Privacy Policy

Last Updated: October 31, 2025

Engelbaher, LLC ("we," "us," or "our") operates the Zora Cycling mobile application (the "App").

Your privacy is our top priority. Zora Cycling is designed to function entirely offline, without collecting, storing, or transmitting your personal data to any external servers or third parties.

1. Purpose of Data Processing

Zora Cycling processes fitness and sensor data solely for the purpose of providing indoor cycling training, simulation, and performance tracking on your device.

We do not operate a cloud backend or external database. All data processing occurs locally on your iPhone and, if used, your Apple Watch.

2. No Remote Data Collection or Transmission

We do not collect, transmit, or store any personal information on external servers, third-party systems, or infrastructure we control.
All data processing and storage occur exclusively on your device.

Specifically, we do NOT:

• Transmit data to our servers or any remote system
• Collect data from your device to external databases
• Access device identifiers for tracking purposes
• Gather analytics, telemetry, or usage statistics
• Implement advertising or marketing SDKs

3. Bluetooth Device Connectivity

Zora Cycling connects to compatible Bluetooth-enabled devices such as indoor cycling trainers, sensors, heart-rate monitors, and other fitness accessories.
These connections allow the App to receive or send performance and fitness-related data for workout tracking and simulation.

3.1 Data Transmission to Devices

The App may transmit control signals (e.g., target power, simulated gradient, or resistance changes) to connected devices to enable realistic simulation or structured workouts.

This communication:

• Occurs only over Bluetooth between your device and the connected accessory
• Contains no personally identifiable data
• May include fitness or performance metrics (e.g., power, cadence, heart rate) transmitted solely between your device and the connected sensor
• Exists solely to control resistance or exchange live performance data

No Bluetooth data or identifiers are transmitted to the internet or any external system.

3.2 Bluetooth Technical Details

During Bluetooth pairing, your device and connected accessory exchange technical identifiers (such as temporary MAC addresses and device names) required by the Bluetooth protocol.

These identifiers:

• Are handled solely by Apple's CoreBluetooth framework
• Are not transmitted outside your device
• Are not stored by Zora Cycling beyond iOS's automatic pairing memory
• Cannot identify you personally without physical access to your accessory

The App may remember your paired device identifier locally to enable automatic reconnection. This identifier remains stored only within the App's sandbox.

3.3 Optional Heart-Rate and Sensor Devices

In future versions, the App may allow connection to compatible Bluetooth heart-rate monitors, headphones, or other fitness sensors and accessories.

Any fitness or health-related data (such as heart rate, power, cadence, or speed) received or transmitted between these connected devices:

• Is processed and displayed locally on your devices
• May pass between your paired accessories (for example, from a trainer through the phone to a watch for display, or from a heart-rate sensor to the phone)
• Is never transmitted to Engelbaher, LLC servers or any third-party systems
• May, at your discretion, be written to Apple Health if you grant HealthKit permission

All such data routing occurs exclusively within your personal devices using Apple's Bluetooth or HealthKit frameworks and does not involve any external network transmission.

4. Apple Health (HealthKit) Integration

Zora Cycling optionally integrates with Apple Health (HealthKit) to read and write cycling metrics for your convenience. All HealthKit data access occurs locally on your device.

We never receive, store, or transmit HealthKit data.

4.1 Reading Data from Apple Health

With your explicit permission, the App may read:

• Cycling workouts (duration, distance, start/end time)
• Heart rate
• Active energy burned
• Cycling power, speed, and cadence

These data are read only to display workout history and performance summaries inside the App. Data are processed locally and never leave your device.

4.2 Writing Data to Apple Health

With your permission, the App may write:

• Cycling workouts recorded in the App
• Heart rate and energy burned during those workouts
• Cycling distance and power data

This ensures your workouts contribute to Apple Fitness, Activity Rings, and Health trends.

4.3 Apple Watch Mirroring

If you use Apple Watch with Zora Cycling, HealthKit securely mirrors workout session data (such as heart rate and elapsed time) between your iPhone and Watch using Apple's encrypted Bluetooth protocols.
We never see or access mirrored data between these devices.

4.4 Apple's Role and iCloud Sync

Once data is stored in HealthKit or iCloud, Apple becomes the data controller.

• We cannot access your iCloud account or synced Health data.
• Synchronization across devices is governed entirely by Apple's iCloud and HealthKit privacy policies.

Apple Services Privacy Policies:

• Apple Privacy Policy
• Apple Health
• iCloud

Engelbaher, LLC and this App are not affiliated with Apple Inc. All Apple services are governed by Apple's respective terms and privacy policies.

4.5 Managing Permissions

You can review or revoke Health permissions at any time:
Settings → Privacy & Security → Health → Zora Cycling

Revoking read or write access only limits HealthKit functionality; the App will continue working locally.

4.6 Sensitive Health Data

Heart-rate, energy expenditure, and similar metrics qualify as special-category health data under certain privacy laws.
These data:

• Are processed locally on your device only
• May originate from Apple Health or from connected Bluetooth sensors, depending on your configuration
• Require your explicit HealthKit permission before access
• Are never transmitted to Engelbaher LLC or third parties
• Remain under your exclusive control via iOS privacy settings

5. Data Stored Within the App

5.1 What Is Stored

The App stores the following categories of data locally:

Workout Session Data

• Date, start/end time, and duration
• Instantaneous and averaged metrics – power (W), cadence (RPM), speed, distance, heart rate
• Trainer resistance or simulation parameters during the ride

Performance Analytics

• Aggregated statistics and historical trends (computed locally only)

User Preferences

• Measurement units, display options, and configured target zones
• Paired trainer identifiers used for reconnection

No demographic information, contact details, or location data are stored.

5.2 Storage Location

All data is stored exclusively within the App's sandbox, encrypted by iOS.
We do not use cloud storage or remote databases.

5.3 Device Backups

If iCloud Backup is enabled, iOS may include App data in your encrypted iCloud backup.
If you back up your device locally using Finder or iTunes, the App's data will also be included in that encrypted backup.

All backups:

• Are managed entirely by Apple or your backup software
• Are protected by iOS-level encryption
• Are never accessible to Engelbaher LLC

5.4 Deleting Your Data

To delete data:

• Swipe left on any workout in History → tap "Delete"
• Or delete the App entirely to erase all stored data

Deleting the App permanently removes all locally stored workouts and settings. This data cannot be recovered.
Workouts already written to Apple Health must be deleted within the Health app.

6. No Third-Party SDKs or Tracking

The App does not include or communicate with any third-party frameworks or analytics SDKs such as Firebase, Google Analytics, Facebook SDK, or ad networks.

All code is built with Apple's native frameworks (SwiftUI, CoreBluetooth, HealthKit, and Foundation).

6.5 Apple Diagnostics and Crash Reports

Zora Cycling does not include custom crash-reporting or analytics frameworks.
If you have enabled "Share iPhone Analytics" in iOS Settings → Privacy & Security → Analytics & Improvements, Apple may collect anonymized crash logs.
These reports:

• Are managed entirely by Apple
• May include device model, iOS version, and error traces
• Contain no personal, workout, or health data
• Are governed by Apple's Privacy Policy

We may review aggregated, anonymized crash summaries provided by Apple solely to improve app stability.

7. Children's Privacy

Zora Cycling does not collect personal information from anyone, including children under 13 (or under 16 in the EEA).
All data remains stored locally on the user's device or within their Apple Health database.

Parents or guardians control HealthKit permissions and iCloud sync on their child's device.

8. Data Security

While the App does not transmit or store your data remotely, we take on-device security seriously.

8.1 Technical Measures

• Local storage within iOS sandbox
• System-level encryption (Data Protection API)
• No external connections or server endpoints
• No login credentials or tokens stored

8.2 Your Responsibility

To keep your data secure:

• Use a device passcode and Face ID/Touch ID
• Keep iOS up to date
• Avoid jailbreaking your device
• Enable "Find My iPhone" for remote wipe capability

8.3 Reporting Security Issues

If you discover a potential security vulnerability, contact us at privacy@engelbaher.com.

9. Privacy Rights by Region

9.1 European Union (GDPR)

You may access, correct, or delete your data directly on your device or in Apple Health.
We do not act as a "data controller" because we never receive or process your personal data externally.

For HealthKit data stored in iCloud, contact Apple:
https://www.apple.com/legal/privacy/contact/

9.2 California (CCPA)

We do not "collect," "sell," or "share" personal information under CCPA definitions.

9.3 Other Regions

This Privacy Policy is designed to comply with GDPR, CCPA, PIPEDA (Canada), and the Privacy Act 1988 (Australia).
Because all processing is local to your device, data transfer provisions do not apply.

10. Health and Medical Disclaimer

Zora Cycling is a fitness training and simulation tool, not a medical device.

It is not intended to diagnose, treat, cure, or prevent any disease.
Consult a qualified healthcare provider before beginning any new exercise program.

During exercise, stop immediately if you experience chest pain, dizziness, or severe shortness of breath.

All metrics (heart rate, power, calories, etc.) are estimates and may vary in accuracy.

11. Changes to This Policy

We may update this Privacy Policy if required by new features, legal obligations, or platform guidelines.

If a future version introduces any networked features or remote data processing, we will update this policy before release and request user consent.

The updated version will be posted within the App and on our website.
Your continued use of the App constitutes acceptance of any updates.

12. Contact Us

If you have any questions about this Privacy Policy, please contact:

Email: privacy@engelbaher.com
Website: https://engelbaher.com

We will review and respond to inquiries as soon as reasonably possible.

13. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of the State of Washington, United States, without regard to its conflict-of-law provisions.

Subject to mandatory local consumer-protection laws in your jurisdiction, disputes arising under this Privacy Policy may be resolved in the state or federal courts located in King County, Washington, USA.
Nothing in this section limits your statutory rights under the laws of your country of residence, including rights under the GDPR or other applicable privacy regulations.

Engelbaher, LLC https://engelbaher.com
Last Updated: October 31, 2025