Privacy Policy

Quiver is built and maintained by Allan Noer, an individual developer based in Denmark. There is no company behind it and no team — just a private side project.

Because of how the app is built (more on that in section 2), I do not host your data on a server I operate. I cannot see your bikes, your rides, or anything else you record in Quiver. The only way for me to learn anything about your use of the app is if you choose to email me.

Reach me at support@getquiver.app.

Quiver is a local-only app. Everything you record stays on your iPhone in a private database that only Quiver itself can read, inside Apple's app sandbox. No data is sent to a server I control, because there is no such server.

The data on your device:

• Bikes: the bikes you add — make, model, type, photo, and odometer.
• Components: chains, cassettes, tyres, brake pads and similar parts you track on each bike, with installation dates and wear thresholds.
• Rides: rides you log manually, including date, distance, and which bike was ridden.
• Service log: notes you record against component replacements or service events.
• Strava cache: if you connect Strava, a copy of the activity data Quiver fetches (date, distance, gear ID) is stored locally so the app works offline.

Strava OAuth access and refresh tokens are stored in the iOS Keychain, which is encrypted by the device and protected by your passcode or Face ID.

Quiver does not collect location data, heart rate, power data, or any other fitness or health metrics. It does not use advertising trackers, analytics SDKs, or third-party cookies. There is no telemetry of any kind.

Under the EU General Data Protection Regulation (GDPR), data is processed on the following legal bases:

• Performance of a contract (Article 6(1)(b)): the app processes the data you enter — bikes, components, rides, service notes — to deliver the functionality you installed it for. All of this happens on your device.
• Consent (Article 6(1)(a)):connecting Strava is entirely optional and requires your explicit approval through Strava's OAuth flow. You can revoke that consent at any time from Settings → Disconnect Strava.

On your iPhone, in the app sandbox. Wherever your phone goes, your Quiver data goes. There is no cloud copy, no backup on a Quiver server, no EEA data centre.

If you back up your iPhone to iCloud or to a Mac, the Quiver database is backed up too — that backup is governed by Apple's privacy terms, not these.

For as long as you keep Quiver installed. Removing the app removes its sandboxed database with it.

To wipe your data without deleting the app, open Settings → Reset all data. This is immediate and final — there is no server-side recovery because there is no server.

Strava disconnection: Settings → Disconnect Stravadeletes your access and refresh tokens from the Keychain immediately, and clears the locally cached Strava activity data at the same time. Quiver does not call Strava's revoke endpoint on your behalf — to fully revoke access, also visit Strava → My Apps and remove Quiver there.

Quiver does not share your data with anyone, because Quiver does not have your data — you do. There is no analytics provider, no advertising network, no error-reporting backend that sees the inside of your bike fleet.

The only third party you ever interact with through Quiver is Strava, and only if you choose to connect your Strava account. When you do, Quiver calls Strava's API on your behalf to fetch your activity history. Strava sees that an authorised request came from a Quiver client; nothing else about your bikes or service log is sent to them.

GDPR gives you the following rights. Because Quiver is local-only, most of them are exercised directly in the app rather than by writing to me:

• Access: you already have every piece of data Quiver holds about you — it is on your phone, visible in the app.
• Rectification: edit any record directly in the app.
• Erasure: Settings → Reset all data, or uninstall the app.
• Portability: a structured data export is on the roadmap. Until it ships, email me and I will help you extract a SQLite copy from your device.
• Withdraw consent: Settings → Disconnect Strava revokes the only consent the app asks for.

For any question that the app cannot answer for you, email support@getquiver.app. I will respond within 30 days.

If you believe your data is being handled incorrectly, you have the right to lodge a complaint with the Danish supervisory authority:

Datatilsynet
Carl Jacobsens Vej 35
2500 Valby, Denmark
www.datatilsynet.dk

Quiver relies on the security guarantees the iOS platform provides:

• The app database is stored inside the Quiver app sandbox, which iOS isolates from every other app on your phone.
• Strava OAuth tokens are stored in the iOS Keychain — encrypted at rest by the device and protected by your passcode or Face ID.
• All network traffic between Quiver and Strava goes over HTTPS (TLS) and is enforced by iOS App Transport Security.
• The app's catalogue of bike models is bundled into the build as a read-only file. It is signed by Apple as part of the app and cannot be tampered with at rest.

The strongest practical security recommendation is the same as for any iPhone app: keep iOS up to date and keep a passcode on your device. Both directly protect the Quiver data on it.

Quiver is not directed at children under the age of 13 and the app does not collect personal data through traditional means. If you are a parent or guardian and you have concerns about a minor's use of the app, email support@getquiver.app.

If this policy changes, the “Last updated” date at the top of the page will change with it. Material changes will also be flagged in the app the next time you launch it. Continued use of Quiver after a material change indicates acceptance of the updated policy.