Privacy

Pacer+ is a small app for tracking activity, energy and symptoms in ME/CFS. It is built carefully, by a small team, and the people who use it are people we care about. The way we handle your data reflects that.

This page explains, in plain language, what Pacer+ stores, what it doesn’t, and what your rights are. If anything here is unclear, write to us — the addresses are at the bottom.

What we store

• Your email address, used only to sign you in.
• The activities, symptoms and notes you log in the app, with the time you logged them.
• A small amount of account information: when you signed up, when you last signed in, your preferences (such as a display name if you choose to set one).
• If you later connect a wearable or health app (this is not available yet), the health metrics you authorise. We will ask again, separately, before any of that happens.

What we don’t do

• We don’t use analytics, tracking pixels, or third-party advertising. There are no cookies beyond the one that keeps you signed in.
• We don’t send marketing emails, nudge emails, “you missed a day” emails, or any other prompt designed to get you to open the app. The only emails we send are sign-in links you asked for.
• We don’t sell your data. We never will.
• We don’t share your data with insurers, employers, researchers, or anyone else without your explicit, specific consent.

Where your data lives

Pacer+ runs on a server in Nuremberg, Germany, operated by netcup GmbH. The database is encrypted at rest. The connection between your device and Pacer+ is encrypted in transit using TLS.

Your sign-in emails are sent via Brevo (sendinblue SA, France), which receives your email address and the magic-link URL for the sole purpose of delivering the message. Brevo does not use this data for any other purpose.

We do not currently use Cloudflare, a CDN, or any analytics provider. If that changes — for example, if we add Cloudflare for storage of larger files in the future — we will update this page and tell you in the app before it takes effect.

How long we keep it

We keep your data for as long as your account is active. If you ask us to delete your account, we delete your activity logs, symptoms, notes and account record within 30 days. Backups roll off within a further 35 days, after which no copy remains.

Your rights

Under UK and EU data protection law, you have the right to:

• See a copy of the data we hold about you.
• Have inaccurate data corrected.
• Have your data deleted.
• Export your data in a portable format (we’ll send JSON).
• Withdraw consent for any optional data (e.g. wearable sync).
• Complain to a regulator — the Data Protection Commission (dataprotection.ie) in Ireland, or the Information Commissioner’s Office (ico.org.uk) in the UK.

To exercise any of these, email the relevant address below. We normally respond within a few days and always within 30 days, which is the legal maximum.

Health data and GDPR Article 9

Symptoms, energy and activity logs are “special category” health data under GDPR Article 9. We process this data only on the basis of your explicit consent, given when you sign up and used solely to provide the app to you. The database that holds your health data is isolated from any other application on the server, and no person, including us, accesses it routinely. We may access it only to investigate a fault you have asked us to investigate, or where required by law.

Who we are

Pacer+ is operated by two entities, depending on where you live. Both entities follow the same practices described on this page. Either address is fine for getting in touch — we’ll route internally.

Changes to this page

If we change anything material on this page — for example, adding a new service like Cloudflare, or beginning to sync data from a wearable — we will update the version number above and show a notice in the app the next time you sign in. We will not quietly change practices behind your back.