Skip to content

Sinni — Privacy Policy

Last updated: 18 June 2026

Sinni is an Android app for collecting your own location, motion, and wearable-health data and syncing it to a server you choose. That server may be one you run yourself or one operated by someone you trust; it is never operated by the developer. This policy explains what data the app accesses, how it is used and protected, and the choices you have.

In short

  • Sinni is self-hosted. Your data goes only to the server you point the app at. There is no "Sinni cloud" and no preconfigured server — if you set none, nothing leaves your device, and the developer never receives your data.
  • No accounts, advertising, analytics, tracking, crash reporting, or third-party SDKs. Your data is never sold and never shared with third parties.
  • You stay in control: turn each data source on or off, and clear or export your data at any time.

Who we are

Sinni (Android app org.sinni.app, "Sinni", "the app") is developed by Josef Heidler ("we", "the developer"). Questions about this policy or your privacy: heidlerjosef@gmail.com.

Because Sinni is self-hosted, the server you connect it to is operated by you or by whoever runs it — not by the developer. How that server stores and handles the data it receives is outside this policy and governed by your own arrangements.

Where your data goes

  • Collected data is stored in a database on your device.
  • It is uploaded only to the server address you enter in the app's sync settings, and only when you turn sync on.
  • There is no preconfigured or default server and no developer endpoint. The developer runs no server that receives your data and has no access to it.
  • If you configure no server, no data leaves your device.

Data the app accesses and collects

Sinni only accesses the data sources you enable. You grant each underlying Android permission yourself and can revoke it at any time in Android settings.

Location (including in the background)

With your permission, Sinni collects precise location (GPS). When tracking is on, location is recorded on a schedule (by default about every 15 seconds, which you can change), and collection continues in the background — even when the app is closed or the screen is off — so your location history is recorded continuously. While this happens, Sinni runs a foreground service and shows an ongoing notification. Continuous background location is essential to the app's core purpose: building a personal location log on the server you choose. Each record includes coordinates, altitude, accuracy, speed, and a timestamp.

Motion sensors

With your permission, Sinni records motion-sensor data from the device's accelerometer (on by default) and gyroscope (off by default), sampled at a high rate while enabled, to capture how the device moves.

Health & fitness (Health Connect)

With your permission, Sinni reads four types of data from Android Health Connect, read-only — it never writes to Health Connect:

  • steps
  • heart rate
  • resting heart rate
  • sleep

You can revoke this access at any time in your device's Health Connect settings.

Device identifier

So that the server you run can tell which device sent which data, each upload includes a per-app device identifier (derived from the Android ID). It is sent only to your configured server, never to the developer or any third party.

How your data is used

Everything Sinni accesses is used for a single purpose: to record your personal data log on your device and sync it to the server you choose. Sinni does not sell your data, not share it with any third party, and not use it for advertising. It contains no analytics, telemetry, tracking, or crash-reporting SDKs, collects no advertising identifiers, shows no ads, and requires no account or sign-in.

Health Connect data

Health data (steps, heart rate, resting heart rate, sleep) is handled exactly as described above — stored locally and synced only to the server you choose. To meet Google's requirements for apps that handle Health Connect data, we confirm this data is used only for the app's visible features and is never used for advertising or personalized ads, never sold or transferred to data brokers, advertising platforms, or resellers, and never shared with any third party.

How your data is stored and secured

  • On your device: collected data is kept in a local database, protected by Android's app sandbox.
  • Sync credentials: the access token for your server is encrypted at rest using the Android Keystore.
  • In transit: with a secure (https://) server, data is encrypted in transit. The app also allows plain http:// servers for local testing but flags them as "Not protected" and warns you first — over http://, your data and your access token are not encrypted and could be read on the network.

Your controls, retention, and deletion

The developer retains none of your data — there is no Sinni cloud. Data stays in the local database on your device until you remove it, and any copy already uploaded is retained and managed by whoever runs that server.

From within the app you can at any time:

  • turn each data source — location, motion sensors, and health — on or off, and choose individual health metrics;
  • grant or revoke location and Health Connect permissions in Android settings;
  • clear synced data, clear all data, or export a copy of your data;
  • turn syncing off, or never configure a server, so nothing leaves your device.

Uninstalling the app deletes all data held on the device.

Children

Sinni is not directed to children and is not intended for use by them.

Changes to this policy

If this policy changes, the updated version will be posted on this page with a new "Last updated" date.

Contact

Questions about this policy: heidlerjosef@gmail.com.