Privacy Policy

What we collect

When you sign in with Google we get your name, email, and profile photo. When you connect Strava we get your activity data — distances, times, GPS routes, heart rate, elevation, and whatever else you record on your watch.

What we do with it

We use your data to power your dashboard, charts, heatmap, and public profile (if you turn that on). That is it. We do not sell your data, show you ads, or hand it to third parties for marketing.

Where it lives

Everything is stored in a Postgres database hosted by Neon in EU-West. Strava tokens are encrypted with AES-256-GCM before they hit the database. All traffic runs over TLS.

Third parties

• Google — sign-in only. We do not touch the rest of your Google account.
• Strava — read-only. We pull your activities but never change anything on Strava.
• Mapbox — we send GPS coordinates so it can draw the map. Nothing else.
• Vercel — hosts the app.

Public profiles

Off by default. If you switch yours on, your name, photo, username, and activity data become publicly visible. You can switch it back off in Settings at any time.

Cookies

We set a session cookie so you stay logged in. No tracking pixels, no analytics scripts, no ad cookies.

Keeping your data

Your data stays for as long as your account is active. Disconnect Strava and your activities stay put — if you want them gone, ask us to delete your account.

Your rights

You can export, correct, or delete your data whenever you want. Drop us an email and we will sort it out.

Get in touch

Privacy questions? Email myrunningstatswebsite@gmail.com.