Pacely
← Back to home

Version 1.3, last updated: 02-06-2026

Pacely privacy notice

Onn Software B.V. · Chamber of Commerce (KvK) 87600641 · Meester Bierensweg 9b, 4841AH Prinsenbeek, The NetherlandsContact: mail@pacely.nl

1. What this notice covers

Pacely is a calm planner for people with post-covid, ME/CFS or similar persistent fatigue conditions. To make Pacely work for you, we process personal data, data by which you can be identified directly or indirectly. In this notice you can read which data we process, why, how long we keep it, with whom we share it and what rights you have.

In doing so we comply with the General Data Protection Regulation (the GDPR) and with other relevant laws and regulations such as the Dutch Telecommunications Act (for cookies). This notice applies to our website pacely.nl, the app and all services we offer under them.

Pacely works with health data. That is a special category of personal data under article 9 of the GDPR, and we treat it with the care that comes with it.

2. Who is responsible

Onn Software B.V. is the controller for the processing of your personal data within the meaning of the GDPR. Our contact details are at the top of this notice and in article 14.

3. Who Pacely is for

Pacely is intended for people aged 16 and over. If you are younger, we cannot process your data, not even with the permission of a parent or guardian. Do not create an account for someone else.

4. Which data we process and why

We only process data we need to make Pacely work for you. Below, per category, what we process, for what purpose and on which legal basis.

4.1 Account data

What: your email address, an encrypted version of your password (we never see your password ourselves), and, if you log in via Google, your name and any profile photo that Google passes on to us. In addition, we store the preferences you set in Pacely: for example your language choice and whether you want a light or dark display.

For what: to create your account, let you log in, recognise you between sessions, carry your settings across devices, and communicate with you about your account in the right language.

Legal basis: performance of the user agreement (article 6(1)(b) GDPR).

4.2 Health data

What: everything you put into Pacely about your days and your energy, planned and completed activities, day budgets, baseline settings, moment check-ins and notes you add.

For what: to store your day and energy planning, show you insights, and let you see over time what works for you.

Legal basis: explicit consent (article 9(2)(a) GDPR). When you create your account, we explicitly ask for your consent to process this special category. You can withdraw that consent at any time, see article 12.

If you withdraw your consent, we can no longer make Pacely work for you; your account and the associated health data are then deleted.

How we create insights. Some observations we show, for example recognising patterns ("on days when you do a lot, you often notice afterwards that it was heavy"), we have generated by a Google AI model. For this we use Vertex AI Gemini in region `europe-west4`, within our existing Google Cloud relationship. Per observation we send only the specific data needed for that observation, not your entire data subtree. The observation the model returns we show to you for your consideration; Pacely does not make automated decisions about your health (see article 5). Google does not use the data we send to Vertex AI to train their models; that is contractually excluded through our Google Cloud agreement.

Additional, optional consent for research and product development. In addition to the basis above, we offer a separate, voluntary consent for the use of your data for research and product development, work that aims to make Pacely better for you and for future users. This additional consent is separate from the baseline above and is fully revocable. If you do not give it, Pacely works exactly the same for you. Read the additional terms at pacely.nl/en/legal/research-consent.

4.3 Usage and log data

What: technical and usage data that arises when you use Pacely, login times and approximate location (based on IP address), device and browser information, and events in the app (for example: an activity created, a day closed). Also: a log of access by Pacely staff (see article 6).

For what: to secure the service, detect misuse, trace errors, and be able to show transparently who has seen your data.

Legal basis: legitimate interest (article 6(1)(f) GDPR), our interest in a secure, auditable service, weighed against your interest in privacy. The log does not contain health values themselves, only references to which part of your account was accessed.

4.4 Communication

What: the content of emails or messages you send us (for example via mail@pacely.nl), including your email address and any attachments.

For what: to handle your question or complaint and give you an answer.

Legal basis: performance of the contract and legitimate interest (article 6(1)(b) and (f) GDPR).

Where these emails are stored. Our mailbox behind @pacely.nl runs on Google Workspace (Google Ireland Limited), within the European Union. This is a separate product line of Google with its own data processing agreement, distinct from the Google Cloud / Firebase services that Pacely uses for the app itself (see article 7). If your message contains health information that you have included yourself, for example if you ask a support question in which you mention a complaint or symptom, then that specific processing falls under the same explicit consent for health data that you gave when creating your account (article 4.2 / article 9(2)(a) GDPR). See also our sub-processors list.

4.5 Payment data

Pacely works with monthly subscriptions where you pay in advance, when you take out the subscription and at each monthly renewal. We do not send separate invoices on payment terms.

What: your name and email address for the transaction record, the amount paid, the date, the chosen payment method (in broad terms, for example "iDEAL" or "card"), and the status of the payment. Full payment-instrument data (account number, card number, expiry date) you enter directly with our payment service provider or with the app store; we do not see those.

For what: to be able to offer you your subscription, show you a payment record, and meet our tax retention obligation.

Legal basis: performance of the contract (article 6(1)(b) GDPR) for handling the payment, and legal obligation (article 6(1)(c) GDPR) for the tax retention obligation.

How you pay depends on where you take out the subscription:

  • Via the website (web app): you pay through Mollie B.V. in Amsterdam. Mollie is our processor; we have a data processing agreement with them.
  • Via the Android app (in-app): you pay through the Google Play Store. Here Google is the seller (Merchant of Record), not our processor: Google handles the payment and we receive only a payment status and an opaque purchase token, no payment-instrument data.

Which parties we engage per channel, and in which role, is set out in our sub-processors list.

4.6 Error reports

What: technical data that arises when something goes wrong in Pacely, the text of the error, a stack trace, your browser and operating-system version, and a short trail of technical events just before the error. For logged-in users we link a pseudonymised user id to the report (an internal, random string of characters, no email address, no name) so we can see that one person runs into the same error multiple times.

For what: to discover and repair errors in the app.

Legal basis: legitimate interest (article 6(1)(f) GDPR), our interest in a working, reliable service, weighed against your interest in privacy.

No health data. Pacely is technically set up so that the content of your activities, days, baselines and notes does not come along in error reports. We filter when sending to our error monitoring, and on the other side additional scrubbing rules run as a second safety net.

For this we work with Sentry GmbH in Vienna; error reports are stored in Frankfurt (Germany). See our sub-processors list.

We do not use your data for advertising, ad networks, or building profiles for marketing purposes.

5. No automated decision-making

Pacely does not make decisions about you based solely on automated processing. What the app shows, for example a day budget or an observation, is an aid; the choices remain yours.

6. Who at Pacely can see your data

Pacely staff. Access by Pacely staff is technically limited: only accounts with explicit authorisation can reach user data. In practice the reason for access is always one of: investigating a malfunction, answering a support question from you, developing, testing or maintaining the software, or meeting a legal obligation.

Every time a staff member accesses data from your account via our admin app, we record who it was, when it happened and for what purpose. We keep that log for 24 months. You can view the recent access to your own data in the app under "Who has seen your data".

One structural exception due to a platform limitation. The database software on which Pacely runs (Google Cloud Firestore Native) offers no technical way to automatically log every document read action through the Google Cloud admin console. That is a structural limitation of the platform itself, we cannot solve it, and as long as Google does not provide this logging capability, that limitation remains. For necessary database work there must always be at least one person with direct access who falls outside this log; that is not a temporary situation. We limit the impact by keeping that circle as small as possible; currently that is only Pacely's lead developer, exclusively for necessary maintenance such as analysing a malfunction or fixing a data problem that cannot be resolved through the admin app. For that access we have recorded a signed personal declaration on data processing: it sets out what the access may be used for and what is explicitly not allowed (no private use, no sharing with third parties, no copies outside the Google Cloud environment, no R&D work, no profiling outside official product flows). Research and product development do not run through this line in any case, but only through the auditable paths above; see also the additional consent for research.

Access you share yourself. In addition to Pacely staff, you can deliberately give someone access to (part of) your data yourself. For that we are working on two ways:

  • A share link, a link you create from the app and share, for example with a family member, partner or informal carer. The link gives read-only access to the part of your data that you designate yourself, has an expiry date, and you can revoke it at any time from the app.
  • Access for a care provider, do you want your GP, rehabilitation physician or occupational therapist to follow along and work with you? Then you can explicitly give a care provider access. That access covers both reading and writing, so your care provider can, for example, add a note, propose a baseline or adjust a setting. The access applies for a period you choose and can be revoked at any time from the app.

In both cases you are in charge. Pacely shares nothing behind your back; a reader or care provider only gets to see something after you have activated it yourself. Every action by a reader or care provider on your data, read actions and changes alike, we record in the same log described above; in the "Who has seen your data" overview you recognise them by a different label than Pacely staff.

7. With whom we share your data

Pacely does not share your data with parties for their own purposes. We do engage processors that store and process data for us according to our instructions. With every processor we have a data processing agreement.

One opt-in exception: external scientific research. If you have been invited for a specific scientific study and you have expressly consented to it under the additional terms for external scientific research, Pacely can make your data available to the research institution named in that consent, and only for that one study. That institution is itself the controller for what it does with the data after receipt and is not a processor of Pacely. Pacely and the institution record that division of roles per study in writing in a data transfer agreement prior to the invitation phase. Without your express consent nothing happens here, and withdrawal is possible at any time.

A medical professional to whom you have given access yourself via a linking code in the app (see article 6) is not a "sharing with a party for its own purposes" within the meaning of this article: that access stays within Pacely's own environment and is subject to the same audit as all other access.

Our processors today:

  • Google Cloud / Firebase (Google Ireland Ltd. and Google LLC), for authentication, database, file storage, running server code, storing logs and generating observations via AI. Concretely we use Firebase Authentication, Cloud Firestore, Cloud Functions, Cloud Storage, BigQuery and Vertex AI (Gemini). Locations of storage and processing are in article 8.
  • Sentry GmbH (Vienna, Austria), for capturing and analysing error reports from the website, app and server code. Servers in Frankfurt (Germany).
  • Calendly LLC (Atlanta, United States), for scheduling introductory calls with care professionals, patient organisations and researchers. This processor is only involved if you yourself schedule such a call from `pacely.nl` or the care-provider portal; for your use of the Pacely app itself, Calendly never touches your account or your health data. Transfer to the United States falls under the Standard Contractual Clauses, see article 8.
  • Google Workspace (Google Ireland Ltd.), for our mailbox behind @pacely.nl (Gmail), our business calendar (Google Calendar) and the video calls we hold with care professionals (Google Meet). This falls under a separate data processing agreement of Google, distinct from the Google Cloud / Firebase relationship above. Storage within the European Union; see article 8.
  • Sinch Email B.V. / Mailgun (Netherlands, with servers in Frankfurt), for sending transactional email on behalf of Pacely: account confirmation, password reset, subscription and invoice mail, and the invitation email when a care provider invites you to Pacely. We do not send health data over this route; only what the specific email needs.

We publish our current list of processors at pacely.nl/en/legal/sub-processors. If a new processor is added, we update this list before the change takes effect.

In addition, we share your data if the law obliges us to, for example at the demand of a law-enforcement agency.

8. Transfer outside the European Economic Area

Your health data (article 4.2) is stored at Google Cloud in Belgium and the Netherlands. Both countries have a full copy, so the service stays available if one region temporarily fails. In Finland there is a small technical replica with only administrative metadata, no copy of your health data itself.

Other data also stays within the EU:

  • Administrative data is stored in the same setup (Belgium and the Netherlands, with metadata in Finland).
  • Files you upload to Pacely are stored in the Netherlands and Finland.
  • Error reports we capture via Sentry are stored in Frankfurt (Germany).
  • AI processing via Vertex AI (article 4.2) runs in the Netherlands.

All of these locations are within the European Economic Area. Access to and management of that data takes place within the EEA as much as possible.

Google is a US company. For the cases in which data is transferred outside the EEA, we apply the Standard Contractual Clauses of the European Commission and the additional safeguards Google offers alongside them. Outside this framework we do not transfer your data to countries or parties not mentioned here.

One external exception for business contact. If a care professional, patient organisation or researcher schedules an introductory call via `pacely.nl`, the booking data (name, email address, chosen time, any free-text answers) is processed by Calendly LLC in the United States. This transfer takes place under the same Standard Contractual Clauses, included in the Calendly DPA. For the use of the Pacely app itself, no transfer to Calendly takes place; this processor never touches your account or your health data.

9. How long we keep your data

We do not keep your data longer than necessary for the purpose for which we process it. Per category:

  • Account data, for as long as your account exists. If you delete your account in the app, your data is immediately removed from our active systems. In encrypted backups it remains for up to 99 days until backup rotation erases it automatically. Our backups are weekly; we keep them to be able to restore data in the event of a malfunction or incident, not to consult for other purposes. If a backup is ever restored, we re-apply deletion requests received earlier after the restore.
  • Health data, same period as account data.
  • Log of access by staff, 24 months from the access. Deleted afterwards.
  • Error reports (Sentry), 90 days from the moment the error was captured. Deleted afterwards.
  • Communication (emails), at most 24 months after the last contact, unless a longer period is needed to handle the matter.
  • Financial records (invoices), 7 years, on the basis of the statutory tax retention obligation.

If a legal obligation requires a longer period, for example in an ongoing legal dispute, we keep the relevant data for as long as that obligation requires and no longer.

10. How we secure your data

We do our best to protect your data against loss, destruction and unauthorised use. Concrete measures:

  • Connections between your device and our servers are encrypted via TLS.
  • Data in our database is encrypted at rest (encryption at rest, provided by Google Cloud).
  • Passwords are stored encrypted by Firebase Authentication, we never see your password.
  • Access for staff requires two-step verification and is logged (see article 6).
  • We split our data access into layers, so that day-to-day admin tasks do not give access to special-category data.
  • We make weekly encrypted backups and keep them for 99 days, so we can restore after a malfunction, an incident or unexpected data loss. We do not use backups for purposes other than recovery; see article 9 for what that means after deletion of your account.
  • We evaluate our security regularly and adjust where needed.

If, despite this, a data breach occurs with risk to your rights and freedoms, we report it within 72 hours to the Dutch Data Protection Authority and inform you when that is required.

11. Cookies

On the website we today use only functional cookies that are needed to let you log in and make the site work. We use no tracking cookies, no advertising cookies and no external analytics without first asking your consent.

If that changes, we will first show a cookie bar in which you can choose per category. The full explanation per cookie is in our cookie notice.

12. Your rights

Under the GDPR you have the following rights:

  • Access, you may request which personal data we process about you.
  • Rectification, if your data is incorrect, we correct it.
  • Erasure, you may ask to have your data deleted. In most cases you can do this yourself by deleting your account from the app.
  • Restriction, you may ask us to temporarily stop the processing, for example while a rectification request is pending.
  • Objection, you may object to processing based on legitimate interest (article 4.3 above).
  • Data portability, you may request a copy of your data in a common, machine-readable format. You can also start an export yourself from the app.
  • Withdraw consent, you have given us explicit consent to process your health data (article 4.2). Pacely cannot function without that data, so withdrawing consent means we remove your health data from our systems. You withdraw your consent by deleting your account from the app, or by asking us to via mail@pacely.nl. The processing up to that moment remains lawful.

You make a request via mail@pacely.nl. We respond within four weeks. We may ask you to prove your identity before we carry out the request, otherwise we cannot be sure the request really comes from you.

If you feel that we are not handling your data carefully, we would like to hear it first ourselves. In addition, you always have the right to lodge a complaint with the Dutch Data Protection Authority (autoriteitpersoonsgegevens.nl).

13. Changes to this notice

We may adjust this privacy notice, for example if we engage a new processor or add a new feature that needs other data. For important changes we let you know at least 30 days in advance by email or in the app, and we state what is changing.

You can always find the most recent version at pacely.nl/en/legal/privacy. At the top of this notice you see the version number and the date of the last change.

14. Contact

Questions, requests or remarks about your data? Get in touch via:

Onn Software B.V. Meester Bierensweg 9b, 4841AH Prinsenbeek, The Netherlands Chamber of Commerce (KvK): 87600641 Email: mail@pacely.nl