Privacy Policy

1. Introduction

PaceBrain ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

By using PaceBrain, you consent to the data practices described in this policy. If you do not agree with this policy, please discontinue use of our services.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, date of birth, gender, username, password
• Profile Information: Profile photo, bio, running goals, fitness level
• Payment Information: Billing details processed through secure third-party payment processors (we do not store full credit card numbers)

2.2 Activity and Health Data

• Running Activities: GPS location data, distance, pace, duration, elevation
• Health Metrics: Heart rate, cadence, training load, recovery metrics (with your explicit consent)
• Training Data: Workout history, race results, personal records, goals
• Device Data: Data from connected fitness devices and apps (Strava, Garmin, Polar, etc.)

2.3 Automatically Collected Information

• Usage Data: Pages viewed, features used, time spent on platform, click patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies and Tracking: Session cookies, analytics cookies, preference cookies
• Log Data: Server logs, error reports, API usage

3. How We Use Your Information

We use collected information for the following purposes:

• Service Provision: To provide, maintain, and improve our analytics platform
• Personalization: To customize training plans, insights, and recommendations based on your data
• AI Analysis: To generate pace predictions, race recommendations, and performance insights using machine learning
• Communication: To send service updates, feature announcements, and support responses
• Analytics: To understand usage patterns and improve user experience
• Security: To detect, prevent, and address technical issues and fraudulent activity
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

4. Data Sharing and Disclosure

4.1 We Do NOT Sell Your Personal Data

We do not sell, rent, or trade your personal information to third parties for monetary consideration.

4.2 When We Share Information

• Service Providers: Third-party vendors who assist with hosting, analytics, payment processing, customer support (under strict confidentiality agreements)
• Connected Apps: With your explicit permission, we share data with integrated services (Strava, Garmin, Polar) per their APIs
• Aggregated Data: Anonymous, aggregated statistics that cannot identify individual users
• Legal Requirements: When required by law, court order, or to protect our rights and safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)

5. Your Privacy Rights and Controls

5.1 Access and Control

You have the right to:

• Access: View and download all personal data we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Portability: Export your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing communications
• Restriction: Limit how we process certain data

5.2 Privacy Controls

• Profile Visibility: Control who can see your profile and activities
• Activity Privacy: Set individual activities to public, followers-only, or private
• Location Privacy: Hide exact start/end locations of activities
• Health Data Consent: Manage sharing of sensitive health metrics
• Connected Apps: Revoke access to third-party integrations at any time

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption of data in transit (TLS/SSL) and at rest
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Secure data centers with physical and network security
• Employee training on data protection and privacy

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this policy. When you delete your account:

• Personal data is deleted within 30 days of account deletion request
• Some information may be retained for legal compliance (e.g., financial records for tax purposes)
• Aggregated, anonymized data may be retained indefinitely for analytics
• Backup copies may persist for up to 90 days before permanent deletion

8. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Users aged 13-17 must have parental consent to use the service and receive enhanced privacy protections, including restricted profile visibility and limited data sharing.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data internationally, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission or rely on adequacy decisions where available.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Required for basic functionality (authentication, security)
• Analytics Cookies: To understand usage patterns and improve the service
• Preference Cookies: To remember your settings and preferences
• Marketing Cookies: To deliver relevant content (with your consent)

You can control cookie preferences through your browser settings. Note that disabling certain cookies may limit functionality.

11. Third-Party Links and Services

Our service may contain links to third-party websites, apps, or services (e.g., Strava, Garmin, Polar, parkrun). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

12. Region-Specific Privacy Rights

12.1 European Economic Area (EEA) - GDPR Rights

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to be informed about data collection and use
• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making and profiling

Legal basis for processing: consent, contract performance, legal obligation, or legitimate interests.

12.2 California - CCPA/CPRA Rights

California residents have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know what personal information is collected
• Right to know if personal information is sold or shared
• Right to opt-out of sale/sharing of personal information
• Right to delete personal information
• Right to correct inaccurate information
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising privacy rights

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page with a new effective date
• Sending an email notification to registered users
• Displaying a prominent notice on the platform

Your continued use of the service after changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: privacy@pacebrain.com
Data Protection Officer: dpo@pacebrain.com
Support: support@pacebrain.com

We will respond to your request within 30 days (or as required by applicable law).