebase Analytics consent, open the App and navigate to Settings -> About -> Analytics. To disable Crashlytics crash reports, navigate to Settings -> About -> Crash reports.

Right to object (Art. 21 GDPR): Where we process personal data on the basis of legitimate interests, you have the right to object at any time to that processing on grounds relating to your particular situation. Please send any objection to the email address listed in Section 9.

International transfers: Firebase Analytics and Crashlytics may process data on Google infrastructure outside the EU. Google is certified under the EU-US Data Privacy Framework; in addition, the European Commission's Standard Contractual Clauses (SCC) apply where required.

Under UK GDPR (United Kingdom)

The UK GDPR mirrors the EU GDPR. UK residents have the same rights listed in the EEA section above. Our competent supervisory authority for UK matters is the Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, SK9 5AF, UK, https://ico.org.uk.

Under CCPA (California)

Interval Timer does not sell personal information and does not share personal information for cross-context behavioral advertising. The Firebase SDKs are configured with ad personalization, ad user data, and ad storage disabled. No advertising identifier is collected.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be reflected in the "Last updated" date at the top of this page. Continued use of the App after changes constitutes acceptance of the updated policy.

9. Contact Information

If you have questions about this Privacy Policy, contact us at:

Felix Thron
Kuglerstraße 22
10439 Berlin
Germany
Email: felix@interval-timer.de

10. Website (interval-timer.de)

Sections 1-9 above describe the Interval Timer app. This website only hosts these informational pages (privacy policy, legal notice, support, FAQ). It sets no cookies, uses no analytics, and loads no third-party content - all assets are served from our own domain.

The website is hosted on Google Cloud Run, operated in the EEA by Google Cloud EMEA Limited (70 Sir John Rogerson's Quay, Dublin 2, D02 R296, Ireland), in the europe-west1 region (Belgium). To deliver each page and protect against abuse, the hosting infrastructure processes standard server-log data: your IP address, the date and time of the request, the requested URL, the HTTP status code, the referrer URL, and your browser's user-agent string. The legal basis is our legitimate interest in operating a secure, functional website (Art. 6(1)(f) GDPR). These logs are retained for up to 30 days and are not combined with other data or used to identify you. You may object to this processing on grounds relating to your particular situation (Art. 21 GDPR; see Section 7).

We have concluded a data processing agreement with Google pursuant to Art. 28 GDPR (Cloud Data Processing Addendum). Where log data is accessed from outside the EEA (e.g. by Google's US parent company Google LLC), the transfer is safeguarded by Google's certification under the EU-US Data Privacy Framework and, as a fallback, the European Commission's Standard Contractual Clauses (SCCs).