Privacy Policy

1. Information We Collect

We collect the minimum amount of data needed to roast your runs effectively:

Account Information

• Email address (for login and sending summaries)
• Authentication tokens/credentials
• Profile preferences (selected coach persona, notification settings)

Strava Activity Data

When you connect your Strava account, we collect:

• Activity type, date, time, duration, distance, pace
• Route data (if available)
• Heart rate, elevation, and other metrics you track
• Activity titles and descriptions you provide

We do NOT collect or store photos, kudos, comments, or social features from Strava.

2. How We Use Your Data

We use your data for exactly three purposes:

1. To provide the Service: Analyzing your runs and generating AI summaries
2. To send you summaries: Email notifications when analyses are ready
3. To improve the Service: Occasionally reviewing generated content quality (we might laugh at particularly good roasts)

That's it. We're not building a running surveillance state.

3. Data Storage and Security

Your data is stored securely in our database. We use industry-standard security practices including:

• Encrypted database connections
• Magic link authentication (no passwords to leak)
• Regular security updates

However, no system is 100% secure. If we discover a security breach, we'll notify you promptly and take immediate action to fix it.

4. Data Sharing

We do not sell, rent, or trade your personal data. Period. The only third parties we share data with are:

• Strava: For fetching your activity data (you authorized this)
• AI Service Providers: We send your activity data to AI models (like Google's Gemini) to generate summaries. This data is not used to train their models.
• Hosting/Infrastructure: Our hosting providers process data as necessary to run the Service

We will only share data with authorities if legally required to do so (we're not trying to go to jail for your running data).

5. Your Rights and Choices

You have control over your data:

• Access: View all your stored activities and summaries in your feed
• Deletion: Delete your account and all associated data at any time through profile settings
• Disconnection: Disconnect your Strava account to stop new data collection
• Emails: Control notification preferences in your profile

Under GDPR (if you're in the EU) and similar regulations, you have additional rights to request data exports or lodge complaints with authorities.

6. Data Retention

We keep your data for as long as you have an active account. If you delete your account:

• Your activity data is permanently deleted within 30 days
• AI-generated summaries are deleted along with the activities
• We may retain minimal transaction records if you had a paid subscription (for tax/legal purposes)

7. Cookies and Analytics

We use minimal cookies - just enough to keep you logged in and remember your preferences. For analytics, we use SimpleAnalytics, a privacy-focused analytics service that doesn't track you across the web, doesn't use cookies, and doesn't collect personal data. We do NOT use:

• Google Analytics or other invasive tracking
• Third-party tracking cookies
• Behavioral advertising cookies

We're as anti-tracking as a running app can reasonably be.

8. Children's Privacy

Our Service is not intended for users under 16. We don't knowingly collect data from children. If you're a parent and believe your child has created an account, contact us and we'll delete it.

9. Changes to This Policy

If we make material changes to this Privacy Policy, we'll notify you via email or through the Service at least 30 days before the changes take effect.

10. Contact Us

Questions about privacy? Concerns about your data? Want to know exactly what we know about your marathon training? Contact us at privacy@personalrunnersclub.com.