Privacy Policy – SelfRace
Last updated: January 29, 2026
1. Overview
SelfRace is a personal training analytics application designed to help endurance athletes analyze their own training data and long-term performance trends. We respect user privacy and process personal data only to deliver analytics and coaching features requested by the user.
SelfRace is a private, self-comparison tool. There are no social features, leaderboards, or comparisons with other athletes.
2. Data We Collect & Legal Basis
By connecting your Strava account, you provide explicit consent for SelfRace to access and process the following data solely for training analytics purposes:
Data accessed from Strava:
- Activity Metrics: Distance, duration, sport type, pace, elevation gain, cadence, power, effort metrics, and timestamps.
- Physiological Performance Metrics: Heart rate and derived workload indicators used exclusively for performance and recovery analysis.
- Account Identifiers: Strava Athlete ID and email address (used only for authentication and account management via Supabase).
Data we do NOT use:
- We do not store or display precise GPS routes or location maps.
- We do not process social data (followers, clubs, comments).
- We do not access private messages or non-training-related content.
3. How We Use Your Data
Your data is used exclusively to:
- Calculate personal training metrics (e.g. training load, intensity distribution, weekly trends).
- Correlate Strava activity data with optional user-entered recovery inputs (HRV, sleep, notes).
- Generate private performance summaries and long-term insights.
Data Protection Principles:
- Private by Design: Your data is visible only to you.
- No Sharing: Data is never shared with other users.
- No Selling: We do not sell, rent, or monetize personal data.
- Read-Only Access: SelfRace never modifies or writes data back to Strava.
4. AI & Automated Processing
SelfRace uses automated analysis (AI-assisted logic via private APIs) to generate training insights.
- User-Centric Processing: AI is used only to interpret the user’s own statistics for their private dashboard.
- No Model Training: User data is not used to train global machine learning models. We exclusively use enterprise-grade API tiers.
- Minimal Retention: Data sent for AI analysis is processed for real-time inference only and is not stored by the AI provider beyond the processing window.
5. Data Storage & Retention
We apply a data-minimization strategy to ensure compliance with Strava’s platform policies.
Granular Activity Data (Streams, Laps, Splits):
- Detailed activity data is cached temporarily to support deep-dive analysis.
- Retention period: Automatically deleted after seven (7) days.
Activity Summaries & Trends:
- High-level activity metadata (summaries) is stored for up to 90 days to support long-term performance trend calculations (e.g., CTL/ATL).
- Aggregated insights (e.g., weekly totals) are stored in a form that cannot be reverse-engineered into individual granular activities.
Account Disconnection & Deletion:
- Disconnection: If you disconnect your Strava account, all Strava-derived activity data and calculated metrics are immediately and permanently deleted from our servers. To protect API resources, a 24-hour cooldown period applies before reconnection is allowed.
- Account Deletion: Upon request to delete your SelfRace account, all data is purged immediately, with a 7-day grace period for account recovery before permanent removal of settings and preferences.
6. Your Rights (GDPR)
If you are located in the EU, you have the right to:
- Access the data we store about you.
- Request correction or deletion of your data.
- Withdraw consent at any time by disconnecting Strava.
- Request full account removal (“right to be forgotten”).
7. Third-Party Services
SelfRace relies on a limited set of trusted service providers:
- Strava API – activity data access based on user consent.
- Supabase – authentication and secure data storage.
- AI Providers (Enterprise APIs) – used only for private inference, with no training on user data.