← Back to Endurace
Privacy Policy
Last updated: March 2026
1. Introduction
Endurace ("we", "us") respects your privacy. This policy explains what data we collect, how we use it, and your rights regarding your personal data.
2. Data We Collect
Account Information
- Username, email address, and social login provider ID (Google, Apple, or Facebook)
- Display name and optional bio
Activity Data
- GPS coordinates during races (latitude, longitude, altitude)
- Speed, pace, and distance measurements
- Heart rate data (if provided by your device)
- Race results, rankings, and performance statistics
Technical Data
- Device type and browser information
- IP address (for security and rate limiting)
- Usage patterns (pages visited, features used)
3. How We Use Your Data
| Purpose | Legal Basis |
|---|
| Provide the racing service | Contract performance |
| Display leaderboards and profiles | Legitimate interest |
| Anti-cheat detection | Legitimate interest |
| Process payments (via Paddle) | Contract performance |
| Send service notifications | Legitimate interest |
| Improve the service | Legitimate interest |
4. Data Sharing
- Other Users: Your username, display name, race results, and rating are visible to other users (subject to your privacy settings).
- Paddle: Payment information is processed by Paddle (our Merchant of Record). We do not store credit card details.
- Social Login Providers: We receive your name, email, and profile picture from Google, Apple, or Facebook when you sign in. We do not access any other data from these providers.
- We do not sell your personal data to third parties.
5. Your Privacy Controls
You can control the visibility of your profile, race history, and statistics through the privacy settings in your account. Options include public, followers-only, and private.
6. Data Retention
- Account data is retained while your account is active.
- GPS position data from races is retained for 12 months, then aggregated.
- You can request deletion of your account and associated data at any time.
7. Your Rights (GDPR / CCPA)
- Access: Request a copy of your personal data.
- Rectification: Correct inaccurate data.
- Erasure: Request deletion of your data ("right to be forgotten").
- Portability: Receive your data in a machine-readable format.
- Objection: Object to processing based on legitimate interest.
To exercise these rights, contact privacy@endurace.io.
8. Cookies
We use essential cookies (JWT authentication tokens stored in localStorage). We do not use advertising or tracking cookies. No third-party analytics cookies are used.
9. Security
We use encryption (HTTPS), secure token-based authentication (JWT), and rate limiting to protect your data. GPS data is encrypted in transit. However, no system is 100% secure.
10. Children's Privacy
Endurace is not intended for children under 13. We do not knowingly collect data from children under 13.
11. International Transfers
Your data may be processed on servers in the EU (Ireland). Paddle handles tax compliance for all jurisdictions.
12. Changes
We may update this policy. We will notify you of significant changes via email or in-app notification.
13. Contact
Data Controller: Endurace
Email: privacy@endurace.io