Privacy Policy
Last updated: March 28, 2026
This Privacy Policy explains how Nieve (“we,” “us,” or “our”) collects, uses, stores, and protects your personal data when you use the Nieve mobile application and related services. Nieve is operated by a company registered in the United Kingdom and is subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. For users in the European Economic Area, we also comply with the EU General Data Protection Regulation (EU GDPR).
1. Data Controller
The data controller responsible for your personal data is Nieve, based in the United Kingdom. You can contact us at privacy@getnieve.com for any data protection inquiries.
2. Data We Collect
GPS Location Data
During active ski session recording, we collect continuous precise GPS location data. This is used to calculate speed, distance, elevation changes, vertical drop, and to map your routes on piste maps. Location data is only collected while you are actively recording a session.
Motion Sensor Data
We access your device’s accelerometer and gyroscope during recording to derive performance metrics including slope angle, airtime, number of turns, turn technique, fall detection, and G-forces. This sensor data is processed to calculate ski statistics — it is not used to identify or authenticate you.
Account Data
If you create an account, we collect your email address and display name. You may optionally provide an avatar image and bio text.
Session & Performance Data
All recorded ski sessions, including telemetry data, calculated statistics, achievement progress, and resort completion data, are synced to our cloud infrastructure.
Social Data
If you use social features, we store your friend connections and make certain statistics visible to your friends.
Device Information
We collect basic device metadata (device model, OS version) for crash reporting and service improvement.
3. Legal Bases for Processing
We process your data under the following legal bases in accordance with UK GDPR Article 6 (and EU GDPR Article 6 for EEA users):
| Data type | Legal basis |
|---|---|
| GPS location data | Your consent (Art. 6(1)(a)) |
| Motion sensor data | Performance of contract (Art. 6(1)(b)) |
| Account data (email, name) | Performance of contract (Art. 6(1)(b)) |
| Session telemetry & cloud sync | Performance of contract (Art. 6(1)(b)) |
| Social features & achievements | Performance of contract (Art. 6(1)(b)) |
| Avatar images | Your consent (Art. 6(1)(a)) |
| Device metadata (crash reporting) | Legitimate interest (Art. 6(1)(f)) |
Where we rely on consent, you may withdraw it at any time through the app settings. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
4. How We Use Your Data
- Calculate ski performance statistics (speed, distance, elevation, vertical drop, slope angle, airtime, turns, G-forces, fall detection)
- Sync your sessions to the cloud for backup and cross-device access
- Power achievements and resort completion tracking
- Enable social features (friend connections, stat comparisons)
- Improve app stability and performance through crash reporting
We do not sell your personal data. We do not use your data for advertising. We do not share your data with third-party AI systems.
5. Data Processors & International Transfers
We use the following third-party processors to operate Nieve:
- Railway (cloud hosting, EU region) — hosts our backend services and database
- Amazon Web Services (S3, EU region) — stores avatar images
Both processors are US-based companies with EU data hosting. For transfers from the UK, the EU has an adequacy decision for the UK, and we rely on the UK International Data Transfer Agreement (UK IDTA) or UK Addendum to the EU Standard Contractual Clauses where required. For EEA users, transfers are protected by Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework. Data Processing Agreements are in place with all processors in accordance with Article 28.
You may request a copy of the safeguards governing international transfers by contacting us at privacy@getnieve.com.
6. Data Retention
- Session & telemetry data: retained for as long as your account is active
- Account data: retained until you delete your account
- Avatar images: deleted when you remove the image or delete your account
- Device metadata: retained for up to 12 months
Upon account deletion, your personal data is permanently deleted within 30 days, except where retention is required to comply with legal obligations.
7. Your Rights
Under UK GDPR and the Data Protection Act 2018 (and EU GDPR for EEA users), you have the following rights regarding your personal data:
- Access (Art. 15) — request a copy of all personal data we hold about you
- Rectification (Art. 16) — correct inaccurate data
- Erasure (Art. 17) — delete your account and all associated data from app settings, or by contacting us
- Restriction (Art. 18) — restrict processing of your data in certain circumstances
- Data portability (Art. 20) — receive your GPS tracks, sensor data, and session telemetry in a structured, machine-readable format (GPX, JSON, or CSV)
- Objection (Art. 21) — object to processing based on legitimate interest
- Withdraw consent (Art. 7(3)) — withdraw consent at any time for processing based on consent
To exercise any of these rights, contact us at privacy@getnieve.com. We will respond within one calendar month. If your request is complex, we may extend this by up to two additional months with prior notice.
You have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk. If you are based in the EEA, you may also contact your local data protection authority.
8. Data Security
We protect your data with encryption in transit (TLS) and at rest. Access to production systems is restricted and logged. We maintain an internal breach register and will notify the ICO within 72 hours of becoming aware of any breach that poses a risk to your rights. If a breach poses high risk to you, we will notify you directly in clear, plain language.
9. Children’s Data
Nieve is not intended for users under the age of 13, in accordance with the UK Data Protection Act 2018. Users must confirm they are 13 or older when creating an account. We do not knowingly collect personal data from children under 13. If we become aware that we have collected data from a child under 13 without parental consent, we will delete it promptly.
10. Automated Decision-Making
Nieve uses algorithmic processing to calculate performance statistics (e.g., detecting turns, jumps, and falls from sensor data). These calculations are used to present your ski metrics and unlock achievements. No decisions with legal or similarly significant effects are made solely through automated processing.
11. Cookies & Web Tracking
This website does not use cookies or third-party tracking. If this changes in the future, we will update this section and implement a consent mechanism in accordance with the UK Privacy and Electronic Communications Regulations (PECR).
12. Changes to This Policy
We may update this Privacy Policy when we add new features or change how we process data. We will notify you of material changes through the app or by email. The “Last updated” date at the top reflects the most recent revision.
13. Contact
For any questions, data subject access requests, or concerns about this Privacy Policy, contact us at: privacy@getnieve.com