Privacy Policy

Last Updated: October 12, 2025

Introduction

Untether ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our Garmin Connect IQ application and visit our website at untether.watch.

Our Privacy Philosophy

Untether is designed with privacy at its core and follows a data minimization approach. We collect only what is necessary to provide and improve our service.

Service Models

Untether operates using two service models:

1. Bring Your Own Key (BYOK) Model - Free download with a trial period. After the trial, a one-time unlock payment is required (processed via Stripe). You provide your own Google Gemini API key. Your API key and conversations remain private and stored locally on your device only.

2. Subscription Model (when available) - Free download with a trial period. We provide API access through our backend servers. You create an account and subscribe for managed AI access with usage limits (processed via Stripe).

You choose which model to use based on your preferences for control, privacy, and convenience.

Information We Collect

Website Information

When you visit untether.watch, we collect:

Analytics Data (via Google Analytics in Cookieless Mode)

Aggregate page views and navigation patterns (modeled/estimated)
Traffic sources (how visitors found our website)
Device type, browser, and operating system (general categories)
Geographic location (country/city level only)
No cookies set - We use Google Analytics Consent Mode with consent permanently denied
No individual user tracking - Data is anonymized and modeled by Google
IP addresses not logged - GA4 does not log or store IP addresses

Contact Form Submissions

Email address (so we can respond to you)
Name (optional)
Message content and any device information you choose to share

Application Information - BYOK Model

When using Untether with your own API key:

Trial and Unlock Status

Device-specific unlock identifier (to verify unlock purchase and link Stripe payment to device)
Unlock status and expiration date
This identifier is specific to your watch but is not linked to other personal data

Usage Telemetry (via Google Analytics 4)

Feature usage (which features you use and how often)
Session metrics (duration and frequency)
Performance metrics (response times, errors)
Device information (watch model, Connect IQ version)
Anonymous identifier (randomly generated UUID, not linked to your identity)

This telemetry is enabled by default with an opt-out option in the app settings.

Application Information - Subscription Model

When using Untether with a managed subscription (when available):

Account Information

Email address (required for account creation and billing)
Payment information (processed by Stripe - we do not store credit card details)
Subscription tier and status

Usage Data

Request counts and usage quotas (to enforce subscription limits)
Request metadata (timestamp, AI provider, approximate request size, error status)
Performance metrics (response times, success/failure rates)
Device information (watch model, Connect IQ version)

Backend Processing

Your prompts pass through our servers to reach AI providers
We do not store or log prompt content or AI responses
Minimal metadata is retained for rate limiting, abuse prevention, and service improvement
All communication is encrypted in transit

Information We Do NOT Collect

Regardless of which model you use, we explicitly do not collect:

❌ Your API key (BYOK model - stored locally on watch only)
❌ Prompt content or conversation history (neither model logs this)
❌ AI response content
❌ Location data from your watch
❌ Health or fitness data from your Garmin device
❌ Browsing history or activity outside the app

How We Use Your Information

We use collected information for:

Service Delivery - Processing your requests and managing your account/subscription
Usage Enforcement - Tracking usage against subscription limits (subscription model only)
Service Improvement - Understanding feature usage to prioritize development
Performance Optimization - Identifying and resolving technical issues
Customer Support - Responding to inquiries and providing assistance
Fraud Prevention - Detecting and preventing abuse or unauthorized usage
Legal Compliance - Meeting legal obligations and protecting our rights

Legal Basis for Processing (GDPR)

We process your information based on:

Contract Performance (Article 6(1)(b) GDPR) - Processing necessary to deliver the service you've purchased or subscribed to
Legitimate Interests (Article 6(1)(f) GDPR) - We have a legitimate interest in improving our product and preventing abuse, balanced against your privacy rights through data minimization
Consent (Article 6(1)(a) GDPR) - When you submit contact forms or create an account, you provide explicit consent

Third-Party Services

Google Analytics

We use Google Analytics 4 in cookieless mode via Consent Mode v2 with default consent denied. This means:

No analytics cookies are set on your device
Google collects anonymous aggregate data only
Individual users cannot be tracked or identified
Data is modeled and estimated using machine learning
IP addresses are not logged or stored

Google processes data according to their privacy policy: https://policies.google.com/privacy

AI Service Provider

BYOK Model: You interact directly with Google Gemini using your own API key. Your usage is governed by Google's privacy policy:

Google AI: https://policies.google.com/privacy
Gemini API Privacy: https://ai.google.dev/gemini-api/terms

Subscription Model: We forward your requests to Google Gemini on your behalf. We do not share personal identification data with Google - only the technical content of your requests.

Payment Processing

Both Models: Stripe processes all payments (one-time and recurring) according to their privacy policy: https://stripe.com/privacy

We do not store your credit card details
Payment information is handled entirely by Stripe
Stripe may collect payment-related data as described in their privacy policy

App Distribution: Garmin Connect IQ provides the app platform and distribution according to their privacy policy: https://www.garmin.com/privacy

Data Retention

Analytics data: Retained by Google Analytics for 14 months, then automatically deleted
Contact form submissions: Retained for 2 years for support history
Account data (subscription model): Retained while your account is active, plus 30 days after cancellation or 7 years for financial records
Usage metadata (subscription model): Retained for 90 days for operational purposes
Payment records: Processed and retained by Stripe according to their data retention policies; we retain transaction references as required for accounting and legal purposes

Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have these rights:

Right to Access - Request a copy of personal data we hold about you
Right to Rectification - Request correction of inaccurate data
Right to Erasure ("Right to be Forgotten") - Request deletion of your data
Right to Restrict Processing - Request limitation of how we use your data
Right to Data Portability - Receive your data in a machine-readable format
Right to Object - Object to processing based on legitimate interests
Right to Withdraw Consent - Withdraw consent at any time

To exercise these rights, contact us at: support@untether.watch

Opt-Out of Telemetry

You can disable app usage telemetry at any time:

Open the Untether app on your Garmin watch
Go to Settings
Toggle "Send Anonymous Usage Data" to OFF

This immediately stops all telemetry collection from your device.

Account Deletion (Subscription Model)

To delete your account and all associated data:

Contact us at support@untether.watch
We will delete your account within 30 days
Some data may be retained for legal/accounting purposes (e.g., purchase history for tax compliance)

Children's Privacy

Untether is not intended for users under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us immediately at support@untether.watch.

International Data Transfers

Your information may be processed in countries outside your residence, including:

United States (Google Analytics, Stripe, potential backend servers)
EU (potential backend servers)

We ensure appropriate safeguards are in place for international transfers as required by GDPR.

Security

We implement appropriate technical and organizational measures:

HTTPS/TLS encryption for all communications
Encryption at rest for stored data
Access controls and authentication
Regular security reviews and updates
No storage of sensitive data (API keys in BYOK model, prompt content in either model)
Secure payment processing through certified providers

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service offerings. When we make changes:

We will update the "Last Updated" date
For material changes, we will provide notice through:
- In-app notification when you next use the app
- Prominent notice on our website
- Email notification (if we have your email address)

Continued use of the app after changes constitutes acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Email: support@untether.watch

Website: https://untether.watch

Data Controller: Untether (support@untether.watch)

Supervisory Authority: If you are in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.