Privacy Policy
NSC Services – Last updated: March 2026
1. Data Controller
NSC Services
Nico Schmidt
Tobelesch 11
88326 Aulendorf
Germany
Email: info@nscservices.tech
2. Overview – What Data We Process
NSC Services provides consulting in automotive and digitalisation. We process the following data:
- GPS activity data: Coordinates (latitude/longitude), timestamps, distance, elevation profile
- Training metrics: Pace/speed, heart rate, cadence, calories, lap markers
- Activity metadata: Sport type (running / cycling), start time, duration
- Account data: Email address, chosen display name
- Performance data: Average pace over the last 100 km (for league ranking)
3. Purpose and Legal Basis
| Purpose |
Legal basis (GDPR) |
| Calculating and displaying conquered territories on the map | Art. 6(1)(b) – contract performance |
| League ranking based on average pace | Art. 6(1)(b) |
| Displaying your own activity statistics | Art. 6(1)(b) |
| Displaying anonymous territory areas of other users on the map | Art. 6(1)(a) – consent |
| Operating and improving the service | Art. 6(1)(f) – legitimate interest |
4. Visibility to Other Users
Other users see only colored territory areas on the map. No names, no GPS routes, no activity details, and no other personal data of other users are displayed.
You can restrict the visibility of your territories to other users at any time in the settings (friend mode: only friends see your areas).
5. Data from Third-Party Services
Activity data can be imported via the following third-party services:
- Garmin Connect (Garmin Health API): Activity data including GPS tracks are retrieved via the official Garmin Connect Developer API after your explicit OAuth consent. Garmin's own privacy policy applies to data processing on their side.
- Strava (optional): GPS activity streams are retrieved via the Strava API after your explicit OAuth consent. Strava's own privacy policy applies to data processing on their side.
- Manual FIT file upload: You can also upload activities directly as a FIT file without connecting third-party services.
6. Disclosure to Third Parties
We do not sell personal data. Data is only disclosed:
- to hosting providers (Hetzner Online GmbH, Germany) for technical operation of the service – processed under a data processing agreement pursuant to Art. 28 GDPR
- when required by law
7. Data Retention
Activity data is stored as long as your account is active. After account deletion, all personal data will be deleted within 30 days. Anonymized, non-personal aggregate data (e.g. anonymous territory areas) may be retained longer.
8. Your Rights
You have the right to:
- Access your stored data (Art. 15 GDPR)
- Rectification of inaccurate data (Art. 16 GDPR)
- Erasure of your data (Art. 17 GDPR)
- Data portability (Art. 20 GDPR) – export as JSON or CSV upon request
- Object to processing based on legitimate interests (Art. 21 GDPR)
- Withdraw any consent given at any time with effect for the future
- Lodge a complaint with the competent supervisory authority: State Commissioner for Data Protection Baden-Württemberg, Germany
Please send requests to: info@nscservices.tech
9. Data Security
All data transmission uses TLS/HTTPS encryption. Data is stored on servers located in Germany. Access to personal data is restricted to the minimum necessary.
10. Changes to This Policy
We reserve the right to update this privacy policy for material changes. The current version is always available at this URL. We will notify registered users by email of material changes.