Privacy policy

Privacy Policy

Last updated: [DATE, e.g. July 2026]

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Azume app, the Azume wearable device, and our website and online store at azume.com (together, the "Services"). We take your privacy seriously — particularly because Azume processes health data, which enjoys a heightened level of protection under the GDPR.

1. Data Controller

The controller responsible under the GDPR is:

Azume [add legal form if applicable, e.g. GmbH / UG (haftungsbeschränkt)]
Wallfahrerweg 1
82166 Gräfelfing
Germany
Email: tools@watchmepay.com

2. Data we process

a) Account and authentication data

  • Email address
  • Authentication credentials via our passkey login (Corbado)
  • Your name, if you provide it
  • Account settings

b) Health and fitness data — special category (Art. 9 GDPR)

  • Steps, distance, calories burned
  • Sleep data (sleep phases, duration, awake periods)
  • Heart rate (HR) and heart rate variability (HRV)
  • Blood oxygen saturation (SpO₂)
  • Respiratory rate
  • VO₂ max
  • Workout and activity data
  • Derived metrics such as Wellness, Recovery and Stress scores

c) Device and connection data

  • Bluetooth (BLE) pairing, device identifiers, battery level, firmware information, sync timestamps

d) Technical usage data

  • App version, operating system, device type, error/crash logs

e) Order and shop data (only when purchasing via azume.com)

  • Name, shipping and billing address
  • Order history
  • Payment data (processed by our payment provider; we do not store full payment details)

3. Purposes and legal bases

3.1 Providing the app and your account – we process account and authentication data to provide your account and the app's features. Legal basis: Art. 6(1)(b) GDPR (contract).

3.2 Processing your health data – Azume collects your health data from the device, syncs it to your account, stores and analyses it to show you metrics, trends and scores. As this is special category data, we process it solely on the basis of your explicit consent. Legal basis: Art. 9(2)(a) together with Art. 6(1)(a) GDPR. You give this consent actively in the app (e.g. when you first connect your device) and can withdraw it at any time with effect for the future (see Section 8). Withdrawal does not affect the lawfulness of processing carried out before it. Without this consent we cannot provide Azume's health features.

3.3 Bluetooth pairing – device and connection data to establish and maintain the connection between the app and your Azume device. Legal basis: Art. 6(1)(b) GDPR.

3.4 Diagnostics and improvement – technical log/crash data for stability, security and improving the app. Legal basis: Art. 6(1)(f) GDPR (legitimate interest) or consent where required.

3.5 Orders in our shop – processing your order, shipping and payment data to fulfil your purchase. Legal bases: Art. 6(1)(b) GDPR (purchase contract) and Art. 6(1)(c) GDPR (tax/commercial retention obligations).

3.6 Communication – we use your contact details to respond to enquiries and send service-related messages. Marketing emails are only sent with your separate consent (Art. 6(1)(a) GDPR), which you can withdraw at any time.

4. Recipients / processors

We use carefully selected providers who process data on our behalf (processing under Art. 28 GDPR). We do not sell personal data and do not share your health data for third parties' own purposes.

  • Supabase – backend/database: storing your account and health data
  • Corbado – authentication/passkeys: secure sign-in
  • Shopify – operating the online store azume.com: order and customer data
  • [Payment provider, e.g. Shopify Payments / Stripe / PayPal] – payment processing
  • [Shipping provider, if applicable] – delivery

5. International data transfers

Where providers process data outside the EU/EEA (e.g. in the USA), we ensure an adequate level of protection through appropriate safeguards such as EU Standard Contractual Clauses (Art. 46 GDPR) or certification under the EU–US Data Privacy Framework. You can request a copy of the relevant safeguards.

6. Retention

  • Health data: as long as your account exists, or until you withdraw consent or request deletion
  • Account data: until you delete your account
  • Device/connection data: for the duration of the pairing and your account
  • Technical data: kept for a limited time for security/diagnostics, then deleted or anonymised
  • Order/invoice data: for the statutory retention period (typically up to 10 years under German law)

7. Data security

  • Encrypted transmission (TLS/HTTPS)
  • Row Level Security at the database level, so each user only accesses their own data
  • Passwordless authentication via passkeys
  • Server-side authorisation checks
  • Restricted, need-to-know access within our team

8. Your rights

You have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20) and objection (Art. 21). You can withdraw your consent at any time with effect for the future (Art. 7(3)) — in particular your consent to the processing of your health data. To exercise your rights, contact: tools@watchmepay.com.

Right to complain: You may lodge a complaint with a supervisory authority. The competent authority for us is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany, www.lda.bayern.de. You may also contact the authority in your country of residence.

9. Automated processing

Azume calculates metrics (Wellness, Recovery, Stress scores) from your health data, for your information only. We do not make automated decisions with legal effect within the meaning of Art. 22 GDPR.

10. Cookies and tracking (website)

Our website azume.com uses cookies necessary for the site to function. Non-essential cookies or tracking technologies (e.g. analytics or advertising pixels) are only used with your consent, which you can give via our consent banner and change at any time.

11. Children

The Services are intended for users aged [16 / 18] and older. We do not knowingly process health data from children without the required consent of a parent or guardian.

12. Changes to this Privacy Policy

We may update this Privacy Policy when our data processing changes or when required by law. The current version is always available in the app and at azume.com.

13. Contact

For any questions about this Privacy Policy or your personal data, contact us at: Azume, Wallfahrerweg 1, 82166 Gräfelfing — Email: tools@watchmepay.com