Privacy Policy
Last updated: March 6, 2026
This Privacy Policy describes how VIKRR ("we," "us," or "our") collects, uses, and protects your personal data when you use our products and services, including TAKT (Personal Nutrition Intelligence) and VIKRR Asset Shield (Maintenance Management System).
1. Data Controller
VIKRR
Contact person: Vilém Krejčí
Email: info@vikrr.com
Location: Czech Republic, European Union
We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679) and applicable Czech data protection laws.
2. Products Covered
This policy covers all VIKRR products:
- TAKT — AI-powered personal nutrition, hydration, supplement tracking, and health optimization platform (available at takt.vikrr.com)
- VIKRR Asset Shield — Industrial maintenance and asset management system (available at app.vikrr.com)
3. Data We Collect
3.1 Account Data
- Email address (used for authentication via Firebase Authentication)
- Display name (optional)
- Profile photo URL (optional)
- Account creation date
3.2 TAKT — Health & Nutrition Data
- Food diary entries: meal descriptions, nutritional values (calories, protein, carbs, fat, sugar, fiber), portion sizes, timestamps
- Food photos: images of meals submitted for AI-powered food recognition
- Barcode scans: EAN/UPC codes scanned for food identification
- Hydration data: water intake amounts and timestamps
- Supplement data: supplement names, dosages, schedules, and intake records
- Body metrics: weight, BMI, body fat percentage, muscle mass, body water, bone mass, metabolic age
- Cooking recipes: ingredient lists, portions, and nutritional calculations
- Health tasks: daily task completion, XP points, streak data
- Nutritional goals: daily calorie and macronutrient targets
3.3 Third-Party Integrations Data
When you connect third-party services, we may receive the following data:
| Service | Data Received | Purpose |
|---|---|---|
| Garmin Connect | Activity summaries, daily steps, heart rate, sleep data, body composition, calories burned | Correlate activity data with nutrition for comprehensive health insights |
| Google Fit | Body measurements (weight, body fat), activity data | Import body metrics and activity data for health tracking |
| Zepp Life (Mi Fit) | Body composition data via CSV export (weight, BMI, body fat, muscle mass, bone mass, body water, metabolic age) | Import historical body metrics from smart scales |
| OpenFoodFacts | Product nutritional information (public database, no personal data sent) | Look up nutritional values by product name or barcode |
| Google Gemini AI | Food descriptions and photos are sent for analysis; AI returns nutritional estimates | AI-powered food recognition, nutritional estimation, and health trend analysis |
3.4 Garmin Connect API Integration
When you authorize TAKT to access your Garmin Connect account, we use the Garmin Connect API to retrieve your health and fitness data. Specifically:
- We request only the scopes necessary for TAKT functionality (activity summaries, body composition, daily metrics)
- Your Garmin credentials are never stored by VIKRR — authentication is handled entirely through Garmin's OAuth 2.0 flow
- We store OAuth access tokens and refresh tokens securely in Firebase Firestore, encrypted at rest
- Garmin data is synced periodically and stored in your personal data space within our database
- You can disconnect your Garmin account at any time from the TAKT settings page, which will delete all stored tokens and stop further data syncing
- We do not share your Garmin data with any third parties
- We comply with Garmin's API Terms of Use and data handling requirements
3.5 VIKRR Asset Shield — Asset Management Data
- Asset hierarchies and metadata
- Work orders and maintenance records
- Inspection reports and compliance data
- User assignments and team information
3.6 Technical Data
- Device type and operating system
- Browser type and version
- IP address (for security and abuse prevention)
- Firebase Analytics data (anonymized usage patterns)
- Error logs (for debugging and service improvement)
4. How We Use Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and operate our services | Contract performance (Art. 6(1)(b)) |
| AI-powered food recognition and nutritional analysis | Contract performance (Art. 6(1)(b)) |
| Sync health data from connected wearables (Garmin, Google Fit) | Explicit consent (Art. 6(1)(a)) |
| Generate health insights and trends | Contract performance (Art. 6(1)(b)) |
| Send notifications about health goals | Legitimate interest (Art. 6(1)(f)) |
| Improve our AI models and services | Legitimate interest (Art. 6(1)(f)) |
| Prevent abuse and ensure security | Legitimate interest (Art. 6(1)(f)) |
5. Data Storage & Security
- Infrastructure: All data is stored in Google Firebase (Firestore database) in the europe-west3 (Frankfurt, Germany) region within the European Union
- Encryption: Data is encrypted in transit (TLS 1.3) and at rest (AES-256) by Google Cloud infrastructure
- Access control: Data is isolated per user account using Firebase Security Rules. Each user can only access their own data
- Authentication: Firebase Authentication with email/password. OAuth tokens for third-party services are stored securely per-user
- No data sharing: We do not sell, rent, or share your personal data with third parties for marketing purposes
6. Third-Party Data Processors
| Processor | Purpose | Data Location |
|---|---|---|
| Google Firebase | Hosting, database, authentication, analytics | EU (europe-west3, Frankfurt) |
| Google Gemini AI | Food recognition, nutritional analysis | Google Cloud (may process outside EU) |
| Garmin International | Wearable data sync (when connected by user) | USA (Garmin infrastructure) |
| OpenFoodFacts | Product nutritional database lookup | France (open database) |
Note: When data is processed outside the EU (e.g., Google Gemini AI, Garmin), appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and the processor's compliance with applicable data protection frameworks.
7. Data Retention
- Account data: Retained for the duration of your active account
- Health & nutrition data: Retained for the duration of your active account. You can delete individual entries at any time
- Third-party integration tokens: Deleted immediately when you disconnect a service
- Technical logs: Retained for up to 90 days for debugging purposes
- After account deletion: All personal data is permanently deleted within 30 days of account deletion request
8. Your Rights (GDPR)
As a data subject in the European Union, you have the following rights:
- Right of access (Art. 15): Request a copy of all personal data we hold about you
- Right to rectification (Art. 16): Request correction of inaccurate personal data
- Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
- Right to restrict processing (Art. 18): Request limitation of how we process your data
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
- Right to object (Art. 21): Object to processing based on legitimate interest
- Right to withdraw consent (Art. 7(3)): Withdraw consent for data processing at any time (e.g., disconnect Garmin)
To exercise any of these rights, contact us at info@vikrr.com. We will respond within 30 days as required by GDPR.
9. How to Delete Your Data
You can delete your data in the following ways:
- Individual entries: Delete specific food entries, hydration records, or body metrics directly within the app
- Disconnect integrations: Remove third-party connections (Garmin, Google Fit) from Settings, which deletes all associated tokens and synced data
- Delete account: Request complete account deletion by emailing info@vikrr.com with the subject "Account Deletion Request". All data will be permanently deleted within 30 days
10. Cookies & Tracking
Our applications use only essential cookies required for authentication and session management. We do not use advertising cookies or third-party tracking pixels. Firebase Analytics collects anonymized usage data to help us improve the service.
11. Children's Privacy
Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us at info@vikrr.com.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of significant changes via email or in-app notification. The "Last updated" date at the top of this page indicates when this policy was last revised.
13. Contact & Complaints
For any privacy-related questions or concerns, contact us at:
- Email: info@vikrr.com
- Data Controller: Vilém Krejčí, VIKRR
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Czech Data Protection Authority (UOOU):
- Úřad pro ochranu osobních údajű (UOOU)
- Pplk. Sochora 27, 170 00 Praha 7, Czech Republic
- Web: uoou.gov.cz