🇬🇧 EN
Tracking and third-party SDKs
How Strenqo handles telemetry, crash reporting and the absence of cross-context tracking.
Strenqo is published and operated by Andreas Mondo (Italian sole proprietorship, acting as data controller).
View company & tax details
Andreas Mondo (sole proprietorship) · Via Pianezza 16, 10040 Givoletto (TO), Italy · VAT IT13352600012 · Tax code MNDNRS05B17L219J · Email strenqo-support@strenqo.eu · PEC andreasmondo@ultracert.it
1. Foreword
Strenqo is a native mobile application (iOS and Android). It does not use cookies for its operation and does not integrate third-party advertising or behavioural-profiling SDKs.
This document transparently describes which telemetric SDKs are present in the app and how they are governed by user consent.
2. SDKs used in the app
2.1 Sentry — Crash reporting (optional, consent-gated)
- Provider: Functional Software, Inc. (operating in the EU as Sentry GmbH)
- Purpose: collection of stack traces, breadcrumbs and device information in case of app crash, for diagnosis and error fixing
- Ingest endpoint: EU / Germany (
ingest.de.sentry.io), verified in production. No extra-EU transfer for crash reporting. - Data collected (with PII redaction): crash event, stack trace, breadcrumbs, app version, OS, device model, pseudonymous user identifier (UUID — not email). Automatically redacted: fields whose name matches the pattern
email | password | token | secret | apiKey | sessionId | weight | height | phone | cookie | authorization. Free strings (error messages, breadcrumbs) are further scanned for email and token patterns which are replaced with[email]/[token]. - Residual PII: redaction is a mitigation, not a guarantee. Strings not covered by the patterns above may end up in crash reports despite redaction.
2.2 Consent behaviour
Crash reporting consent is not “global opt-in”:
- On cold start, Sentry is never initialised until the consent state has been loaded from local storage.
- If you have never made an explicit choice, we apply a per-market default once the country of residence is available:
| Market | Default Crash Reporting |
|---|---|
| European Union (27 Member States) | Off (pure opt-in) |
| EEA non-EU (NO, IS, LI) | Off |
| United Kingdom (UK-GDPR) | Off |
| Switzerland (nFADP) | Off |
| Any unrecognised / unknown country | Off (conservative default) |
| United States | On (opt-out) |
| Canada | On |
| Australia, New Zealand | On |
| Japan, Singapore, South Korea | On |
At any time you can change your choice in Profile → Support, privacy and legal → Diagnostics and crash report.
3. SDKs NOT present
For transparency, Strenqo does not integrate any of:
| Category | SDKs not present (non-exhaustive) |
|---|---|
| Third-party analytics | Google Analytics for Firebase, Mixpanel, Amplitude, PostHog, Heap |
| Attribution / Mobile measurement | AppsFlyer, Adjust, Branch, Singular |
| Advertising / Ad SDKs | Google AdMob, Meta Audience Network, Unity Ads, AppLovin, IronSource |
| Behavioural trackers | Facebook SDK, TikTok SDK |
| Web cookies | None (the app is native, not a web wrapper) |
Consequently: Strenqo does not read iOS IDFA / Android AAID, does not share advertising identifiers with third parties, does not profile the user for cross-context marketing, and does not present the App Tracking Transparency (ATT) prompt.
4. Platform SDKs (Apple / Google)
To ensure the native operation of the app, mandatory platform SDKs are present:
- Apple HealthKit (iOS) and Google Health Connect (Android): on-device health data read/write, only with OS explicit consent
- Apple Push Notification service / Firebase Cloud Messaging: local and push notifications, only with explicit consent
- Google Maps SDK Android: map tile rendering for outdoor cardio routes — only if you use the GPS feature
5. Cloud wearable integrations (not tracking)
Strenqo offers OAuth-based integrations with third-party fitness cloud platforms — currently Whoop and Oura (see Subprocessor list §3 for the complete list, which may be updated in the future with providers such as Garmin Connect, Polar Flow, Fitbit / Google Fit, Suunto, Coros, Withings, Samsung Health). These integrations are not tracking SDKs and are not subject to the analyses in §2 / §3 of this Policy: they are explicit, on-demand data transmissions authorised by the user via OAuth at the third-party provider.
What you should know:
- No SDK of those providers is embedded in the Strenqo app. There is no background tracking. Data is fetched server-side by our Supabase Edge Function on a scheduled sync (typically once per day) after you have connected the provider.
- You decide each provider individually: connecting Whoop does not connect Oura, and vice versa.
- You can disconnect at any time from Profile → Connected health, or from the provider's own dashboard.
- No advertising identifier is exchanged with the provider; only the OAuth tokens and your provider user-id stored on our backend.
- We do not import the provider's proprietary scores (Whoop recovery/strain, Oura readiness, etc.) — only the raw biometric inputs.
Details on GDPR controllership and on the data flow are in the Privacy Policy §4.A and in the Subprocessor list §3.
6. Connected sub-processors (only if authorised)
Data possibly transmitted to third-party sub-processors (OpenAI for AI Coach, RevenueCat for subscriptions, Resend for transactional emails) never occurs for advertising or profiling purposes. See the Subprocessor list for full details.
7. User rights
Your choices on consent toggles can be changed at any time from Profile → Support, privacy and legal. To completely disable Crash Reporting:
- Open Strenqo
- Tap “Profile”
- Expand the “Support, privacy and legal” card
- Disable “Diagnostics and crash report”
On the next launch after disabling, the Sentry SDK is no longer initialised.
8. Contacts
- Email: strenqo-support@strenqo.eu
- PEC: andreasmondo@ultracert.it