← Daystride

Privacy Policy

Effective date: 2 May 2026

Daystride is built on privacy by absence: the fastest way to be private is to never receive the data in the first place. This policy explains, in plain terms, what that means for the Daystride iOS app and for this marketing website.

1. Who we are

The data controller for Daystride is TK MEDIA S.à r.l.-S, a company registered in Luxembourg.

  • Address: 13, In Bedigen, L-9283 Diekirch, Luxembourg
  • Trade Register (RCS Luxembourg): B306819
  • Email: contact@tkmedia.lu

2. The short version

  • The Daystride app has no backend, no account, no analytics, and no third-party SDKs. It does not transmit your data anywhere. It reads daily step counts from Apple Health, on-device, and stores your settings locally.
  • This website (daystride.org) sets no cookies and runs no analytics or tracking. The hosting provider keeps standard server logs for security and operations.
  • Your rights under the EU GDPR are described in section 7 below.

3. The Daystride app

3.1 What the app reads

With your explicit permission (granted through Apple's HealthKit consent dialog), Daystride reads your daily step counts from Apple Health. It only reads — it never writes to Apple Health. You can revoke this access at any time in iOS Settings → Health → Daystride.

3.2 What stays on your device

The following are stored locally on your device and are never transmitted to us or to any third party:

  • Your daily goal and the history of past goals
  • Your accent colour, language override, and appearance settings
  • The widget snapshot used by iOS widgets

Storage is done via the iOS UserDefaults APIs and a private App Group container. Nothing is uploaded.

3.3 What we do not do

  • No accounts, no login, no email collection.
  • No analytics, no crash reporters, no advertising IDs.
  • No third-party SDKs and no outbound network calls of any kind.
  • No in-app purchases, no subscriptions, no profiling.

3.4 Apple's role

Apple Health and iCloud Health (if you have enabled it on your device) are operated by Apple Inc. and Apple Distribution International Ltd. Their handling of your health data is governed by Apple's privacy policy. We never receive that data from Apple.

4. The marketing website (daystride.org)

4.1 What is collected

We do not run any analytics, advertising or tracking technologies on this website. We do not embed third-party widgets that track you (e.g. social media pixels). We do not set any cookies of our own.

4.2 Hosting and server logs

The site is hosted on Vercel Inc. (San Francisco, USA, with EU edge nodes). As part of normal hosting, Vercel processes the technical information your browser sends with each request — IP address, request URL, user-agent string, response status and timestamp — for the purpose of delivering the page, protecting against abuse, and diagnosing errors. The legal basis is our legitimate interest in operating a secure and reliable website (Article 6(1)(f) GDPR). These logs are retained only for the standard operational retention period of the active Vercel plan and configuration, unless we later enable a longer log drain and update this policy. They are not used to build a profile of you.

4.3 Cookies

This website does not set cookies. Because no non-essential storage is placed on your device, no consent banner is required under the EU ePrivacy Directive.

5. Children

Daystride is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has used the service in a way that requires our attention, please contact us at contact@tkmedia.lu.

6. International transfers

The app does not transfer any personal data internationally because it does not transmit any personal data at all. For the website, our hosting provider (Vercel) may serve content from edge locations outside the European Economic Area. Any such processing relies on the European Commission's adequacy mechanisms and / or Standard Contractual Clauses.

7. Your rights under the GDPR

If, despite the above, you believe we hold personal data about you, you have the following rights under Articles 15 to 21 of the GDPR:

  • Access — confirmation of whether we hold data about you, and a copy of it.
  • Rectification — correction of inaccurate data.
  • Erasure — deletion of your data ("right to be forgotten").
  • Restriction — pause processing while a question is resolved.
  • Portability — a machine-readable export of any data you have provided.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — for any processing that relies on consent, at any time, without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, write to contact@tkmedia.lu. We aim to respond within one month, as required by Article 12(3) GDPR.

8. Supervisory authority

You also have the right to lodge a complaint with the Luxembourg data protection authority:

Commission nationale pour la protection des données (CNPD)
15, Boulevard du Jazz
L-4370 Belvaux, Luxembourg
cnpd.public.lu

9. Changes to this policy

If we materially change how we handle data, we will update this page and revise the effective date at the top. Past versions are kept internally so we can reconstruct what applied at any given time.

10. Contact

Privacy questions or requests: contact@tkmedia.lu.