Privacy Policy

Account information
When you register, we collect your email address and password (stored securely via Supabase Auth — we do not store your password in plain text).

Profile information
Optionally: your first and last name, which you can add after registering.

Training data
Information you provide to generate or update a plan: current and target weekly distances, training days, run type preferences, race details, fitness benchmarks, and any free-text notes. This also includes weekly logs you submit (actual km run, notes, uploaded images).

Usage data
Basic server-side logs may capture request metadata (IP addresses, timestamps, page routes) for debugging and security purposes. We also use privacy-respecting product analytics (PostHog, hosted in the EU) to understand how the Service is used and where to improve it. This does not include third-party advertising or cross-site tracking, and we run it without analytics cookies.

Waitlist information
If you join the waitlist, we store your email address and the page you signed up from, solely to contact you with an invite.

• To generate and manage your training plans
• To personalise plan recommendations using your historical logs
• To authenticate your account and maintain sessions
• To diagnose technical issues and improve the Service

We do not use your personal data for advertising, profiling, or any automated decision-making beyond the training plan generation you explicitly request.

Where UK or EU data protection law applies, our lawful bases for processing are: performance of a contract (to provide and manage your training plans), our legitimate interests (to keep the Service secure and to fix technical issues), and your consent (for anything optional, such as free-text notes or images you choose to add). Any health-related detail you choose to type into free-text notes is provided voluntarily and used only to generate and adjust your plan.

RacePacer uses the following third-party providers. Your data may be processed by them as described:

• Supabase — database, authentication, and file storage. Your account credentials and training data are stored on Supabase infrastructure in the EU (Frankfurt, Germany).
• Anthropic (Claude API)— AI plan generation. When you generate or update a training plan, your training inputs, notes, and uploaded images are sent to Anthropic's API, which processes them in the United States. Anthropic does not use data submitted through its API to train its models.
• Vercel — hosting and serverless functions. Application code and request logs are hosted on Vercel infrastructure.
• PostHog — privacy-respecting product analytics, hosted in the EU. We use it to understand usage and improve the Service. It runs without analytics cookies; only signed-in users are linked to an identifier (your account ID), and we do not send it advertising identifiers.

Where your data is stored. Your account and training data are stored in the EU. Some processing (AI plan generation by Anthropic) takes place in the United States. Where personal data is transferred outside the UK or EEA, we rely on appropriate safeguards such as the relevant Standard Contractual Clauses.

We retain your data for as long as your account is active. If you wish to have your data deleted, contact us at the address below and we will remove your account and associated data within 30 days. When we delete your account we remove it from our active systems; any residual copies in encrypted backups are purged on our normal backup rotation.

We use industry-standard security practices: passwords are hashed, connections are encrypted over HTTPS, and database access is restricted. However, no system is perfectly secure and you use the Service at your own risk.

RacePacer uses session cookies set by Supabase Auth to keep you logged in. These are strictly functional — no advertising or tracking cookies are used. If you choose not to be remembered between sessions, uncheck “Keep me signed in” at login.

Depending on where you are based, you may have rights under applicable data protection law (including GDPR if you are in the UK or EU) to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Object to or restrict certain processing
• Data portability

To exercise any of these rights, contact us at the address below.

If you are in the UK, you also have the right to lodge a complaint with the Information Commissioner’s Office (ico.org.uk).

We do not sell or share your personal information. If you are a California resident, you have the right to know what personal information we hold, and to request its deletion or correction.

RacePacer is not intended for users under the age of 18. We do not knowingly collect data from anyone under 18.

We may update this Privacy Policy from time to time. Continued use of the Service after changes are posted constitutes acceptance.