Privacy Policy

Last updated: 9 May 2026 · Effective date: 9 May 2026

This Privacy Policy explains how STNG Studios ("we," "us," "our") collects, uses, and protects your personal data when you use the Neomi mobile application ("the App") and our website at stng-studios.dk. It applies to all users of our products and services.

We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR), the Danish Data Protection Act (Databeskyttelsesloven), and Apple's App Store requirements.

1. Data Controller

The data controller responsible for your personal data is:

STNG Studios
CVR: 45819272
Ny Banegårdsgade 49, 8000 Aarhus C, Denmark
Email: support@stng-studios.dk

For all questions about this Privacy Policy, the processing of your personal data, or to exercise your rights under GDPR, contact us at support@stng-studios.dk.

2. Personal Data We Collect

We collect the following categories of personal data:

2.1 Account Information (provided via Sign in with Apple)

  • Email address (real or Apple's private relay address)
  • Full name (only if you choose to share it)
  • Apple user identifier

2.2 Activity and Usage Data

  • Habits you create, schedule, and complete
  • Activity duration, distance, and quantity (where applicable)
  • Points earned, streaks, and badges
  • Recurring habit schedules and todo lists
  • Reading sessions, exercise logs, and workout templates
  • Custom notes you add to activities

2.3 Health-Related Data (only with your explicit consent)

With your permission via the Apple HealthKit framework, we read:

  • Daily step count
  • Active energy burned (calories)
  • Sleep analysis data

This data is used to display your daily progress and award activity points. You may revoke this access at any time in iOS Settings → Privacy & Security → Health → Neomi.

Step counts are converted into points that are stored on our servers as part of your activity history. We never write data into Apple Health on your behalf without explicit consent for that specific operation.

2.4 Location Data (only with your explicit consent)

With your permission, we use your device's GPS during running and cycling activities solely to calculate distance traveled. We do not:

  • Store your GPS coordinates on our servers
  • Track your location when no activity is in progress
  • Share location data with third parties
  • Use location data for advertising

Only the calculated total distance (e.g., "5.2 km") is saved to your activity history.

2.5 Subscription and Purchase Data

When you subscribe, Apple processes the payment. We receive a confirmation that your subscription is active, but we never see or store your payment card information. Apple's privacy policy applies to the payment transaction.

2.6 Technical Data

  • Device type and iOS version (collected automatically by Apple App Store Connect)
  • App version
  • Authentication tokens managed by Supabase

3. How and Why We Use Your Data

Purpose Data used Legal basis (GDPR Article 6)
Provide the App's core functionality (track habits, calculate points, sync across devices) Account info, activity data Contract performance — Art. 6(1)(b)
Display health and fitness progress HealthKit data Explicit consent — Art. 6(1)(a) and Art. 9(2)(a) for health data
Calculate distance during run/cycle activities Location data Explicit consent — Art. 6(1)(a)
Send local habit reminders and streak notifications Account info Contract performance — Art. 6(1)(b)
Verify and renew your subscription Subscription status Contract performance — Art. 6(1)(b)
Detect and prevent fraud, abuse, and security incidents All categories Legitimate interest — Art. 6(1)(f)
Comply with legal obligations All categories Legal obligation — Art. 6(1)(c)

We do not use your data for marketing, advertising, profiling for advertising, or sale to third parties.

4. Special Category Data (Health Data)

Health-related data (steps, calories, sleep) is classified as a "special category" of personal data under GDPR Article 9. We process this data only with your explicit consent, given through iOS HealthKit permission prompts.

You may withdraw this consent at any time without affecting your ability to use the rest of the App. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

5. Who We Share Your Data With

We share your data only with the following processors, who act on our behalf and under contractual data-processing agreements (DPAs):

5.1 Apple Inc.

  • Sign in with Apple — authentication
  • App Store / StoreKit — subscription processing
  • HealthKit — on-device health data access (data does not leave your device unless you explicitly use a feature that requires it)
  • APNs — push notifications
  • Apple's Privacy Policy: https://www.apple.com/legal/privacy/

5.2 Supabase Inc.

  • Cloud database and authentication backend
  • Hosts your account and activity data in the European Union (Frankfurt region)
  • Supabase Privacy Policy: https://supabase.com/privacy

We do not share, sell, rent, or trade your personal data with any other third parties for any purpose.

6. International Data Transfers

Your data is stored on servers located within the European Union. Apple may process limited authentication and payment data in other jurisdictions under Standard Contractual Clauses (SCCs) and other appropriate safeguards as detailed in Apple's privacy documentation.

7. Data Retention

We retain your personal data only for as long as necessary to provide the App's services:

  • Active accounts: Data is retained as long as your account is active.
  • Account deletion: When you delete your account from within the App (Settings → Delete My Account), we immediately and permanently delete all your personal data from our active databases. Backup copies are overwritten within 30 days as part of routine backup rotation.
  • Subscription records: Apple retains transaction records as required by their own policies and applicable tax law.
  • Legal obligations: We may retain certain data longer if required by law (e.g., bookkeeping records under Danish law).

8. Your Rights Under GDPR

As a data subject, you have the following rights:

Right What it means
Access (Art. 15) Request a copy of the personal data we hold about you
Rectification (Art. 16) Correct inaccurate or incomplete data
Erasure / "Right to be forgotten" (Art. 17) Have your data deleted (also available in-app via Settings → Delete My Account)
Restriction (Art. 18) Limit how we process your data
Portability (Art. 20) Receive your data in a machine-readable format
Objection (Art. 21) Object to processing based on legitimate interest
Withdraw consent (Art. 7) Withdraw consent for HealthKit, location, or any other consent-based processing
Not be subject to automated decision-making (Art. 22) We do not perform automated decision-making with legal effects

To exercise any of these rights, email support@stng-studios.dk. We will respond within 30 days as required by GDPR.

Right to Lodge a Complaint

If you believe we have violated your data protection rights, you have the right to lodge a complaint with the Danish Data Protection Authority:

Datatilsynet
Carl Jacobsens Vej 35, 2500 Valby, Denmark
Phone: +45 33 19 32 00
Website: https://www.datatilsynet.dk

9. Children's Privacy

Neomi is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at support@stng-studios.dk and we will delete it.

For users between 13 and 16 in EU jurisdictions where the digital consent age is higher than 13, parental consent is required for the processing of personal data.

10. Data Security

We implement technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS 1.2+)
  • Encryption of data at rest on Supabase infrastructure
  • Row-level security policies on our database, ensuring users can only access their own data
  • Authentication via Sign in with Apple (no password storage)
  • Regular security review of our codebase

No method of transmission or storage is 100% secure, but we follow industry best practices to protect your data.

11. Cookies and Tracking

The Neomi mobile application does not use cookies or third-party tracking technologies. We do not use advertising identifiers (IDFA), analytics SDKs, or behavioral tracking.

The stng-studios.dk website may use minimal first-party cookies necessary for site operation. No third-party advertising or analytics cookies are used.

12. Apple App Store Analytics

Apple may collect anonymized, aggregated usage statistics about the App through App Store Connect. We see only aggregate, non-identifying metrics (e.g., total downloads, crash counts). This data is governed by Apple's privacy policy.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last updated" date at the top of this document
  • Notify active users via in-app notification or email at least 30 days before the changes take effect

Continued use of the App after the effective date constitutes acceptance of the updated policy.

14. Contact Us

For any questions, concerns, or requests regarding your personal data or this Privacy Policy:

STNG Studios
CVR: 45819272
Ny Banegårdsgade 49, 8000 Aarhus C, Denmark
Email: support@stng-studios.dk

We aim to respond to all inquiries within 7 business days, and to formal GDPR rights requests within 30 days as required by law.