anomalie
Legal · Last updated October 2025

Privacy Notice anomalie Web App

Introduction

Welcome to anomalie. Your privacy is a cornerstone of our service. We are committed to protecting your personal data and processing it in a way that is transparent, secure, and respectful of your rights. This Privacy Notice provides a detailed overview of our data practices. Your use of our App is subject to our Terms of Use, and the processing of your personal data is governed by the principles and legal bases described herein.

The processing of your data is carried out in strict compliance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”). Given that the core purpose of our App is to help you store and visualize your physical performance and further health data, we process data that is classified as health data under Art. 4(15) GDPR. This special category of personal data is subject to heightened protection, a responsibility we take seriously. This Privacy Notice explains the specific safeguards and legal bases we rely on to process your personal data lawfully and securely.

1. Name and Contact Details of the Controller

The controller for the processing of your personal data is anomalie GmbH, Marienburger Straße 26b, 10405 Berlin.

You can reach us via email: support@getanomalie.com

We have designated a data protection officer (“DPO”) who serves as an independent expert and your point of contact for all matters related to the protection of your personal data. You can reach our DPO with any questions, concerns, or requests to exercise your rights:

2. Purposes and legal bases for data processing

We process your personal data exclusively for specified, explicit, and legitimate purposes. Each processing activity relies on a valid legal basis as required by the GDPR. Due to the health-focused nature of our App, many of our processing activities depend on your explicit consent, which grants you direct control over how your personal data is used.

A. Core functionality of our App (contract performance & explicit consent)

To provide you with the full suite of services offered by our App, which includes the secure storage and visualization of your data, the processing of certain data is essential.

Data categories:

Purpose of processing:

Legal basis:

B. App analytics, cookies & tracking (explicit consent)

To ensure the security, stability, and continuous improvement of our App, we would like to use cookies and analytics tools to gather insights into how our App is used.

Important note on health data: When using an application that is specifically focused on health and physical performance, even technical usage data (like your IP address, device ID, or browsing patterns within the App) can allow for inferences to be made about your health status or interests. For this reason, we treat such usage data as health data, and its collection requires your explicit consent.

Data categories:

Purpose of processing:

Legal basis: The processing of this data is based on your explicit consent (Art. 9(2)(a) GDPR), which you can grant and manage within the App. You will be asked for this consent separately and transparently. You have the free choice to refuse or withdraw your consent at any time through the App, without any negative impact on the core functionality of the App.

Analytics providers: Google Analytics, Sentry, Vercel Analytics, Facebook Ads Manager, TikTok Ads Manager.

C. Communication with you (consent / legitimate Interest)

When you proactively contact us, for instance via email or a contact form, we process the data you provide to handle your request effectively.

Data categories: Your name, email address, the content and metadata of your message (including date and time), and any other data you voluntarily provide.

Purpose of processing: To respond to your inquiries, provide technical or user support, and manage our communication with you. This includes answering questions about our App, assisting with account issues, or receiving feedback.

Legal basis: Depending on the context, this processing is based on our legitimate interest in providing efficient and effective customer support (Art. 6(1)(f) GDPR). If your inquiry itself contains health data, our processing of that specific information is based on your explicit consent (Art. 9(2)(a) GDPR) as described under section A above.

D. Sharing data with health professionals (explicit consent)

Our App allows you to share your health and fitness data with a health professional of your choice (e.g., your doctor, coach, or physiotherapist). This optional feature is designed to put you in full control of your data.

Data categories: You have granular control and can select precisely which of your health and fitness data, analysis reports, or time periods you wish to share.

Purpose of processing: To enable you to provide a selected health professional with secure access to your data for the purposes of independent consultation, information sharing, and/or performance coaching.

Legal basis: This sharing functionality is based on your separate and explicit consent (Art. 9(2)(a) GDPR), which you can provide within the App.

Controller roles in the sharing process:

We inform you about the essential aspects of our joint control arrangement with health professionals:

E. Use of data for scientific research (explicit consent)

We ask for your consent to use your data for scientific research purposes.

Data categories: Your health and fitness data.

Purpose of processing: Your data will be processed to produce an anonymized dataset from which individuals cannot be re-identified. This process involves removing direct identifiers and aggregating the data. The resulting anonymized dataset may then be used by us or shared with trusted research partners (such as universities or sports science institutes) for scientific research.

Legal basis: This processing is based solely on your separate and explicit consent (Art. 9(2)(a) GDPR). Participation is voluntary. You can withdraw your consent at any time.

F. AI-powered features (explicit consent)

Not currently active. If activated, will require your separate and explicit consent.

G. AI model training (explicit consent)

Not currently active. If activated, will require your separate and explicit consent.

3. Recipients of personal data

We only disclose your data to trusted third-party service providers (processors) when necessary for providing our services, when legally compelled to do so, or when based on your explicit consent.

Categories of recipients:

4. International data transfers

We ensure equivalent data protection outside the EU/EEA by:

5. Data retention periods

6. Your rights as a data subject

You have the right to:

7. Data Security

We implement encryption (TLS 1.2+, AES-256), strict access controls, secure development environments, incident response plans, security reviews, and staff training.

8. Changes to this Privacy Notice

We may amend this notice. Significant changes will be communicated, and renewed consent will be sought where necessary.