Privacy Policy

Introduction

StepGo ("we," "our," or "the app") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application.

Information We Collect

Activity Data

• Step Count: We access your device's step count data through Google Fit Recording API to display your daily walking activity.
• Distance Traveled: We calculate and store the distance you've walked based on your step count and height using your device's sensors.
• Daily Statistics: Historical data of your daily step counts and distances are tracked and stored locally in database.

User Preferences

• Height (in centimeters): Used to accurately calculate distance from step count using stride length formula.
• Daily Step Goal: Your personal fitness goal (default: 8,000 steps) for tracking progress.
• Onboarding Status: Whether you've completed the initial app setup.

Technical Information

• Google Play Services: We check for Google Play Services availability and version to ensure proper functionality of the Google Fit Recording API.

How We Use Your Information

We use the collected information solely for:

• Displaying your daily and historical step count
• Calculating walking distance based on your height and stride length or as tracked by device sensors

Data Storage

Local Storage

• All your data is stored locally on your device using the following technologies:
  • Room Database: Stores daily step counts and distances in a local SQLite database
• No data is transmitted to external servers or third-party services
• Data persists across app updates
• App does not sync data to servers. Hence there are no backups for data. Once app is uninstalled, data cannot be recovered.

Google Fitness Integration

• We use Google Fit's Recording API to read step count and distance data
• We only read data; we do not write, modify, or upload any data to Google Fit
• No Google account sign-in required - we use the Local Recording API that accesses on-device sensor data

Permissions Required

App requests for the ACTIVITY_RECOGNITION permission.

ACTIVITY_RECOGNITION (Required for core functionality)

• Purpose: Required to access step count and distance data from Google Fit Recording API
• Usage: Used when the app is in the foreground for real-time sync
• Data Accessed: Only step count and distance - no other sensor or fitness data
• Your Control: You can revoke this permission at any time in device settings (Settings → Apps → StepGo → Permissions)
• Effect of Denial: App cannot function without this permission as it's essential for step tracking

Third-Party Libraries Used

We only use the following essential Android libraries:

• Google Play Services Fitness API - For reading on-device step count data (no data sent to Google servers)
• AndroidX Libraries - Standard Android Jetpack components (Room, DataStore, WorkManager, Compose)
• Hilt - Dependency injection (runs locally, no network)
• Kotlin Coroutines - Asynchronous programming (runs locally)

None of these libraries collect or transmit your personal data.

Data Security

We implement several security measures to protect your data:

Storage Security

• Room Database: Uses Android's built-in SQLite encryption capabilities
• DataStore Preferences: Encrypted by Android's secure storage mechanisms
• App Sandbox: Data is stored in the app's private directory, inaccessible to other apps
• No world-readable files: All data files have restricted permissions

Communication Security

• Local API Only: Google Fit Recording API accesses on-device sensor data only
• No external API calls: We don't make HTTP requests to external servers
• No authentication tokens: No API keys, access tokens, or credentials stored

App Security

• Code Obfuscation: Release builds use ProGuard/R8 for code optimization and obfuscation
• No Debug Logs: Sensitive logs removed in production builds
• Permission Checks: Strict runtime permission checks before accessing sensor data
• Minimum SDK 29: Targets Android 10+, benefiting from modern Android security features

What We DON'T Do

• ✗ No unencrypted data transmission
• ✗ No data stored on SD card or external storage
• ✗ No data cached in temporary files
• ✗ No clipboard access
• ✗ No screenshot of sensitive data

Your Rights

You have the right to:

• Access: View all your stored data within the app
• Delete: Clear your data by uninstalling the app
• Control: Revoke permissions at any time
• Opt-out: Stop using the app to cease all data collection

Data Retention

• Local Retention: Data is retained locally on your device until you uninstall the app
• Automatic Deletion: Uninstalling the app permanently deletes all stored data from your device
  • Room database is deleted
  • DataStore preferences are deleted
  • No data remains after uninstallation
• No Backups: No backup copies are created outside your device
• No Cloud Sync: Data is never uploaded to cloud storage
• Manual Data Clearing: You can clear app data manually via Settings → Apps → StepGo → Storage → Clear Data

Children's Privacy

StepGo does not knowingly collect information from children under 13. The app is intended for general fitness tracking and is suitable for all ages.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be:

• Posted within the app
• Reflected in the "Last Updated" date

Important Clarification

• We use the Local Recording API, which accesses sensor data stored locally on your device
• We do NOT use the History API that would require Google account sign-in and cloud access
• Google Play Services acts as an intermediary to access device sensors, but data stays local
• Your step data is NOT synced to your Google account or Google's servers by our app

Open Source

StepGo is open to transparency. For technical implementation details, please contact us.

Compliance

This app complies with:

• Google Play Developer Program Policies
• Google Fit Developer Terms of Service
• General Data Protection Regulation (GDPR) principles
• California Consumer Privacy Act (CCPA) principles

Background Local Synchronization

• WorkManager: We use Android's WorkManager to schedule a daily background sync job which reads step data from operating system and stores it locally in app DB.
• Frequency: Once per day (using PeriodicWorkRequest with 1-day interval)
• Purpose: Keeps your step data up-to-date with Operating System.
• What It Does: Reads last 10 days of step and distance data and stores it in local database
• Battery Impact: Minimal - runs once daily and only when conditions are met (device idle, battery not low)
• No Network Upload: Background sync only reads from local Google Fit data, no network calls to external servers
• User Control: Can be disabled by restricting background data for the app in Android settings

App Behavior

When App Is Open (Foreground)

• Displays real-time step count and progress

When App Is Closed (Background)

• No continuous tracking - app uses WorkManager for once-daily sync
• No location tracking
• No background services running continuously
• Respects Android's battery optimization

Data Flow

1. Device sensors (accelerometer, gyroscope) detect movement
2. Android OS counts steps using its built-in step counter
3. Google Play Services stores this count locally (up to 10 days)
4. StepGo reads this local data via Recording API
5. StepGo stores daily totals in local Room database
6. Data displayed in the app UI

No data leaves your device at any point in this flow.