Privacy Policy

Our Commitment to Your Privacy

We take your privacy seriously. This policy explains exactly what data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR).

What Data We Collect

Information You Provide

• Account Information: Email address, name, and handle (username)
• Profile Information: Bio, location (if provided), profile picture
• Race Data: Races you've participated in, race results, goals, and reflections
• Social Links: Links to your other social media profiles or websites

Information We Collect Automatically

• Authentication Data: Login timestamps and authentication tokens - We need this to keep you securely logged in and to detect any suspicious login attempts
• Technical Data: IP address (processed by our infrastructure provider) - Used only for security purposes like preventing abuse and DDoS attacks

How We Use Your Data

We use your data exclusively to:

• Provide and maintain your athlete profile
• Enable you to share your athletic journey
• Authenticate you when you log in
• Send you essential service emails (password resets, security notices)
• Improve our service based on usage patterns

What We DON'T Do

• We never sell your personal data
• We don't share your data with third parties for marketing
• We don't track you across other websites
• We don't use advertising cookies or tracking pixels

Cookies

We only use essential cookies required for the service to function:

• Session Cookie: Keeps you logged in (expires when you log out) - This remembers who you are so you don't have to log in on every page
• Security Cookie: Protects against cross-site request forgery - This ensures that actions on your account can only be performed by you, not by malicious websites

These cookies are strictly necessary for the website to function and cannot be disabled. Without them, you wouldn't be able to log into your profile or stay logged in as you navigate between pages.

Third-Party Services

Infrastructure Providers

• Hetzner: Hosts our servers and database in Germany. View Hetzner's Privacy Policy
• Cloudflare: Provides DDoS protection and content delivery. They may process IP addresses for security purposes. View Cloudflare's Privacy Policy

Authentication Providers

If you choose to sign in with Google or Strava, we only receive:

• Your email address
• Your name (if available)
• Your profile picture URL (if available)

We do not have access to your Google or Strava passwords or any other data from these services.

Data Storage and Security

• Your data is stored in secure data centers within the European Union - This means your data never leaves the EU and is protected by EU privacy laws
• All data transmission is encrypted using HTTPS - This is like sending your data in a locked box that only our servers can open
• We don't store passwords - we use secure magic links - Instead of passwords, we send you a unique login link via email. This means there's no password to forget or for hackers to steal
• We regularly update our systems to patch security vulnerabilities - Just like updating your phone for security fixes, we keep our servers updated too

Your Rights Under GDPR

You have the right to:

• Access: Request a copy of all data we have about you
• Rectification: Update or correct your data (you can do this in your profile settings)
• Erasure: Delete your account and all associated data
• Portability: Export your data in a machine-readable format
• Object: Opt out of any data processing (though this may limit functionality)

Deleting Your Account

You can delete your account at any time from your account settings. When you delete your account:

• All your personal data is permanently removed from our systems
• Your profile, race participations, and all associated content are deleted
• This action cannot be undone

Some anonymized, aggregated data may be retained for statistical purposes, but this cannot be linked back to you.

Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect data from children under 16. If you become aware that a child has provided us with personal data, please reach out through the contact form.

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes by email or through a prominent notice on our service. Your continued use of the service after such modifications constitutes your acceptance of the updated policy.

Data Protection Rights

For any questions about this privacy policy or to exercise your GDPR rights, please contact us at: [email protected]