ZonePoints Privacy Policy

Updated March 22, 2026

Welcome to ZonePoints, an application published by Vercer LLC ("we", "us", or "our"). We are committed to transparency and providing you with robust control over your data.

1. Data on Your Device

Local Storage

By default, your raw heart rate readings and full training session data are stored exclusively on your device. The App retains an unlimited amount of this data on your device indefinitely so you maintain a complete historical record. You can delete any session at any time (see Section 5). Unless you specifically enable cloud backup, this raw session data never leaves your device.

2. Data We Collect

Analytics and Diagnostics

To operate, maintain, and improve the App, we collect standard App settings and certain derived summary statistics (such as your total number of sessions and the minimum and maximum heart rates observed across sessions — not raw heart rate readings). To monitor the App's technical health, we utilize Google Analytics and Firebase monitoring tools (including Analytics, Crashlytics, and Performance Monitoring) to collect diagnostic data. These services may transfer and store data on servers located in the United States or other countries.

Legal Basis for Processing

We process your data on the following bases: your consent (for optional features such as cloud backup and Health Connect); our legitimate interest in maintaining and improving the App (for analytics and diagnostics); and contractual necessity (to provide the core App functionality you have requested).

3. Optional Features

User Accounts & Cloud Backup

You are not required to create an account to use ZonePoints. If you choose to create an account and enable the optional cloud backup feature, your session data will be securely stored in Firebase Firestore to facilitate synchronization across devices. You may disable this backup at any time. Disabling cloud backup will delete all previously synced session data from our servers. Cloud data is governed by the Firebase Privacy Policy.

Upon account deletion, all cloud-stored session data will be permanently removed within 30 days.

Google Health Connect

Integration with Google Health Connect is optional and disabled by default. If enabled:

• We will write ZonePoints heart rate data into Health Connect, and read heart rate data recorded by other applications.

• If you subsequently disable the integration, we will delete all third-party data read from Health Connect, as well as all ZonePoints-generated data previously written to Health Connect.

• Our use of information received from Health Connect strictly adheres to the Health Connect Permissions policy, including its Limited Use requirements.

4. How We Use Anonymized Data

We process your training and usage data to create anonymized, aggregated datasets. Because this data is stripped of all personally identifiable information, it is not reasonably linkable to any individual. These datasets may be used for any business purpose, including sale or licensing to third parties such as research institutions, health and fitness companies, and data analytics providers.

• Public Statistics: We may publish broader comparisons (e.g., heart rate trends by city). To protect your privacy, we will only include a geographic group in these publications if it contains data from at least 10 distinct users.

• Health Connect Exception: We will never share or use health information sourced from Google Health Connect for these broader purposes, even in an anonymized format.

5. Managing, Exporting, and Deleting Your Data

• Deletion: You retain full control over your training records. Deleting an individual session in the App removes it permanently from ZonePoints, including from cloud backup if enabled. If Health Connect is enabled, this action will simultaneously delete the associated session from Google Health Connect.

• Exporting Data: You may export your raw training data from the App at any time in a standard format. Once exported, you are responsible for the security and handling of that data.

We implement reasonable technical and organizational measures to protect your data.

6. Children's Privacy

ZonePoints is directed toward the general public. We do not intentionally target or knowingly collect personal information from children under the age of 16. If you are a parent or guardian and believe your child under 16 has provided us with personal information, please contact us immediately so we may delete it.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal data, as well as the right to restrict or object to certain processing. To exercise any of these rights, contact us using the details below. We will respond to privacy-related inquiries within 30 days.

For California residents: We do not sell personal information as defined by the California Consumer Privacy Act (CCPA). Anonymized, aggregated data that cannot reasonably be linked to you is not personal information under the CCPA and may be sold or shared as described in Section 4.

8. Updates and Contact Information

We reserve the right to modify this Privacy Policy at any time. We will notify you of material changes via an in-app notification when you next open the App.

This policy is governed by the laws of the State of Washington, United States.