Apps EasyRow · Legal

Privacy Policy

As of: June 2026

1. Introduction and overview

We have prepared this privacy policy to explain to you, in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 (GDPR) and the German Federal Data Protection Act (BDSG), which personal data we process within the mobile application “EasyRow” (the “App”), for what purposes this is done, and what rights you have.

EasyRow is a rowing training game that can optionally connect to compatible rowing machines (ergometers) via Bluetooth in order to transfer your training data into the gameplay.

2. Controller

The controller responsible for data processing within the meaning of the GDPR is:

SynthScript, owner Christoph Kretschmer
Hornisgrindestraße 9
77855 Achern
Germany
Phone: +49 7841 627 44 00
Email: info@synthscript.de

3. What data we process — an overview

In principle, we process personal data only insofar as this is necessary to provide the App and its functions. Specifically, this may include:

  • Account and identification data (anonymous player ID, possibly linked platform IDs)
  • Training and performance data (e.g. distance, stroke rate, power in watts, pace, calories, training duration, timestamps)
  • Health-related data (heart rate, if your rowing machine or a paired sensor transmits it)
  • Device and connection data (Bluetooth device identifiers, technical device information, operating system version)
  • Purchase and transaction data for in-app purchases (via the respective app store platform)

We do not deliberately collect any data that is not required for the operation of the App.

4. App access permissions

So that certain functions can be used, the App requests the following permissions — depending on your operating system. You may decline to grant them; in that case the respective functions are unavailable or only partially available.

  • Bluetooth / Bluetooth scan and connection: Required to establish a connection to your rowing machine and to receive training data.
  • Location (on Android devices): The Android operating system technically requires the location permission in order to scan for and connect to Bluetooth Low Energy devices. We do not collect, store or transmit your geographic location in this process. The permission is used exclusively for the Bluetooth device scan.
  • Internet access: Required for sign-in, cloud synchronisation of your training data and in-app purchases.

5. Bluetooth connection to rowing machines

When you pair your rowing machine, the App communicates locally with the device via Bluetooth Low Energy. In particular, the standardised FTMS profile (Fitness Machine Service) and the Concept2/CSAFE protocol are supported.

During training, the App receives measurements such as pace, stroke rate, stroke count, power (watts), distance covered, training duration and — if provided by the device — heart rate. This data is processed to control the gameplay and to display your training statistics.

The connection itself takes place exclusively locally between your mobile device and the rowing machine. This data is transmitted to us or to third parties only within the scope of the cloud storage of your training history described below.

6. Processing of health data (heart rate)

If your rowing machine or a connected sensor transmits your heart rate, we process it as health-related data within the meaning of Art. 9 GDPR. This processing is carried out exclusively on the basis of your explicit consent pursuant to Art. 9(2)(a) GDPR, which you give by pairing a heart-rate-capable device and using the corresponding function.

The heart rate is used solely to display and record your training performance. You can withdraw this consent at any time with effect for the future by disconnecting the heart-rate-capable device, not using the function, or deleting the relevant training records.

7. Player sign-in and authentication

To provide functions such as cross-device synchronisation of your training history, the App uses the authentication service of Unity Gaming Services.

By default, sign-in is anonymous. You are assigned a randomly generated, anonymous player ID; a local session token is stored on your device so that you remain signed in on subsequent launches. Personal details such as name or email address are not required for this.

Optionally, you can link your game account with Google Play Games (Android) or Apple Game Center (iOS) in order to associate your progress with a platform account and restore it across multiple devices. During linking, authentication features (e.g. an authentication token or a platform-specific player ID) are exchanged between the respective platform and Unity Gaming Services. This linking is voluntary.

The legal basis is Art. 6(1)(b) GDPR (provision of the requested functions) and, with regard to the optional linking, Art. 6(1)(a) GDPR (consent).

8. Cloud storage of the training history (Cloud Save)

Your completed and ongoing training sessions (“runs”) are stored via the Unity Cloud Save service, provided you are signed in. This preserves your training history and allows it to be restored on other devices.

In particular, the following are stored: a unique run identifier, the associated course/track identifier, start and end time, total duration, distance covered, number of strokes, average pace, average stroke rate, average power, calories burned, as well as detailed segment and stroke data (splits). This data is associated with your player ID.

The legal basis is Art. 6(1)(b) GDPR. Insofar as it contains heart-rate data, section 6 of this policy additionally applies (Art. 9(2)(a) GDPR).

9. In-app purchases

The App offers the option to purchase paid content via in-app purchases. Payment is processed exclusively via the platform of the respective app store (Google Play Store or Apple App Store). We do not receive any payment data such as credit card numbers, but only a confirmation of the successful purchase, which is used to unlock the purchased content.

The data protection provisions of the respective platform operator apply to payment processing. The legal basis for processing the purchase confirmation is Art. 6(1)(b) GDPR.

10. Services used and recipients of data

To provide the functions mentioned, we use the following services, which may act as data processors or as independent controllers:

  • Unity Gaming Services (Authentication, Cloud Save) – Unity Technologies. These services process your anonymous player ID and your training history in order to provide sign-in and cloud synchronisation.
  • Google Play Games Services / Google Play Billing – Google. Used for the optional platform sign-in and for processing in-app purchases on Android.
  • Apple Game Center / Apple In-App Purchase – Apple. Used for the optional platform sign-in and for processing in-app purchases on iOS.

A transfer to countries outside the EU/EEA (in particular to the USA) cannot be ruled out in connection with these services. Insofar as this occurs, the transfer is based on appropriate safeguards pursuant to Art. 44 et seq. GDPR, in particular the European Commission’s Standard Contractual Clauses.

Where necessary, we have concluded data processing agreements with processors pursuant to Art. 28 GDPR.

11. Local storage on your device

Certain data — such as game settings, a session token to maintain your sign-in, and cached training data — is stored locally on your device. This data generally remains on your device and is removed by clearing the App data or uninstalling the App.

12. Analytics and diagnostic data

The App is based on the Unity engine. Within the scope of the Unity services used and the Google Play and Apple App Store platforms, technical diagnostic and usage data (e.g. device and operating system information, crash reports, anonymous identifiers) may be processed to a limited extent in order to ensure the stability and functioning of the App. The legal basis is our legitimate interest in the error-free and secure operation of the App pursuant to Art. 6(1)(f) GDPR.

13. Retention period

We store personal data only for as long as is necessary for the respective purposes. Your training history remains stored until you delete it or delete your account. Locally stored data remains on your device until the App data is cleared or the App is uninstalled. Where statutory retention periods exist, the affected data is retained until those periods expire and is then deleted.

14. Deletion of account and data

You can delete individual training sessions within the App. In addition, you can have your game account and the associated data stored in the cloud deleted. The App provides a function for account deletion for this purpose; alternatively, you can contact us using the contact details above.

15. Your rights

Within the framework of the statutory requirements, you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to withdraw a given consent with effect for the future (Art. 7(3) GDPR)

An informal message to the contact details above is sufficient to exercise these rights.

You also have the right to lodge a complaint with a supervisory authority. The authority responsible for us is:

The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg
Lautenschlagerstraße 20, 70173 Stuttgart

16. Data security

We take appropriate technical and organisational measures to protect your data against unauthorised access, loss or manipulation. Data transmission between the App and the cloud services used is encrypted (TLS).

17. Children

The App is not specifically directed at children. We do not knowingly collect personal data from children without the consent of their legal guardians. If you become aware that a child has provided us with data without the corresponding consent, please send a message to the contact details above.

18. Changes to this privacy policy

We reserve the right to amend this privacy policy so that it always complies with current legal requirements or in order to implement changes to our functions. The version in force at the time will then apply to your renewed visit or continued use.