1. Who This Policy Covers
This policy covers the Pathcut Android and iOS apps and the public website at pathcut.app. Pathcut is the controller of personal data processed for its own purposes, such as product analytics and support communications.
For privacy questions or requests, contact info@pathcut.app.
Third-party services. Google, Apple, RevenueCat, Strava, and other services you choose to use also process data under their own terms and privacy policies.
2. At a Glance
- No Pathcut account is required for core editing.
- Imported media, GPX or TCX files, routes, and health and fitness values are stored and rendered locally.
- Pathcut does not sell personal information and does not use health data or routes for advertising.
- Pathcut never intentionally sends GPS coordinates, activity names, health values, media filenames, or file paths in analytics events.
- Template updates and entitlement checks use network services even when product analytics is disabled.
- You can control analytics and diagnostics in Settings and delete local app data from the app.
3. Data Pathcut Processes
| Category | Examples and purpose | Where it goes |
|---|---|---|
| Projects and media | Project names, videos, images, timeline edits, thumbnails, templates, export settings, and exported files. | Stored and processed on your device. An export leaves Pathcut only when you save or share it. |
| Routes and activity data | GPX or TCX routes, coordinates, timestamps, distance, speed, pace, elevation, heart rate, cadence, power, calories, and related workout data. | Imported and processed locally. It is not sent to Pathcut servers or product analytics. |
| Template delivery | Template IDs, versions, tiers, metadata, and SVG assets used to keep the catalog current. | Requested from Google Firebase and cached locally. Network providers necessarily receive technical request data such as IP address. |
| Purchases and entitlements | Anonymous RevenueCat app user ID, product identifiers, offerings, receipts, transaction and subscription status, and Pro entitlement state. | RevenueCat and the applicable store. Pathcut contacts RevenueCat at startup when billing is configured to restore the current entitlement state. |
| Optional analytics | Feature interactions, sport category, bundled template and style IDs, export preset, clip count, success or failure code, app version, and device information supplied by Firebase. | Google Analytics for Firebase when analytics is enabled. |
| Optional diagnostics | Crash stack traces, app version, device and operating-system information, and technical state needed to diagnose failures. | Firebase Crashlytics in release builds when analytics and diagnostics are enabled. |
| Support communications | Your email address, message, and any information or attachments you choose to send. | The email and support providers used to answer your request. |
4. Health and Fitness Data
Health and fitness import is optional and user-initiated. Pathcut uses it only to let you select a workout and create a local route and telemetry overlay.
Android Health Connect
- Pathcut requests read access only to exercise sessions, exercise routes, heart rate, distance, power, speed, and total calories burned.
- Pathcut does not write to Health Connect.
- Imported data is copied into the selected local project and is not sent to analytics, RevenueCat, or advertising services.
- Disconnecting Health Connect revokes Pathcut's permissions and removes Health Connect-derived activity data from local projects. It does not delete records held by Health Connect or their source app.
Apple Health
- Pathcut requests read access to workouts and workout routes through HealthKit.
- Pathcut does not write health data to Apple Health.
- Imported workout and route data is used locally for the project you choose and is not sent to analytics, RevenueCat, or advertising services.
- Disconnecting Apple Health removes Apple Health-derived activity data from Pathcut. Health permissions can also be managed in iOS Settings.
Pathcut is a creative editing tool, not a medical device. It does not provide diagnosis, treatment, or medical advice.
5. Analytics and Crash Diagnostics
Pathcut uses one setting for Google Analytics for Firebase and Firebase Crashlytics:
- In GDPR and UK GDPR regions, analytics and diagnostics stay off until you choose Allow.
- Outside those regions, they are enabled on first launch. You can disable them at any time in Settings.
- Debug builds do not send Crashlytics reports.
- When you disable analytics, Pathcut stops new collection and resets the local Firebase Analytics identifier and analytics state. Data already received by a provider may remain for its configured retention period or legal obligations.
- Advertising storage, ad user data, and ad-personalization consent remain denied. Pathcut does not request the Android Advertising ID or Apple's tracking permission.
Analytics events are restricted to low-cardinality product choices and operational results. Pathcut does not intentionally include routes, coordinates, health values, athlete IDs, activity titles, project names, free-form text, filenames, or file paths.
6. Strava
If you connect Strava, Pathcut opens Strava's OAuth flow and requests the activity:read scope so you can browse and import activities.
- Strava receives the OAuth and API requests needed to connect your account and return the activities you request.
- Access and refresh tokens are stored using Android encrypted storage or the iOS Keychain.
- Selected activity metadata, route streams, and telemetry are converted into local project data.
- Disconnecting Strava clears local tokens, attempts to revoke remote access, and removes Strava-derived activity data from local Pathcut projects. Your media and other project edits remain.
- You can also revoke Pathcut from your Strava account settings.
See Strava's privacy policy for Strava's own processing.
7. Purchases
Google Play or Apple's App Store processes payments. RevenueCat loads product offerings, validates purchase records, restores purchases, and manages Pro entitlements. Pathcut does not receive your full payment card number.
RevenueCat uses an anonymous per-installation app user ID unless a future version explicitly offers account login. Store and RevenueCat records can remain after local app data is deleted because stores must retain transaction records and restore purchases.
8. Service Providers and Disclosures
| Provider | Purpose | Data involved |
|---|---|---|
| Google Firebase | Template delivery, optional analytics, and optional crash diagnostics. | Technical request data, template requests, analytics events, and crash diagnostics as described above. |
| Google Play / Apple App Store | Distribution, billing, subscriptions, refunds, and purchase restoration. | Store account, install, transaction, subscription, and refund data controlled by the store. |
| RevenueCat | Offerings, purchase validation, entitlement management, and restoration. | Anonymous app user ID, device and app details, product identifiers, receipts, and entitlement status. |
| Strava | OAuth and selected activity import. | OAuth tokens, athlete display information, and activities and streams requested through the feature. |
| Website and email providers | Host public pages and receive support requests. | Technical request logs and information you submit by email. |
Pathcut may also disclose information when reasonably necessary to comply with law, enforce rights, investigate abuse, or protect users and the service. Pathcut does not sell personal information or share it for cross-context behavioral advertising.
9. Purposes and Legal Bases
Where GDPR or UK GDPR applies, Pathcut relies on:
- Performance of a contract to provide editing, import, export, template, and purchase features you request.
- Consent for analytics and diagnostics where consent is required, and for permissions or connections you choose to grant.
- Legitimate interests to secure the app, prevent abuse, provide support, deliver the current public template catalog, and understand reliability where permitted by law.
- Legal obligations for tax, accounting, lawful requests, and transaction records where applicable.
Core editing can be used without analytics. Media or health permissions and Strava authorization are not required unless you choose the related feature. There is no automated decision-making that produces legal or similarly significant effects.
10. Retention and Deletion
- Local projects, imported media copies, routes, activity data, and settings remain until you delete a project, use Delete all app data, or uninstall the app.
- Template files remain cached until the cache or app data is cleared.
- Strava tokens remain until you disconnect Strava, delete all app data, or uninstall the app.
- Analytics and diagnostic records are retained under Pathcut's configured Firebase retention settings and provider backup or legal requirements.
- Purchase records are retained by stores and RevenueCat as needed for subscriptions, restoration, fraud prevention, tax, accounting, support, and legal obligations.
- Support messages are kept only as long as reasonably needed to resolve the request and meet legal obligations.
Delete all app data removes Pathcut's local projects, imported copies, route and activity data, caches, settings, Strava credentials, and Firebase installation data. It does not delete exports already saved to your photo library or files shared outside Pathcut. It also cannot delete transaction records controlled by an app store or RevenueCat.
11. Your Choices and Rights
- Change analytics and diagnostics collection in Pathcut Settings.
- Revoke Health Connect, Apple Health, photo, notification, or media permissions in system settings.
- Disconnect Strava in Pathcut or revoke Pathcut in Strava.
- Delete individual projects or all local app data.
- Contact info@pathcut.app to ask about personal data Pathcut controls.
If GDPR or UK GDPR applies, your rights may include access, correction, deletion, restriction, objection, portability, and withdrawal of consent. You may complain to your local data protection authority. Most media, route, and health data exists only on your device, so Pathcut cannot retrieve it from a server.
If the California Consumer Privacy Act applies to Pathcut and to your request, rights may include knowing, correcting, and deleting personal information and opting out of sale or sharing. Pathcut does not sell personal information or share it for cross-context behavioral advertising and does not discriminate for exercising privacy rights.
12. International Transfers and Security
Service providers may process data outside your country. Where required, transfers rely on recognized safeguards such as adequacy decisions or standard contractual clauses.
Pathcut minimizes server-side data, uses HTTPS for network services, stores Strava tokens with Android encrypted storage or the iOS Keychain, and excludes sensitive Android credentials from backup. No storage or transmission method is completely secure.
13. Children
Pathcut is not directed to children under 13. Where local law requires a higher age for a person to consent to data processing, Pathcut is not intended for children below that age without authorization from a parent or guardian. Contact us if you believe a child has provided personal data through a network feature.
14. Website
The public Pathcut website is static and does not use Pathcut analytics, advertising cookies, or contact forms. The hosting provider may process standard request information such as IP address, browser type, requested URL, and timestamps for delivery, security, and abuse prevention.
15. Changes and Contact
Pathcut may update this policy when the app, providers, or legal requirements change. Material changes will receive appropriate notice through the app, store listing, or website. The effective date above identifies the current version.
Questions and privacy requests: info@pathcut.app.