Privacy Policy

1. What we collect

When you sign up and connect Strava, we collect and store:

  • Your email address and, optionally, your name.
  • Your Strava athlete ID and OAuth tokens, which let us read your activities and update their gear on your behalf.
  • For each run: its name, distance, moving time, start date, and assigned gear.
  • Your shoes from Strava: name, brand, model, total distance, and retired status.
  • Your unit preference (kilometers or miles).
  • Technical session data — your IP address and browser user agent — recorded automatically when you sign in, and kept only while your session is active.

We do not collect or store GPS traces, location data, heart rate, or any other health data.

2. How we collect it

All Strava data is collected through the official Strava API after you explicitly authorize Rotation.run via Strava's consent screen, and through Strava webhooks that notify us when you record, update, or delete an activity. We never access data you have not authorized.

3. How we use it

We use your data for exactly one purpose: emailing you after a run so you can log which shoes you wore, and syncing that choice back to your Strava activity. We do not use your data for advertising, profiling, analytics on your activity data, or AI training, and we never sell or share it with third parties for their own purposes.

Strava may monitor and collect usage data related to our use of the Strava API, as described in the Strava API Agreement.

4. Who processes it for us

We rely on the following processors to operate the service:

  • Neon (database hosting)
  • Resend (transactional email delivery)
  • Vercel (application hosting and anonymous page analytics)

These providers process data only on our instructions. Anonymous page analytics never include your Strava data.

5. How long we keep it

We keep your data for as long as your account exists. When your account is deleted — by you, or because you revoked Rotation.run's access on Strava — all of your data, including activities, gear, and tokens, is permanently deleted from our systems, and we send you an email confirming the deletion completed.

6. Your rights and choices

  • Withdraw consent / delete your data:use the "Delete account" link on the home page, or revoke access at strava.com/settings/apps. Either path deletes everything and is confirmed by email.
  • Access your data: contact us via the footer and we will provide a copy of the data we hold about you.
  • GDPR rights: if you are in the EEA or UK, you additionally have the rights to rectification, restriction, portability, and to lodge a complaint with your supervisory authority.

7. Contact

For privacy questions or requests, use the contact link in the footer. See also our terms of service.