Privacy Policy

If you are accessing this from the EU, the German version at /datenschutz.html is the authoritative version under GDPR.

1. Data Controller

2. Scope

This privacy policy applies to the website zenduro.app (including www.zenduro.app) and to the iOS app Zenduro, distributed via Apple's App Store and TestFlight.

3. Server logs (Website)

When you visit the website, the server automatically records technically necessary information:

• IP address
• User-Agent (browser and device information)
• requested URL
• HTTP status code
• timestamp

The legal basis is Art. 6 (1) lit. f GDPR (legitimate interest in operating and securing the site). Logs are kept only as long as needed for security and diagnostic purposes and are then automatically deleted. Logs are not shared with third parties.

4. Cookies and tracking (Website)

This site sets no cookies, runs no analytics, embeds no third-party trackers or ad networks, and performs no fingerprinting.

5. Fonts (Website)

All fonts (Sora, IBM Plex Mono) are served locally from our own server. No external font CDNs (e.g. Google Fonts) are used. Loading fonts does not transmit any data to third parties.

6. Hosting (Website)

The website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Servers are located in Germany.

7. iOS app: Location data

The app accesses your device location via CoreLocation only while the app is in use, or while you are actively navigating. Location data is used solely to display your position on the map and to compute routing progress. Location data is never persisted to disk and never transmitted to any server.

8. iOS app: Routing requests

When you compute a route, the request parameters (start and end coordinates, optional waypoints, profile settings) are sent to our server api.zenduro.app (Hetzner, Germany) and forwarded to the Valhalla routing engine. The server may log these requests for security and diagnostic purposes (same retention as section 3). The server does not store any per-user profile or ride history. There is no user-account system.

9. iOS app: Map and POI data

The app loads map tiles and geographic data from the following third parties. When these services are called, your IP address and the requested geographic parameters are visible to the third party:

• OpenFreeMap (map tiles, served via CloudFlare CDN) — openfreemap.org
• Nominatim (address search, operated by the OpenStreetMap Foundation) — nominatim.openstreetmap.org · Privacy policy
• Overpass API (POI search, community mirrors) — overpass-api.de

10. iOS app: No analytics, no tracking, no accounts

The app contains no analytics SDKs, no crash-reporting SDKs (beyond Apple's TestFlight defaults), no advertising identifiers, and no user-account system.

11. Contact by email

When you write to luca@zenduro.app, your address and message content are processed for the purpose of responding to your inquiry (Art. 6 (1) lit. b/f GDPR) and retained as long as needed to handle the conversation.

12. Your rights

You have the right to access (Art. 15 GDPR), rectify (Art. 16), delete (Art. 17), restrict processing of (Art. 18), object to processing of (Art. 21), and request portability of (Art. 20) your personal data. Use the contact details in section 1.

You also have the right to lodge a complaint with a supervisory authority. The competent authority for München is:

Last updated: 22 April 2026