Privacy Policy

Depending on your interaction, we may act as a controller of certain personal data related to running the Service (for example, account and usage data on our systems). Where Stripe processes payment data on our behalf as a payment processor, Stripe also handles cardholder and transaction data under its own agreements and privacy notices. See Stripe's Privacy Center for how Stripe describes its processing. You should review notices presented at checkout in addition to this Policy.

We may collect and process categories such as:

• Account & connection data: information associated with your Strava connection (for example, Strava athlete identifiers), OAuth tokens stored securely, and related profile metadata needed to operate the Service.
• Service data: operational logs, configuration, feature usage signals, and records of activity updates performed through the Service (for example, titles/sequences needed to deliver features).
• Subscription / entitlement signals: identifiers or status information received from Stripe webhooks or APIs needed to confirm trial/subscription state.
• Technical data: IP address, device/browser type, timestamps, and diagnostic data for security and reliability.
• Support communications: information you email or submit when contacting us.

Where GDPR/UK GDPR applies, we rely on one or more lawful bases, including:

• Contract: to provide the Service you request (connect Strava, update titles, enable paid features when subscribed).
• Legitimate interests: securing the Service, preventing abuse, improving reliability, analytics in aggregate or pseudonymous form, and communicating operational notices—balanced against your rights.
• Legal obligation: where required to comply with law.
• Consent: where required for optional cookies/analytics or marketing (if offered).

Stripe publishes compliance and data-processing documentation for its platform; you may still have independent obligations when selling into the EU/UK. We cannot provide legal advice.

We may use cookies or similar technologies that are strictly necessary for the Service to function. Where configured, we may use analytics (for example Google Analytics 4) to understand usage. If required by law, we will obtain consent for non-essential analytics—manage preferences via any banner or settings we provide.

We may share data with service providers who process data on our instructions, such as:

• Strava—to access/update activities per your authorization.
• Stripe—to process payments and subscription signals (see Stripe's privacy/legal notices).
• Hosting/infrastructure & database providers—to run the application and store data.
• Analytics providers—if enabled.

We do not sell your personal information in the conventional sense of “selling data for money.” Where U.S. state privacy laws define “sale/share,” we provide disclosures and choices as required.

Payment transactions are processed by Stripe. Stripe describes fraud prevention and risk tooling in its documentation and legal materials. Such processing is primarily governed by Stripe's notices for checkout transactions.

We may process data in countries other than your own. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) or rely on adequacy decisions. Stripe also describes international transfers and safeguards in its documentation.

We retain personal data only as long as needed for the purposes above, including legal, accounting, and dispute-resolution needs. Technical logs may be retained for shorter rolling periods.

We implement administrative, technical, and organizational measures designed to protect personal data. However, no method of transmission or storage is completely secure; we cannot guarantee absolute security.

Depending on your location, you may have rights to access, rectify, delete, restrict, port, or object to certain processing, and to withdraw consent where processing is consent-based. You may lodge a complaint with a supervisory authority. To exercise rights, contact us using details published on this website.

If you are a California resident, you may have additional rights under the CCPA/CPRA, including rights to know, delete, correct, and opt out of certain sharing (where applicable).

The Service is not directed to children under the age where parental consent is required in your region. If you believe we collected such information, contact us and we will take appropriate steps.

We may update this Privacy Policy by posting a revised version and updating the "Last updated" date.

Privacy inquiries: use the contact details published on this website. For payment- or checkout-specific privacy questions, also consult Stripe's notices and support channels linked from your receipt or billing flow.

This Privacy Policy is informational and should be reviewed by qualified counsel for your entity, jurisdictions, and product specifics—especially if you sell internationally or handle sensitive categories of data.