Introduction
Marketmotion LLC ("we," "us," or "our") operates Telemetry Studio, a desktop application for creating cycling video overlays, and the telemetrystudio.com website (collectively, the "Service").
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By using the Service, you consent to the data practices described in this policy.
If you have questions about this Privacy Policy, please contact us at [email protected].
1. Information We Collect
1.1 Desktop Application
Telemetry Studio is a local-first application. Your project files, video files, and telemetry data remain on your device and are never uploaded to our servers.
We collect the following information through the desktop application:
| Data Type | What We Collect | Purpose |
|---|---|---|
| Device Identifier | A hashed hardware identifier (machine fingerprint) derived from your device configuration | License validation and activation limit enforcement |
| Platform Information | Operating system (macOS/Windows), CPU architecture | License activation and support |
| License Key | Your purchased license key (stored locally in OS Keychain) | Software activation |
| Activation ID | Unique identifier for your license activation | License management and deactivation |
| Timestamps | When license was activated and last validated | Offline grace period management |
Device Identifier Clarification: The device identifier is a cryptographic hash of hardware characteristics. It cannot be used to personally identify you and is not biometric data. It is used solely to ensure your license is not used on more devices than permitted.
Crash Reports (Optional): If enabled, we collect crash reports via Sentry, which may include stack traces and error messages, device model and OS version, app version, and anonymized session data. Personally identifiable information is not sent with crash reports by default.
1.2 Strava Integration
When you connect your Strava account, we access (with your explicit authorization):
| Data Type | What We Access | Storage |
|---|---|---|
| Athlete Profile | ID, name, profile picture URL, FTP, weight | Cached locally during session |
| Activities | Activity name, sport type, date, distance, duration, elevation | Cached locally during session |
| Activity Streams | GPS coordinates, altitude, heart rate, cadence, power, speed | Cached locally during session |
| Segments | Segment details and your efforts | Cached locally during session |
Storage: Strava OAuth tokens are stored securely in your operating system's credential manager (macOS Keychain or Windows Credential Manager). Activity data is cached locally during your session and is not transmitted to our servers.
Disconnecting: You can disconnect Strava at any time via Settings, which deletes all stored tokens and cached data.
1.3 Mapbox Integration
When you use map overlays, your GPS route coordinates are transmitted to Mapbox to render map tiles. Mapbox may collect geographic coordinates from your route and device information for quality and analytics.
Mapbox's privacy policy governs their data handling: https://www.mapbox.com/legal/privacy
1.4 Website (telemetrystudio.com)
We collect the following through our website:
| Data Type | What We Collect | Purpose |
|---|---|---|
| Email Address | When you join our waitlist or purchase | Product updates, license delivery |
| Payment Information | Processed by Polar.sh (we do not store card numbers) | Purchase processing |
| Analytics Data | Page views, clicks, device type, browser (via PostHog) | Website improvement |
| Trial Information | Device fingerprint, start date, email (optional) | Trial management |
1.5 Information We Do NOT Collect
- We do NOT scan or access your video content
- We do NOT upload your project files to any server
- We do NOT track your location in real-time
- We do NOT sell your personal information to third parties
- We do NOT use your data for advertising purposes
2. How We Use Your Information
We use the information we collect to:
| Purpose | Data Used |
|---|---|
| Provide the Service | License validation, feature access, Strava integration |
| Prevent Fraud | Device identifier to enforce license limits and prevent trial abuse |
| Improve the Product | Crash reports, anonymous usage analytics |
| Customer Support | Email address, license information |
| Communications | Email for license delivery, product updates, support |
| Legal Compliance | Financial records for tax purposes |
3. Legal Basis for Processing (GDPR)
For users in the European Union and European Economic Area, we process your personal data under the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| License validation and activation | Contract Performance - Necessary to provide the software you purchased |
| Device identifier collection | Legitimate Interest - Fraud prevention and license enforcement |
| Strava data access | Consent - You explicitly authorize via OAuth |
| Crash reports | Consent - You can enable/disable this feature |
| Email communications | Consent (marketing) or Contract (transactional) |
| Website analytics | Legitimate Interest - Improving our website |
| Payment processing | Contract Performance - Processing your purchase |
Legitimate Interest Assessment: For device identifier collection, we have conducted a balancing test and determined that our interest in preventing license fraud is legitimate, the processing is necessary (no less invasive alternative exists), the impact on data subjects is minimal (hash cannot identify individuals), and we have safeguards in place (data minimization, security).
4. Information Sharing and Third Parties
We share your information with the following third-party service providers:
4.1 Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| Polar.sh | Payment processing, license management | Email, payment info, license key |
| Strava | Activity data integration | OAuth tokens (stored locally) |
| Mapbox | Map tile rendering | GPS coordinates |
| PostHog | Website analytics | Page views, events, IP address |
| Resend | Transactional emails | Email address |
| Sentry | Crash reporting (optional) | Error data, device info |
4.2 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
4.3 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.
4.4 We Do NOT Sell Your Data
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
5. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and service providers are located.
For EU/EEA Users: When we transfer your data outside the EU/EEA, we ensure adequate protection through EU-U.S. Data Privacy Framework certification (where applicable), Standard Contractual Clauses approved by the European Commission, and other legally recognized transfer mechanisms.
6. Data Retention
We retain your data for the following periods:
| Data Type | Retention Period |
|---|---|
| License/Account Data | Duration of your license + 1 year after expiration |
| Payment Records | 7 years (legal/tax requirements) |
| Email (Waitlist) | Until you unsubscribe or 24 months of inactivity |
| Strava Tokens | Until you disconnect Strava |
| Crash Reports | 90 days |
| Website Analytics | 26 months |
| Trial Records | 1 year after trial expiration |
Local Data: Project files and preferences stored on your device are retained until you delete them. We have no access to this data.
7. Your Privacy Rights
7.1 Rights for All Users
Regardless of your location, you have the right to:
- Access - Request a copy of your personal data
- Correction - Request correction of inaccurate data
- Deletion - Request deletion of your data (subject to legal requirements)
- Opt-Out - Unsubscribe from marketing communications
7.2 Additional Rights for EU/EEA Users (GDPR)
If you are in the European Union or European Economic Area, you also have the right to:
- Restrict Processing - Request limitation of how we use your data
- Data Portability - Receive your data in a structured, machine-readable format
- Object - Object to processing based on legitimate interest
- Withdraw Consent - Withdraw consent at any time (where processing is based on consent)
- Lodge a Complaint - File a complaint with your local data protection authority
7.3 Additional Rights for California Residents (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know - Request disclosure of personal information collected
- Delete - Request deletion of your personal information
- Opt-Out of Sale - We do not sell your personal information
- Non-Discrimination - We will not discriminate against you for exercising your rights
7.4 How to Exercise Your Rights
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days (or sooner as required by applicable law). We may need to verify your identity before processing your request.
8. Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption - Sensitive data is encrypted in transit (TLS) and at rest
- Secure Storage - License keys and tokens stored in OS-level secure credential managers (macOS Keychain, Windows Credential Manager)
- Access Controls - Limited employee access to personal data
- Hashing - Device identifiers are stored as one-way cryptographic hashes
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
9. Children's Privacy
The Service is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.
If you believe we have collected information from a child under 16, please contact us at [email protected].
10. Updates to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on our website, updating the "Last Updated" date, and sending you an email notification (for material changes).
Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Marketmotion LLC
Email: [email protected]
Website: https://telemetrystudio.com
For EU Users: If you have concerns about our data processing that we have not satisfactorily addressed, you have the right to lodge a complaint with your local data protection authority.
Summary: Telemetry Studio is designed with privacy in mind. Your videos and projects stay on your device. We collect only what's necessary to provide our service (license validation, optional crash reports) and integrate with services you authorize (Strava, Mapbox). We do not sell your data or use it for advertising.