reTrek

Privacy Policy

Last updated: May 6, 2026

TLDR

  • We collect your email, optionally your name and profile photo, your step and distance data from Apple Health, and your activity inside reTrek (adventures, milestones, achievements).
  • We do not sell your data, do not share it with advertisers, do not share it with third-party AI services, and do not use it to train AI models.
  • Your HealthKit data is treated as health data, stays on our servers, and is never used outside the reTrek experience.
  • We use self-hosted analytics and error reporting on our own infrastructure. No third-party trackers.
  • You can export or delete your account anytime from inside the App.

This summary is plain-language and not legally binding; the sections below are the full Privacy Policy.

1. Introduction

Do Not Panic AS (“we,” “us,” “our”) respects your privacy and is committed to protecting your personal data. This Policy describes what data we collect when you use reTrek, how we use it, with whom we share it, and your rights under the European General Data Protection Regulation (“GDPR”) and Norwegian law.

2. Data We Collect

2.1 Account Information

  • Email address. When using Sign in with Apple, this may be a private relay email rather than your real address if you chose that option.
  • Where the sign-in provider supplies it, your name and profile photo.

2.2 Apple Health (HealthKit) Data

With your explicit permission, we read the following data from Apple HealthKit:

  • Step count.
  • Walking and running distance.

We do not read any other HealthKit data category (no heart rate, sleep, weight, workouts, or other health metrics). HealthKit access is requested separately from app login and can be revoked at any time through Settings → Health → Data Access & Devices → reTrek on your device.

We use this data solely to track your progress along virtual routes and story-driven quests within reTrek. We do not use HealthKit data for advertising, do not sell it, do not share it with any third party, and do not use it for any purpose unrelated to providing the reTrek experience.

2.3 Adventure Data

Information about your activity in reTrek, such as the adventures you start, your progress along them (including current position, milestones reached, and content you’ve unlocked), achievements you earn, and any content you submit (such as reviews or feedback). This data is tied to your account and is used to provide the Service, sync your progress across sessions, and surface stats and recaps within the App.

2.4 Device & Usage Metadata

Information about your use of the App necessary for security and operation, including app version, device platform (iOS), language, time zone, and request timestamps.

2.5 Categories We Do Not Collect

We do not collect special-category data such as race, religion, biometrics, or political views. We do not collect GPS or precise location data. Steps and distance from Apple HealthKit are not categorised as special-category data under the Norwegian implementation of GDPR, but we treat them with the same care.

3. Lawful Bases for Processing

We process your personal data on the following lawful bases:

  • Contract (GDPR Article 6(1)(b)) for data necessary to provide the Service you requested (account, subscription, adventure progress).
  • Explicit consent (Article 9(2)(a) for processing health data, in conjunction with Article 6(1)(a)) for Apple HealthKit access. Step count and walking/running distance, processed in the wellness context of reTrek, are treated as health data. You grant or refuse this consent through the iOS HealthKit permission prompt and can withdraw it at any time through iOS Settings.
  • Legitimate interest (Article 6(1)(f)) for security, fraud prevention, and product improvement.

4. How We Use Your Data

We use the data described in Section 2 to:

  • Provide and operate the App.
  • Track your progress along virtual routes and quests.
  • Authenticate you and protect your account.
  • Process subscriptions and verify entitlements.
  • Communicate with you about your account and the Service.
  • Investigate and respond to security incidents or abuse.

We do not sell your personal data, do not share it with advertisers, do not share it with any third-party AI services, and do not use it for AI model training.

5. Cookies & Tracking

We do not use third-party advertising cookies, pixel tracking, or fingerprinting, and we do not share data with third-party analytics or advertising services. We do operate product analytics and error reporting on our own self-hosted infrastructure so we can understand how the App is used and detect bugs; the data flowing to those tools stays with us. Within the App, we use minimal storage on your device for session management and preference persistence (such as your selected theme).

6. Third-Party Processors

We engage third-party service providers for key functions, including:

  • Subscription management (via the Apple App Store and our subscription processor).
  • Authentication.
  • Email delivery.
  • Error monitoring.
  • Infrastructure hosting and content delivery.

Apple HealthKit is named explicitly because Apple’s policies require it: HealthKit is the source of step and distance data, and access to HealthKit is governed by Apple’s HealthKit framework.

We enter data-processing agreements (or EU Standard Contractual Clauses where applicable) with each provider. A complete list of subprocessors and the safeguards in place is available on request at help@retrek.me.

7. Data Retention & Deletion

  • We retain your personal data for as long as your account exists.
  • You can request data export or deletion at any time from within the App (Settings → Privacy).
  • Export requests are fulfilled within 30 days, delivered by email.
  • Deletion requests log you out immediately. While the deletion is being processed, re-registration with the same email is blocked; your data is permanently erased within 30 days, after which no record of the original account is retained (including any registration block). If you request deletion while an export is pending, the deletion takes priority and the export is cancelled.

8. International Transfers

We host data in the European Economic Area where possible. For any transfers outside the EEA, we rely on EU Standard Contractual Clauses or other adequate safeguards under GDPR Chapter V.

9. Your Rights

Under GDPR and Norwegian law, you have the right to:

  • Access your personal data.
  • Rectify inaccuracies.
  • Request export of your data.
  • Request deletion of your data.
  • Object to or restrict processing in certain cases.
  • Withdraw consent where processing is based on consent (for example, HealthKit access, by revoking permission in iOS Settings).

To exercise these rights, use your account settings or contact us at help@retrek.me. You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet), at datatilsynet.no.

10. Children

reTrek is not directed at children under 16. Users under 16 may only register with parental consent. If you become aware that a child under 16 has registered without consent, contact us so we can remove the account.

11. Security

We implement technical and organizational measures to protect your data, including TLS for all traffic, encryption at rest, regular backups, automated vulnerability scanning, role-based access control, and secure secrets management.

12. Policy Updates

We may update this Policy from time to time. The “Last updated” date indicates when changes took effect. For material changes, we will also post an in-app notice.

13. Contact

Questions about this Policy or about how we handle your data? Email us at help@retrek.me.

Do Not Panic AS is registered in Norway.