Privacy Policy.

Account Data

Username, email address, and password (encrypted) when you create an account. Stored securely via AWS Cognito.

Profile Data

Name, age, gender, height, weight, amputation details, and prosthetic usage time. This data is stored only on your device and is never uploaded to our servers.

Sensor Data

Pressure readings, accelerometer, gyroscope, temperature, step count, and battery level from the Roliner Control Unit. Stored locally and optionally uploaded to AWS S3.

Location Data

Approximate location collected every 60 seconds while the app is in use, with your permission. Used to provide context for comfort patterns.

Weather Data

Temperature, humidity, and conditions retrieved hourly from the OpenWeather API based on your approximate location. No identifying information is sent to OpenWeather.

Activity Labels

Activity type (walking, resting, exercise, etc.) that you select manually within the app.

HealthKit Data

Step count read from Apple Health with your permission. Displayed in the app only and never uploaded to any server.

Your consent

You provide explicit consent during registration for the collection of health-related sensor data, location data, and profile information. You can withdraw consent at any time.

To deliver our product

Processing your account data (email, username) is necessary to deliver the Roliner to you.

Our legitimate interests

We use anonymised performance monitoring and security logging to maintain and improve the product and your experience with it, where this does not override your rights.

On your device

Profile data and sensor recordings are stored locally on your phone, protected by your device's hardware-backed encryption and app sandboxing - the same OS-level protections used on both iOS and Android. No other app can access this data.

In the cloud

Account authentication is handled by AWS Cognito (London, UK). Sensor data files are stored in AWS S3 (London, UK), encrypted at rest and in transit.

Privacy by design

Our authentication database and sensor data store are completely separate systems. Sensor files are keyed by device identifier, not your user account. This means your sensor data cannot be trivially linked to your identity.

Account Data

Until you request account deletion.

Profile Data

Until you uninstall the app.

Sensor Data (Device)

Until you delete it or uninstall the app.

Sensor Data (Cloud)

Until you request deletion.

HealthKit Data

Not stored - displayed in real time only.

Amazon Web Services (AWS)

For authentication and secure data storage, hosted in the UK (London). Bound by AWS's GDPR Data Processing Addendum.

OpenWeather API

Receives only approximate location coordinates to retrieve weather data. No personal information is shared.

Apple HealthKit

Read-only access to step count on your device. No data is sent to Apple or any server.

Access your personal data and request a copy of it.

Correct your profile information directly in the app, or request corrections to account-level data.

Delete your data. Local data is removed when you uninstall the app. Cloud data will be deleted on request.

Export your data in a machine-readable format (JSON).

Object to processing based on legitimate interest.

Restrict processing in certain circumstances.

Withdraw consent at any time without affecting processing that occurred before withdrawal.

Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.