Privacy Policy

1. Introduction

PaceLab ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered running coach service.

By using PaceLab, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

• Email address (required for account creation)
• Name (optional)
• Password (managed securely through AWS Cognito authentication - we do not store passwords directly)
• Timezone preference (for scheduling and notifications)
• Account timestamps (creation date, last login)

2.2 Fitness Data from Connected Services

When you connect a fitness service or device (such as Garmin, Polar, COROS, Apple Health, or other supported providers), we access and store:

• Activity metrics: distance, duration, pace, heart rate (average and maximum), cadence, and calories
• GPS route data: coordinates, map polylines, and elevation profiles
• Activity details: timestamps, titles, descriptions, and workout type
• Lap and split information (if recorded by your device)
• Activity photos (if shared through your connected service)
• Basic athlete profile information from the connected service

We store the complete activity data from your provider to ensure accurate training analysis. This includes the raw data as provided by the service.

2.3 Profile Information You Provide

• Training goals and target races (including race name, date, distance, and target time)
• Physical attributes (all optional):
  • Date of birth or age
  • Biological sex (used for physiologically-appropriate training recommendations)
  • Height
  • Weight (including historical entries if you choose to track changes over time)
  • Running experience level
• Personal records and race history
• Training preferences (weekly schedule, preferred workout types, training philosophy)
• Coach communication style preference
• Self-assessment feedback on workouts (perceived effort, energy level, notes)
• Location (city-level) for weather forecasts and optimal run time suggestions

2.4 Automatically Collected Information

• Weather data for your activities and location (from Open-Meteo weather service)
• Map images generated from your activity routes
• Derived metrics including elevation profiles, pace analysis, and training compliance scores
• AI service usage metrics (to manage costs and improve recommendations)
• Activity sync status and history

3. How We Use Your Information

Your data is used solely to provide the service to you. We do not mine, analyze, or monetize your personal data for any other purpose.

Specifically, we use your information to:

• Generate personalized AI-powered training plans
• Analyze your training patterns and provide feedback
• Track your progress toward your goals
• Send service-related communications
• Process payments and manage subscriptions

We do not routinely access your individual data. We may only view your account data when troubleshooting issues that you report to us, and only to the extent necessary to resolve your specific problem.

4. AI Processing and Third-Party Services

To provide AI-powered coaching, your training data is processed by large language models (LLMs). This means:

• Your activity summaries and goals are sent to AI providers (OpenAI, Anthropic) for analysis
• We do not send personally identifiable information (like your name or email) to AI providers
• AI providers process data according to their own privacy policies and data processing agreements
• Generated training plans are stored in your account

Data Shared with AI Providers

When generating training plans and feedback, we share the following categories of data with AI providers:

• Activity summaries (distance, pace, duration, heart rate averages - not raw GPS data)
• Training goals and target dates
• Current training phase and weekly context
• Weather conditions during activities
• Your self-assessment feedback
• Athlete demographics (age bracket, experience level - not your name or email)

We do NOT share your email address, full name, precise home location, or raw GPS route data with AI providers.

Data Anonymization

Before your data is processed by AI systems, we apply anonymization techniques to protect your identity:

• No personal identifiers: Your name, email, and account details are never included in AI prompts
• Location generalization: Only city-level weather data is used, not your precise location or home address
• No GPS data: Raw route coordinates are never sent to AI providers
• Aggregated metrics: Activity data is summarized (e.g., "10K run at 8:30/mile pace") rather than raw device streams
• Internal IDs only: Your identity is represented by anonymous internal identifiers that cannot be linked to you by AI providers

This means that if you were to read the exact data sent to AI providers, you would not be able to identify yourself or any other user from that data alone.

Other Third-Party Services

• Fitness device providers: Activity data synchronization (Garmin, Polar, COROS, and others as supported)
• Amazon Web Services (AWS): Secure cloud hosting and data storage
• Stripe: Payment processing (we do not store your full credit card details)
• Open-Meteo: Weather data for activity analysis
• Mapbox: Map rendering and route visualization (receives GPS coordinates to generate activity map images)

5. Data Sharing and Disclosure

We do not sell your personal data.

We may share information only in these circumstances:

• To comply with legal obligations or respond to lawful requests
• To protect our rights, privacy, safety, or property
• In connection with a merger, acquisition, or sale of assets (with notice to you)

6. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Data encrypted in transit (TLS/HTTPS) and at rest (AES-256)
• Secure authentication through AWS Cognito
• Regular security assessments and updates
• Access controls limiting employee access to user data

7. Your Rights

You have the right to:

• Access: View all data we hold about you through your account
• Correction: Update your profile information at any time
• Deletion: Delete your account and all associated data through Settings
• Portability: Request an export of your data
• Disconnect: Revoke connected service access at any time

To exercise these rights, visit your Profile settings or contact us at support@pacelab.ai.

8. Data Retention

We retain your data as follows:

• Active accounts: Data retained while your account is active
• Deleted accounts: All personal data permanently deleted within 30 days
• Anonymized analytics: May be retained indefinitely for service improvement

9. Children's Privacy

PaceLab is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

10. International Users

Your data is processed and stored in the United States using Amazon Web Services (AWS). By using PaceLab, you consent to the transfer and processing of your data in the US.

We comply with applicable data protection laws in your jurisdiction:

• European Union & United Kingdom: GDPR and UK GDPR rights including access, rectification, erasure, and data portability
• California, USA: CCPA rights including disclosure and deletion
• Canada: PIPEDA rights including access and correction
• Australia: Privacy Act (APPs) rights
• New Zealand: Privacy Act 2020 rights

To exercise your rights under these laws, visit your Profile settings or contact us at support@pacelab.ai.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our service. Your continued use after such notice constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: support@pacelab.ai