Back to home

Privacy Policy

Last updated: May 31, 2026

Swimlog is a training log for swimmers. This policy explains what we collect, why, and the control you have. The short version: your log lives on your device first, we run no ads, analytics or trackers, and you can delete everything whenever you like.

1. Who we are

The controller of your personal data is Edward Baltaza (sole proprietorship), NIP 8212577665, ul. Lindleya 16, 02-013 Warsaw, Poland — trading as Swimlog, a Monaro Studio product. You can reach us about anything in this policy at edward@swimlog.dev.

"Swimlog", "we", "us" and "our" mean the controller above. "App" means the Swimlog mobile application for iOS and Android. "You" means the person using the App.

2. The data we process

What we hold depends on how you use the App:

  • Account & identity. Your email address and a password (handled by our authentication provider — we never see or store your password ourselves), plus a unique account identifier. This is required to create an account and sign in.
  • Swimmer profile. Your @handle, display name and initials, preferred stroke, pool type, weekly distance target, display units, your primary event and goal time, an avatar seed, your account start date, and — optionally — sex, which is used only to compare your times against the correct race-time standards.
  • Training data. The workouts, sets, intervals, effort/RPE, equipment and notes you log; your personal bests; reusable workout templates; and the meets and results you plan and record.
  • Teams data. If you create or join a team: the team name and join code, membership and role, and — subject to your sharing setting (see §6) — training summaries you contribute to that team.
  • On-device preferences. Settings such as your theme, notification opt-ins and onboarding state. These live only on your device and are not sent to us.
  • Support messages. If you email us, we keep the message and your contact details so we can help and keep a record of the request.
  • Limited technical data. When cloud sync is on, our backend processes the standard connection data needed to operate and secure a network service (such as IP address and timestamps in server logs).

3. What we do not do

We've kept Swimlog deliberately quiet:

  • No advertising and no ad networks.
  • No third-party analytics, telemetry or tracking SDKs. Swimlog contains no Google Analytics, Facebook SDK, Sentry, Firebase, or similar.
  • No advertising identifiers and no cross-app tracking. We don't access the IDFA/GAID and don't show an App Tracking Transparency prompt because we don't track you.
  • We never sell or rent your personal data, and we don't share it for advertising.
  • Notifications stay on your device. The optional weekly digest and streak reminders are scheduled locally by your phone; their content is generated on-device and nothing is sent to a push server.

4. Local-first storage & cloud sync

Swimlog is local-first: your training data is written to a private database on your device and the App works fully offline. Cloud sync is a convenience you control:

  • With cloud sync on (the default after sign-up, so you have a backup), your profile, workouts, personal bests, templates and meets are mirrored to your account on our backend so they're backed up and available on your other devices.
  • With cloud sync off ("local-only mode", in Profile → Cloud sync), your profile and training data stay only on your device and are not uploaded. An account is still required to use the App.
  • Team features are online. Because teams are shared by nature, team data is always handled by our backend when you use them.

5. Why we process it (legal bases)

Where the GDPR applies, we rely on:

  • Performance of a contract (Art. 6(1)(b)). Creating and running your account, providing the App's features, syncing your data when enabled, and supporting you.
  • Legitimate interests (Art. 6(1)(f)). Keeping the service secure, preventing abuse, and maintaining reliability.
  • Legal obligations (Art. 6(1)(c)). Complying with applicable law, including responding to valid requests.

The optional "sex" field and the team-sharing toggle are processed on the basis of your choice to provide/enable them.

6. Teams — what others can see

Joining a team makes your roster identity (handle, display name, initials and avatar) and your role visible to other members of that team. Whether teammates can also see your training is governed by a separate "Share my training with teams" setting:

  • On: teammates can see your weekly training volume on the leaderboard, your recent workouts in the team activity feed, and your personal bests on the team board.
  • Off: you remain in the roster by name only and are excluded from those aggregates.

Your email address is never shown to teammates, and your meets and workout templates are never shared with a team. Workouts you explicitly post to a team feed are attributed to you.

7. Service providers

We use a small number of trusted providers to run the App:

  • Supabase — our backend for authentication and, when cloud sync or team features are used, for storing your synced and team data.
  • Apple and Google — the App Store and Google Play distribute the App; their operating systems handle local notification scheduling and the share sheet when you choose to share a workout card.

We share only the minimum needed for these services to function, and only when the relevant feature is used.

8. International transfers

We aim to keep going global. Depending on provider configuration, your data may be processed in the European Union or in other countries. Where data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

9. How long we keep it

  • Data synced to your account is kept while your account is active.
  • When you delete your account, we delete your data from our backend (see §11). Residual copies in routine encrypted backups age out within a limited technical window.
  • Data held only on your device remains there until you delete it or uninstall the App.
  • Support emails are kept only as long as needed to handle your request and our records.

10. Your rights

Subject to your location and applicable law, you have rights over your personal data. Under the GDPR (EEA/UK) these include access, rectification, erasure, restriction, objection, and portability, and the right to lodge a complaint with a supervisory authority — in Poland, the President of the Personal Data Protection Office (UODO).

If you are a California resident, the CCPA/CPRA gives you the right to know what we collect, to access and delete it, to correct it, and to opt out of "sale" or "sharing" of personal information — and we do not sell or share your personal information.

You can exercise most rights directly in the App (edit your profile, manage sharing, export by contacting us, or delete your account). For anything else, email edward@swimlog.dev and we'll respond within the time the law requires. We won't discriminate against you for exercising a right.

11. Deleting your account & data

You can delete your account at any time inside the App, under Profile → Delete account. When you confirm:

  • we permanently delete your account and your data from our backend — your profile, workouts, personal bests, templates and meets, your team memberships, and any teams you own;
  • your sign-in is removed so the account can no longer be used;
  • scheduled notifications are cancelled; and
  • all Swimlog data stored on that device is wiped.

Note: ordinary sign-out does not erase the data on your device (so you don't lose a local-only log by accident) — only account deletion does. If you can't access the App but want your account removed, email edward@swimlog.dev from your account address and we'll handle it.

12. Children

Swimlog is intended for competitive and serious swimmers. It is not directed at children under 13 (or under the minimum age of digital consent in your country, which can be up to 16 in the EEA), and we don't knowingly collect their data without the consent of a parent or guardian. If you believe a child has provided us personal data without that consent, contact us and we'll delete it.

13. Security

Data sent between the App and our backend is protected in transit with TLS, your synced data is scoped to your account, and our backend runs on managed, access-controlled infrastructure. No method of storage or transmission is perfectly secure, but we work to protect your data and keep what we hold to a minimum.

14. Changes to this policy

We may update this policy for legal or product reasons. We'll change the "last updated" date above and, for material changes, give notice in the App. Continuing to use Swimlog after an update means you accept the revised policy.

15. Contact

Questions about privacy or your data? Email edward@swimlog.dev — we read every message.