Privacy Policy — Tennis Elbow Oracle

Effective date: 2026-05-07 · App: Tennis Elbow Oracle · Publisher: Erwan Alliaume

1. Summary

Tennis Elbow Oracle (“the app”, “we”) is a self-management tool for tennis-elbow rehab. We collect the minimum data needed to run the app on your device and to calibrate your daily plan. We do not sell, rent, or share your data with advertisers. We do not run ads. We do not track you across other apps.

We use:

Anonymous Firebase Authentication so your data is tied to your install, not to your name or email.
Cloud Firestore to back up your stiffness logs, session logs, and progression state.
Google Play Billing + RevenueCat to manage subscriptions.
Firebase Crashlytics + Performance to detect crashes and slow startups.

You can delete all your data at any time from inside the app (Settings → Privacy → Delete my data) or by emailing erwan.alliaume@gmail.com.

2. Data we collect

2.1 Health and fitness data (sensitive)

We treat the following as sensitive health data and store it only in your private account:

Self-reported morning stiffness (a 0–10 score that you log daily, then bucketed for analytics).
Self-reported pain ratings logged after each exercise (Same/better, Slightly worse, Much worse).
Session completion logs — which exercises you completed, on what date, at what set level.
Match log entries — when you played tennis and how it felt.
Optional profile fields — racquet specs, clinician contact (only if you choose to enter them).

2.2 Account data

Anonymous authentication identifier — a random identifier generated on first launch. It is not linked to your real-world identity. Signing out abandons the identifier; a new one is minted on the next sign-in.

2.3 Subscription data

Purchase status and entitlement via Google Play Billing and RevenueCat. We do not see or store your card or payment information — Google handles that end-to-end.

2.4 Diagnostic data

Crash reports — stack traces, device model, OS version, app version. Stripped of any personal payload.
Performance metrics — startup duration, screen render times.
Per-install diagnostic identifier used for crash attribution. Not the Advertising ID; we have removed the AD_ID permission.

2.5 What we do NOT collect

We do not collect your name, email, phone number, address, or any government ID.
We do not collect precise or coarse location.
We do not access your camera, microphone, contacts, calendar, photos, files, or messages.
We do not access the Advertising ID and we do not run ads.
We do not track you across other apps or websites.

3. How your data is used

Purpose	Data used
Run the app on your device	All of the above
Calibrate today’s plan from yesterday’s stiffness	Self-reported stiffness, pain, session logs
Sync between your installs	Account data
Manage your subscription	Google Play purchase token, subscription entitlement
Diagnose crashes and slowness	Crash stack traces, performance traces, install identifier, device/OS version

We do not use your health data for advertising. We do not use it for training third-party AI models. We do not sell it.

4. Data sharing and processors

We share data only with the following processors, and only for the purposes listed:

Processor	Purpose	Data shared
Google Firebase (Authentication, Firestore, Crashlytics, Performance)	Backend, crash reporting	Anonymous identifier, session/morning logs, crash diagnostics
RevenueCat	Subscription management	Anonymous identifier, purchase status
Google Play Billing	Payment processing	Handled by Google; the app does not see card data

We do not share data with any other third party. We have no advertising partners.

5. Data retention

Account data and logs: retained until you delete them (in-app: Settings → Privacy → Delete my data) or close your account.
Crash logs: retained 90 days.
Performance traces: retained 90 days.
Subscription receipts: retained as long as legally required by tax law.

After deletion we keep no more than what is needed to comply with legal obligations (e.g. payment records).

6. Your rights

Depending on where you live, you may have rights under GDPR (EU/UK), CCPA/CPRA (California), LGPD (Brazil), and similar laws:

Access — see what data we hold about your install.
Deletion — erase your data.
Correction — fix inaccurate entries.
Portability — get a copy in a machine-readable format.
Withdraw consent — stop optional data collection at any time.

You can delete all your data immediately, without any request, from Settings → Privacy → Delete my data inside the app. To exercise any other right, email erwan.alliaume@gmail.com. We respond within 30 days. There is no charge.

7. Children under 13

Tennis Elbow Oracle is not designed for or directed at children under 13. The Play Store target audience is set to 18 and older. The app’s clinical framing, language, and feature set are aimed at adult recreational tennis players.

We do not knowingly collect personal information from children under 13. If you are a parent or guardian and you believe your child under 13 has provided data to the app, email erwan.alliaume@gmail.com and we will delete it promptly.

If a child between 13 and 18 uses the app under parental supervision, all of the protections in this policy apply, and we collect no additional data from teen users beyond what is documented above.

8. Security and data protection

We take the confidentiality of your data seriously and have security procedures in place to protect it:

Encryption in transit. All network traffic between the app and our processors uses TLS 1.2+ (HTTPS). Your data is encrypted whenever it leaves your device.
Encryption at rest. Data stored with our processors (authentication state, Firestore documents, crash logs, subscription records) is encrypted at rest by the underlying infrastructure (AES-256 on Google Cloud).
Per-user access controls. Database security rules require request.auth.uid == userId on every read and write — your data is not visible to other users, and we use the principle of least privilege internally.
Data minimization. We do not store personally identifying information at signup. Anonymous authentication is the default. The smaller the dataset, the smaller the breach surface.
No payment data. Card and payment-method data is handled entirely by Google Play. The app never sees, transmits, or stores it.
No advertising identifiers. The AD_ID permission is explicitly removed from the manifest; we cannot build an ad profile of you even if we wanted to.
Operational practices. Access to production data is limited, secrets are stored in a managed secrets manager (not in source code), and dependencies are kept current to address known vulnerabilities.

No system is perfectly secure. If we ever experience a breach affecting your data, we will notify affected users within 72 hours, as required by GDPR Article 33, with details of the data involved and the steps you can take to protect yourself.

9. International transfers

Our processors are operated in the United States. By using the app you consent to the transfer of your data to the US under their respective Standard Contractual Clauses with the EU Commission.

10. Permissions used (Android)

Permission	Why
`INTERNET`	Sync logs to our backend
`VIBRATE`	Haptic feedback during workouts
`FOREGROUND_SERVICE` / `FOREGROUND_SERVICE_MEDIA_PLAYBACK`	Keep the metronome timer running while the screen is locked
`MODIFY_AUDIO_SETTINGS`	Tempo metronome audio
`SYSTEM_ALERT_WINDOW`	Optional overlay for guided timer (requested only if you opt in)
`com.android.vending.BILLING`	Subscription purchases via Google Play
(removed) `com.google.android.gms.permission.AD_ID`	We do not collect the advertising ID

We do not request location, camera, microphone, contacts, calendar, photos, or background body-sensor permissions.

11. Changes to this policy

We will update this page when our practices change. The “Effective date” at the top will reflect the most recent change. Material changes will be announced in-app on first launch after the update.

This policy is provided as a privacy notice for an educational self-management app. Tennis Elbow Oracle is not a medical device and does not provide medical advice. Always consult a qualified clinician for medical concerns.