Privacy Policy

Last updated: October 21, 2025

1. Introduction

Welcome to raceday.fit ("we," "our," or "us"). We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our training analysis and planning platform.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name
  • Authentication credentials (securely hashed)
  • Profile information you choose to provide

2.2 Training Data

With your explicit authorization, we collect and process:

  • Activity data from connected services (Strava, Intervals.icu, etc.)
  • Workout metrics (distance, duration, heart rate, power, pace, etc.)
  • Athlete profile data (weight, FTP, lactate threshold, etc.)
  • Performance history and training load information
  • Race and event goals

2.3 Usage Information

We automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Usage patterns and feature interactions
  • Performance and error data

3. How We Use Your Information

We use your information to:

  • Provide and improve our training analysis and planning services
  • Generate personalized training recommendations
  • Analyze your performance trends and progress
  • Create race-specific training plans based on course profiles
  • Communicate with you about your account and our services
  • Ensure platform security and prevent fraud
  • Comply with legal obligations
  • Develop new features and improve existing ones

4. Third-Party Integrations

4.1 Connected Services

We integrate with third-party services like Strava and Intervals.icu using OAuth2 authentication. When you connect these services:

  • You explicitly authorize us to access specific data from these platforms
  • We only request the minimum permissions necessary for our features
  • You can revoke access at any time through your account settings
  • We do not share your data with these services beyond what's necessary for the integration

4.2 Service Providers

We use trusted third-party service providers for:

  • Authentication and security (NextAuth.js)
  • Database and backend services (Convex)
  • Payment processing (Polar)
  • Hosting and infrastructure (Vercel)
  • Email communications (Resend)

These providers have access only to information necessary to perform their functions and are obligated to protect your data.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your data only in these limited circumstances:

  • With your consent: When you explicitly authorize data sharing
  • Service providers: As described in Section 4.2
  • Legal requirements: When required by law or to protect rights and safety
  • Business transfers: In connection with a merger, sale, or acquisition (with notice to you)

6. Data Security

We implement robust security measures to protect your data:

  • End-to-end encryption for data in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Secure password hashing (bcrypt)
  • Regular security audits and updates
  • Access controls and authentication
  • Secure OAuth2 implementation for third-party integrations

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your Rights and Choices

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Data portability: Export your data in a common format
  • Revoke consent: Disconnect third-party integrations at any time
  • Opt-out: Unsubscribe from marketing communications

To exercise these rights, please contact us at privacy@raceday.fit or through your account settings.

8. Data Retention

We retain your data as long as your account is active or as needed to provide services. When you delete your account:

  • We delete your personal information within 30 days
  • Some data may be retained longer if required by law
  • Aggregated, anonymized data may be retained for analytics

9. Children's Privacy

Our service is not intended for users under 16 years of age. We do not knowingly collect information from children. If you believe we have collected data from a child, please contact us immediately.

10. International Data Transfers

Your data may be processed in countries outside your residence. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

11. Cookies and Tracking

We use essential cookies to:

  • Maintain your session and authentication
  • Remember your preferences
  • Analyze usage patterns to improve our service

You can control cookies through your browser settings, but disabling essential cookies may affect functionality.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by:

  • Posting the updated policy with a new "Last updated" date
  • Sending an email notification for material changes
  • Displaying a notice on our platform

Your continued use of raceday.fit after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

  • Email: privacy@raceday.fit
  • Support: support@raceday.fit
  • Website: https://raceday.fit

14. GDPR Compliance (EU Users)

If you are in the European Union, you have additional rights under GDPR:

  • Right to be informed about data collection and use
  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making

Our lawful basis for processing your data is primarily your consent and contract performance. To exercise your GDPR rights, contact us at privacy@raceday.fit.