gfm

Privacy Policy

GFM (the app) is published by Ambient Guidance.

Last updated: May 4, 2026 Contact: michael@makunas.com

Summary

GFM is designed to do as little with your data as possible. Workout data stays on your device. The backend that generates walking routes is stateless — it computes a route and forgets. We don’t have user accounts, we don’t run analytics, we don’t sell data, and we don’t share data with third parties beyond what is strictly required to generate a route.

What stays on your device

The following data is stored only on your Apple Watch (in UserDefaults) and is never transmitted to us:

• Workout history — date, duration, distance, MET-hours, heart rate, route seed, starting tile.
• Cached routes — up to 3 recent routes, used for offline fallback. Expire after 7 days.
• Per-tile route history — short list of recently used route seeds, used to vary your loops.
• Anonymous device ID — a randomly generated identifier used only for backend rate limiting.

We never receive or store any of the above.

What is sent to our backend

When you tap “Start” to generate a route, the app sends the following to our Cloudflare Workers backend at gfm-backend.michael-237.workers.dev:

• Your current GPS coordinates (latitude, longitude)
• Your selected time budget (e.g., 20 minutes)
• Your anonymous device ID (for rate limiting)
• An optional route seed (a number used to vary which loop you get)

The backend uses these to compute a walking route, then returns it. The backend does not log, persist, or otherwise store any of this data. It is processed in-memory and discarded when the request completes.

Third-party services

To compute your route, our backend makes requests to:

• GraphHopper (routing engine) — receives your GPS coordinates and time budget. Subject to GraphHopper’s privacy policy.
• OpenElevation (elevation data) — receives only generic geographic coordinates along potential routes; no user identifier is sent.

We cache elevation data (not user data) in Cloudflare KV with a 30-day TTL to reduce redundant API calls.

HealthKit

If you grant HealthKit permission, the app reads:

• Active energy burned (used to calculate actual METs during a walk)
• Heart rate (used to refine MET estimates)
• Body weight (used in MET calculation; defaults to 70 kg if unavailable)

HealthKit data never leaves your device. It is read in-memory during a workout and is not stored by us beyond the workout history described above.

Data we do not collect

We do not collect:

• Names, email addresses, or any personally identifying account data (the app has no accounts)
• Workout data, heart rate, or GPS tracks on our servers
• Analytics, telemetry, or usage events
• Advertising identifiers

Children’s privacy

GFM is not directed at children under 13 and does not knowingly collect data from children.

Changes to this policy

If we change this policy, we will update the date above and post the revised policy at the same URL.

Contact

Questions about this policy: michael@makunas.com