PaceMind

Name and address of the controller responsible for processing

Elmar Braun, PaceMind

Niederrheinstr. 8a, 40474 Düsseldorf, Germany

elmar@pacemind.io

Data Protection Officer

We are not required to appoint a dedicated data protection officer. Please contact elmar@pacemind.io if needed.

Collection of general data and information

Strava connection data

When you connect your Strava account, we request access to the following data via Strava's OAuth2 authentication:

• Your public profile information (e.g. athlete ID, profile picture URL).
• Your activity data, including details such as type, name, date, distance, duration, pace/speed, elevation, heart rate, and calories.
• Access token to retrieve this data on your behalf.
• List of relevant scopes: `read`, `activity:read_all`, `profile:read_all`

This data is retrieved directly from Strava and used to provide the app's core features, such as displaying your activities and enabling AI analysis.

Profile data provided by you

Within the app settings, you can optionally provide additional personal information to improve AI analysis, such as:

• Fitness goals (e.g. "improve 5km time").
• Independent, additional input for the AI Coach as free text.

App usage data

We may collect technical information about your device and your interaction with our app (e.g. feature usage, error logs) to improve performance and user experience. This data is typically aggregated and anonymized.

Purpose of data processing

• Providing, maintaining, and improving the PaceMind application and its features.
• Displaying your Strava activities and related statistics.
• Creation of personal, individual fitness analyses, summaries, and recommendations by processing your activity and profile data with AI models.
• Personalizing AI feedback if you specify fitness goals or profile data.

Legal basis of processing

We process your personal data on the following legal basis:

• Your consent (Art. 6 para. 1 lit. a GDPR) for connecting your Strava account, providing optional profile data, and opting into anonymous data sharing.
• The necessity to fulfill a contract with you (Art. 6 para. 1 lit. b GDPR) to provide the core functions of the app when you use the service.
• Our legitimate interests (Art. 6 para. 1 lit. f GDPR) in improving our services, ensuring security, and analyzing aggregated, anonymized data.

Data storage and retention

Strava access and refresh tokens are stored in your browser's `localStorage`. These are deleted when you explicitly disconnect from Strava in the app or when token validation fails.

Settings data (selected time range, fitness goals, opt-in status for anonymous data, anonymous user ID) are stored in your browser's `localStorage` to facilitate usage and remain until you delete your browser data or change the settings.

Data sharing and third parties

We do not sell your personal data. We share data only with the following third parties required to provide our service:

• View on Strava: We interact with the Strava API to retrieve your activity data after you authorize the connection.
• privacyPage.dataSharing.googleCloud.title: privacyPage.dataSharing.googleCloud.p1
• Genkit / AI Models (e.g. Google Gemini): User requests and relevant activity/profile data are sent via the Genkit framework for analysis to AI models. Important: This data is used exclusively to process your specific request and generate a personal analysis for you. Your data is not used to train the general AI models and is not stored or processed for any other purpose.

We are not responsible for the privacy practices of these third parties. We recommend that you read their privacy policies.

Cookies and Local Storage

This application uses `localStorage` in your browser to store your settings (time range, fitness goals, opt-in preferences, anonymous ID) and Strava authentication tokens. `localStorage` allows local storage of data in your browser without an expiration date. This data is not automatically deleted when you close your browser, but can be deleted via your browser settings.

We do not use cookies. However, software products we use, such as Next.js, Firebase, or other essential cookies for session management or performance, may use cookies. You will be informed separately by the providers. The terms of use and privacy policies of the respective services apply.

Your data protection rights

Under the GDPR, you have various rights regarding your personal data:

• Right of access: You have the right to request information about the personal data we store about you.
• Right to rectification: You have the right to request the correction of inaccurate personal data.
• Right to erasure ("right to be forgotten"): You have the right to request the deletion of your personal data under certain conditions.
• Right to restriction of processing: You have the right to request the restriction of processing of your personal data under certain conditions.
• Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format.
• Right to object: You have the right to object to the processing of your personal data under certain conditions.
• Right to withdraw consent: If the processing is based on your consent, you have the right to withdraw that consent at any time.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority.

Data security

We take appropriate technical and organizational measures to protect your data from unauthorized access, loss, or alteration. However, no internet transmission is 100% secure.

Children's privacy

Our service is not directed at individuals under the age of 16 (or a higher age if required by local law). We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us.

Updates to this privacy policy

We may update this privacy policy from time to time. We will inform you of significant changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this policy regularly.

Contact us

If you have any questions about this privacy policy or our data practices, please contact us at: elmar@pacemind.io