kadnz

Privacy policy

In accordance with Articles 13 and 14 GDPR (DSGVO)

1. Controller

The controller responsible for the processing of personal data described below is:

Steffen Klein
Breitenbachplatz 21
14195 Berlin
Germany
Email: public@steffenklein.net
Phone: +49 179 1340905

2. Scope and design of this service

kadnz is a client-side web application. All ride data you load, whether from a JSON file, the demo set, the Wahoo integration, or a custom URL, is stored exclusively in your browser's IndexedDB on the device you use. The operator does not run a backend server for ride data. Your ride data is never transmitted to the operator and the operator has no means of accessing it.

3. Local storage on your device (IndexedDB)

The application uses three IndexedDB stores in your browser:

• rides — ride records you have loaded or imported.
• tokens — Wahoo OAuth access and refresh tokens, plus PKCE verifier, only if you connect a Wahoo account.
• meta — application preferences such as the active data source, your display name, the configured custom URL, and sync timestamps.

Purpose: providing the dashboard functionality you have requested.
Legal basis: Art. 6 (1) (b) GDPR (performance of the service you have invoked) and Art. 6 (1) (f) GDPR (legitimate interest in operating the requested service). Storage is strictly necessary for the application to function and is therefore covered by § 25 (2) Nr. 2 TDDDG without separate consent.
Retention: until you delete it. You can erase all locally stored data at any time via Settings → Delete data, or by clearing your browser's site data for this domain.

4. Server logs of the hosting provider

When you load the static files of this site, the hosting provider may process technical data such as your IP address, the user-agent string of your browser, the requested URL, and a timestamp, in order to deliver the page and to ensure technical operation and security.

Hosting provider: [Hosting provider — to be added].
Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in secure and reliable provision of the website).
Retention: as defined by the hosting provider; this section will be updated once the provider is finalised.

5. Third-party resources loaded by the page

5.1 Wahoo (optional, only if you connect)

If you choose Wahoo as a data source, the application redirects you to api.wahooligan.com for OAuth 2.0 authentication (PKCE flow). Wahoo Fitness is operated by Wahoo Fitness L.L.C., 90 W Wieuca Rd NE, Atlanta, GA 30342, USA. After successful authentication, your browser exchanges tokens with Wahoo and fetches your ride data directly. The resulting tokens and ride data are stored only in your browser's IndexedDB; the operator never sees them.

Legal basis: Art. 6 (1) (a) GDPR (your consent, given by actively connecting Wahoo) and Art. 6 (1) (b) GDPR (performance of the requested service).
Third-country transfer: the connection runs against Wahoo-operated servers, which may be located in the United States.
Withdrawal: you can disconnect at any time via Settings → Delete data, and revoke access in your Wahoo account at wahooligan.com.
Further information: Wahoo's privacy policy.

5.2 Custom URL (optional, only if you configure one)

If you enter a custom URL as a data source, your browser issues a direct GET request to that URL. The operator never sees the URL or the response. Whether the destination of that URL processes personal data is outside the operator's control; consult the privacy policy of the URL's operator.

6. Cookies

This site does not set any cookies of its own. Third-party resources loaded as described in section 5 may set their own cookies in accordance with their respective privacy policies.

7. Your rights

Under the GDPR you have the following rights with respect to personal data processed by the controller:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent at any time, with effect for the future (Art. 7 (3) GDPR)

To exercise any of these rights, contact the operator using the details in section 1.

For most personal data processed by this application — namely the contents of your browser's IndexedDB — you can exercise these rights directly: export your ride data via Settings → Download data, or erase it via Settings → Delete data.

8. Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. The supervisory authority for the controller is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61
10555 Berlin
Germany
datenschutz-berlin.de

9. Automated decision-making

The application does not perform automated decision-making within the meaning of Art. 22 GDPR and does not engage in profiling.

10. Changes to this policy

This policy may be updated to reflect changes in the application or in legal requirements. The current version is always published at this URL. The date below records the most recent revision.

Last updated: 2 May 2026

← Back to dashboard · Legal notice