Privacy Policy

Last updated: 6 July 2026 · Version: 1.0

1. Who's responsible for your data

The data controller for the personal data described in this policy is Dylan Janssens, h.o.d.n. Tempo / Swipe Your Bite, a sole proprietorship (eenmanszaak) registered with the Dutch Chamber of Commerce (KvK 81923201), VAT BTW NL003619262B91. Contact us about your data at hello@withtempo.run.

Data Protection Officer (DPO). We have not appointed a Data Protection Officer. As a sole proprietorship we are not a public authority, our core activities do not consist of large-scale regular and systematic monitoring of data subjects, and our core activities do not consist of large-scale processing of special-category data within the meaning of Art. 37(1) GDPR. The privacy contact above is the responsible person for data-protection questions and rights requests.

2. What we collect

2.1 Account data

Email address, hashed password, language preference, sign-up date.

2.2 Profile and training data you give us

Name (first name only is sent to the AI; see § 4), date of birth (optional), goals, race history, training preferences, injury notes, free-text journal entries.

2.3 Activity and health data from connected devices

If you connect a wearable via Terra (Garmin, WHOOP, Oura, Apple Health, etc.), we ingest activity records (runs, rides, swims), heart rate, HRV, sleep, body composition, and — only if you explicitly opt in — menstrual-cycle data. Heart-rate, HRV, sleep and cycle data are special-category personal data ("data concerning health") within the meaning of Art. 9 GDPR.

2.4 Conversations

Every message you exchange with Tempo. We need this to maintain context across sessions; this is the core of the product. Free-text conversations may incidentally contain health information you choose to share, which we then process under Art. 9(2)(a) explicit consent — see § 3.

2.5 Subscription and payment data

Subscription tier, billing dates, plan changes, cancellation reasons. We never see or store your full card number. Stripe handles all card data directly as an independent controller for payment-card data and as our processor for subscription metadata.

2.6 Usage analytics (optional, requires explicit consent)

Anonymized event data (which screens you visit, which features you use, error counts) — only after you tap "Allow" on the in-app consent prompt. The default state is off. You can revoke consent anytime in Profile → Privacy and we'll stop sending events immediately and delete identifiable past events on request.

2.7 Crash and error data

If the app crashes or hits an unexpected error, we capture the technical details (stack trace, OS version, app version). No content from your conversations or training data is included in crash reports.

3. Why we use your data — and the legal basis

We process your personal data only where we have a valid legal basis under Article 6 GDPR (and, for special-category data, Article 9 GDPR). The table below maps every purpose to its specific basis. "Improving our service" is not, on its own, a legal basis — service-improvement work that uses identifiable data is performed only on the basis of an Art. 6 ground listed below, and product analytics are run only with consent.

PurposeCategories of dataLegal basis
Provide chat responses, store your training history, run the chat (the core Service)Account, profile, conversations, activityPerformance of a contract — Art. 6(1)(b) GDPR
Process payments, manage your subscription, prevent payment fraudSubscription, payment metadataPerformance of a contract — Art. 6(1)(b) GDPR; legitimate interests in fraud prevention — Art. 6(1)(f) GDPR
Send transactional emails (welcome, trial-ending, payment-failed, account changes, security notices)AccountPerformance of a contract — Art. 6(1)(b) GDPR
Process health data from your wearable (HRV, sleep, heart rate) to inform Tempo's responsesHealth (special category)Explicit consent — Art. 9(2)(a) GDPR, given when you connect the wearable; underlying processing on Art. 6(1)(b) GDPR
Process menstrual-cycle data to contextualize Tempo's responsesHealth (special category)Explicit consent — Art. 9(2)(a) GDPR, given via a separate, specific opt-in toggle. You can withdraw at any time in Profile → Privacy → Cycle tracking, with no effect on the rest of the Service.
De-identified, aggregated analysis to improve Tempo's prompts and evaluations (no model is trained on your raw conversations; data is aggregated and not linked back to you)De-identified derivatives of conversations and training dataLegitimate interests — Art. 6(1)(f) GDPR (improving service quality), balanced against your interests; you may object under Art. 21 GDPR
Product analytics (PostHog) — understanding which features are usedAnonymized usage eventsExplicit consent — Art. 6(1)(a) GDPR; opt-in only
Crash and error reporting, abuse prevention, security monitoringTechnical logs, app/OS versionLegitimate interests — Art. 6(1)(f) GDPR (running a secure, reliable Service)
Comply with Dutch tax, accounting, and consumer-law record-keeping obligationsInvoices, subscription historyLegal obligation — Art. 6(1)(c) GDPR (notably Art. 52 AWR)
Defend, exercise, or establish legal claimsWhatever is strictly necessaryLegitimate interests — Art. 6(1)(f) GDPR; for special-category data, Art. 9(2)(f) GDPR

Withdrawing consent. Where processing is based on consent (Art. 6(1)(a) or Art. 9(2)(a) GDPR), you may withdraw it at any time, with no effect on the lawfulness of processing already carried out. Toggle controls live in Profile → Privacy.

4. Privacy-preserving design choices

Two specific choices are worth surfacing because they shape what leaves our infrastructure:

5. Who we share your data with (sub-processors)

We do not sell your data, and we do not share it with advertisers or data brokers. We do use carefully chosen sub-processors to run the Service. Each is bound by a written data processing agreement (Art. 28 GDPR) and, where data leaves the EEA, by appropriate safeguards (see § 6).

ProviderWhat they do for usData location
SupabaseDatabase, authentication, file storageEU (Frankfurt)
StripePayment processing, subscription billingEU + USA (SCCs + EU-U.S. DPF where applicable)
Google (Gemini AI)AI inference for chat responses (we send sanitized data — first name only, no email/phone/surname/address)USA (SCCs + EU-U.S. DPF where applicable)
TerraWearable data ingestion (only if you connect a device)EU + USA (SCCs)
PostHogAnonymized product analytics (only with your explicit in-app consent)EU
ResendTransactional email deliveryEU + USA (SCCs)
VercelMarketing website hosting (this page!)USA (SCCs)
LangfuseAI observability — captures the prompts and model responses, not your email or full nameEU
SentryCrash and error reportingEU

6. International transfers

Some sub-processors above are based in, or may transfer data to, countries outside the European Economic Area — principally the United States. For those transfers we rely on the European Commission's Standard Contractual Clauses (SCCs) (Decision 2021/914) as the primary safeguard under Art. 46(2)(c) GDPR, and on the EU-U.S. Data Privacy Framework adequacy decision (Implementing Decision (EU) 2023/1795) where the relevant US sub-processor is certified. Where additional supplementary measures are warranted, we apply technical measures (sanitization of AI inputs, encryption in transit, EU-region selection where available) and contractual measures (DPA terms requiring breach notice and deletion on request). You can request a copy of the relevant SCCs by emailing hello@withtempo.run.

7. How long we keep your data

8. Data breach notification

In the event of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours of becoming aware of it, in accordance with Art. 33 GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly, without undue delay, in clear and plain language, in accordance with Art. 34 GDPR.

9. Your rights under GDPR

You have the right to:

To exercise any of these rights, email hello@withtempo.run. We will respond within one month of receiving your request (Art. 12(3) GDPR), with a possible extension of two further months for complex or numerous requests, in which case we'll notify you of the extension within the first month.

10. Cookies and similar technologies

The marketing site (this page) uses no tracking cookies. The Tempo app uses local storage only for app function (your auth session, your preferences). We use no advertising cookies, no cross-site trackers. The optional PostHog analytics, when you enable it, uses an anonymous device identifier that does not follow you across other sites.

11. Children

Tempo is intended for users aged 18 and over. We do not knowingly collect personal data from children under 18, and we do not direct the Service to children. If you are a parent or guardian and you believe a child has provided us with personal data, contact hello@withtempo.run and we will delete the account and any related data without undue delay. We do not rely on Art. 8 GDPR (information-society services to children) because we do not knowingly process children's data at all.

12. Security

Data in transit is encrypted with TLS 1.2+. Data at rest in Supabase is encrypted. Authentication uses bcrypt-hashed passwords. We follow least-privilege access for staff (currently a single founder-operator) and rotate credentials when third-party access changes. We log access to production systems. No system is perfectly secure — if you spot a vulnerability, please report it responsibly to hello@withtempo.run and give us a reasonable window to remediate before public disclosure.

13. Changes to this policy

Material changes will be communicated by email and/or in-app notice at least 30 days before they take effect. Non-material changes (clarifications, sub-processor link updates) take effect on posting. The "Last updated" date at the top of this page reflects the most recent revision.

Privacy questions? hello@withtempo.run

Tempo is a trade name of Dylan Janssens, KvK 81923201, BTW NL003619262B91.