Privacy Policy

1. Data Controller

Georg Held
Bisamstraße 11a
85356 Freising, Germany
Email: georg.held@sauroter.de
Phone: +49 170 7798944

2. Data Collected

EFB Connector processes the following data:

• Email address — for passwordless authentication via magic links
• Garmin Connect credentials — username and password, stored encrypted (AES-256-GCM)
• Kanu-EFB credentials — username and password, stored encrypted (AES-256-GCM)
• Garmin activity data — activity name, type, date, and GPX tracks

3. Purpose of Processing

Data is processed solely for the purpose of automatically syncing paddling activities from Garmin Connect to the Kanu-EFB electronic logbook (efb.kanu-efb.de).

4. Garmin Activity Data

Activity data (including GPX tracks) is downloaded from Garmin Connect, processed temporarily in memory, and uploaded directly to Kanu-EFB. GPX data is not permanently stored on the server. Activity metadata (name, type, date) is stored in the database to track sync history and prevent duplicate uploads (idempotency).

5. Data Storage

All data is stored in a SQLite database on the Fly.io hosting platform in the Frankfurt (fra) data center. Credentials (Garmin and EFB) are encrypted with AES-256-GCM. No personal data is shared with third parties beyond the data exchange necessary for the service to function.

6. Cookies and Sessions

EFB Connector uses only technically necessary cookies:

• Session cookie — for authentication after login
• Flash cookie — for displaying one-time status messages
• Language cookie — for storing your language preference

No tracking, analytics, or advertising cookies are used.

7. Third Parties

The following third parties are involved in data processing:

• Resend (resend.com) — sending magic link emails
• Fly.io (fly.io) — application and database hosting (Frankfurt data center)
• Garmin Connect API (connect.garmin.com) — retrieving activity data
• Kanu-EFB (efb.kanu-efb.de) — uploading activity data to the logbook
• Rivermap (rivermap.ch) — retrieving river section data, difficulty grades, and gauge readings to enrich trip logbook entries (only when the enrichment feature is enabled)

8. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

• Access (Art. 15 GDPR) — you may request information about your stored data.
• Rectification (Art. 16 GDPR) — you may request correction of inaccurate data.
• Erasure (Art. 17 GDPR) — you may request deletion of your data. Self-service deletion is available via the dashboard.
• Data Portability (Art. 20 GDPR) — you may request your data in a structured format.
• Objection (Art. 21 GDPR) — you may object to the processing of your data.

9. Data Deletion

You can delete your account and all associated data at any time via Settings (Account section). Upon account deletion, the following data is permanently removed:

• Your user account and email address
• Stored Garmin and EFB credentials
• Sync history
• All active sessions

10. Contact

For questions about data protection, please contact:
Georg Held
Email: georg.held@sauroter.de

Last updated: March 2026