Privacy Policy

Last updated: April 4, 2026

1. Data Controller

The data controller is Martin Švec, operator of the Wearbase service (hereinafter "we" or "Controller"). Contact: privacy@wearbase.eu.

2. Data We Collect

Account Data

• Email address (for authentication and communication)

Health and Fitness Data from Devices

When you connect your Oura Ring or Whoop device, we process:

• Sleep score, sleep stages, sleep duration
• Recovery/readiness score
• Heart rate variability (HRV), resting heart rate
• Strain and activity scores
• SpO2, skin temperature, respiratory rate
• Workout data (type, duration, heart rate)
• Other metrics provided by the Oura and Whoop APIs

User Notes

• Custom tags and notes assigned to days (e.g., alcohol, illness, travel)

3. Purpose of Processing

• Displaying your health data in a unified dashboard
• Comparing data from Oura Ring and Whoop side by side
• Generating insights and trends
• Providing the service and technical support

4. Legal Basis

Processing is based on your explicit consent (Article 9(2)(a) GDPR), which you grant by connecting your device via OAuth. You can withdraw consent at any time by disconnecting your device in settings or deleting your account.

5. Data Sharing

We do not sell or share your data with third parties for marketing purposes. We only share data with:

• Neon (database hosting) — for data storage
• Vercel (application hosting) — for running the service
• Oura / Whoop — only as part of OAuth authorization (access tokens)

6. Storage and Security

• Data is stored in an encrypted Neon Postgres database (EU region — Frankfurt)
• OAuth tokens are encrypted using AES-256 before storage
• All communication is via HTTPS/TLS
• Data access is restricted to your authenticated user account

7. Data Retention

We retain your data for as long as your account exists. After account deletion, all data will be permanently removed within 30 days.

8. Your Rights

You have the right to:

• Access your data
• Rectify inaccurate data
• Erase your data (right to be forgotten)
• Data portability (export in CSV/JSON format)
• Withdraw consent
• Lodge a complaint with a supervisory authority

9. Cookies

We only use essential cookies for authentication and session management. We do not use marketing or third-party tracking cookies.

10. Changes to This Policy

We will notify you of changes to this policy via email or in-app notification.

Contact

For privacy-related inquiries, contact us at privacy@wearbase.eu.