Privacy Policy

Depending on your interaction, we may act as a controller of certain personal data related to running the Service (for example, account and usage data on our systems). Where FastSpring processes payment data as merchant of record, FastSpring also processes buyer personal data in connection with the transaction in accordance with its own privacy notices. FastSpring's documentation discusses GDPR roles and relationships for sellers and buyers—see FastSpring's GDPR overview. You should review FastSpring's buyer-facing privacy materials at checkout and on their site.

We may collect and process categories such as:

• Account & connection data: information associated with your Strava connection (for example, Strava athlete identifiers), OAuth tokens stored securely, and related profile metadata needed to operate the Service.
• Service data: operational logs, configuration, feature usage signals, and records of activity updates performed through the Service (for example, titles/sequences needed to deliver features).
• Subscription / entitlement signals: identifiers or status information received from FastSpring webhooks or APIs needed to confirm trial/subscription state.
• Technical data: IP address, device/browser type, timestamps, and diagnostic data for security and reliability.
• Support communications: information you email or submit when contacting us.

Where GDPR/UK GDPR applies, we rely on one or more lawful bases, including:

• Contract: to provide the Service you request (connect Strava, update titles, enable paid features when subscribed).
• Legitimate interests: securing the Service, preventing abuse, improving reliability, analytics in aggregate or pseudonymous form, and communicating operational notices—balanced against your rights.
• Legal obligation: where required to comply with law.
• Consent: where required for optional cookies/analytics or marketing (if offered).

FastSpring states it maintains GDPR-related compliance as a platform; your company may still have independent obligations when selling into the EU/UK—see FastSpring's GDPR documentation. We cannot provide legal advice.

We may use cookies or similar technologies that are strictly necessary for the Service to function. Where configured, we may use analytics (for example Google Analytics 4) to understand usage. If required by law, we will obtain consent for non-essential analytics—manage preferences via any banner or settings we provide.

We may share data with service providers who process data on our instructions, such as:

• Strava—to access/update activities per your authorization.
• FastSpring—to process purchases and subscription signals (see FastSpring privacy/legal notices).
• Hosting/infrastructure & database providers—to run the application and store data.
• Analytics providers—if enabled.

We do not sell your personal information in the conventional sense of “selling data for money.” Where U.S. state privacy laws define “sale/share,” we provide disclosures and choices as required.

Payment transactions may be processed by FastSpring. FastSpring describes fraud prevention capabilities, including machine-learning approaches and partnerships—see FastSpring's fraud engine overview. Such processing is primarily governed by FastSpring's notices for checkout transactions.

We may process data in countries other than your own. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) or rely on adequacy decisions. FastSpring also describes international compliance approaches relevant to buyers and sellers.

We retain personal data only as long as needed for the purposes above, including legal, accounting, and dispute-resolution needs. Technical logs may be retained for shorter rolling periods.

We implement administrative, technical, and organizational measures designed to protect personal data. However, no method of transmission or storage is completely secure; we cannot guarantee absolute security.

Depending on your location, you may have rights to access, rectify, delete, restrict, port, or object to certain processing, and to withdraw consent where processing is consent-based. You may lodge a complaint with a supervisory authority. To exercise rights, contact us using details published on this website.

If you are a California resident, you may have additional rights under the CCPA/CPRA, including rights to know, delete, correct, and opt out of certain sharing (where applicable).

The Service is not directed to children under the age where parental consent is required in your region. If you believe we collected such information, contact us and we will take appropriate steps.

We may update this Privacy Policy by posting a revised version and updating the "Last updated" date.

Privacy inquiries: use the contact details published on this website. For FastSpring-specific transaction or checkout privacy questions, also consult FastSpring's notices and support channels linked from your receipt/order flow.

This Privacy Policy is informational and should be reviewed by qualified counsel for your entity, jurisdictions, and product specifics—especially if you sell internationally or handle sensitive categories of data.