Privacy Policy
StrideYear (“we”, “us”, “our”) is operated by Kenny Geerinck, based in Belgium. This Privacy Policy explains what personal data we collect through the StrideYear mobile application and website (strideyear.com), why we collect it, and your rights under the General Data Protection Regulation (GDPR) and applicable law.
1. Data we collect
We collect only what is necessary to provide the service:
- Account data — email address and display name when you create an account.
- Health & fitness data — running distance, duration, pace, heart rate, elevation, and GPS route data, sourced from Strava, Apple Health, or Google Health Connect with your explicit permission.
- Usage data — your yearly goal, in-app preferences, and trophy progress.
- Waitlist data — email address if you sign up on strideyear.com before launch.
- Purchase data — subscription status managed by RevenueCat; we do not store your payment card details.
2. How we use your data
- To create and manage your account.
- To display your running progress, charts, and trophies inside the app.
- To power social features (friend leaderboards, challenges) if you opt in.
- To process your subscription and unlock premium features.
- To send you a single launch notification email if you joined the waitlist (you can unsubscribe at any time by emailing us).
We do not sell your data. We do not use your health data for advertising.
3. Legal basis (GDPR)
- Contract performance — processing necessary to provide the app and subscription service.
- Consent — access to health/fitness data, which you grant through your device’s permission system and can revoke at any time.
- Legitimate interests — improving app stability and performance.
4. Third-party services
- Supabase — our database and authentication provider. Data is stored on servers within the EU. See supabase.com/privacy.
- Strava — optional integration. We request read-only access to your activities. See strava.com/legal/privacy.
- Google Health Connect / Apple HealthKit — optional integration. Data is read locally on your device and synced to your StrideYear account.
- RevenueCat — subscription management. See revenuecat.com/privacy.
5. Data retention
We retain your data for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where retention is required by law.
6. Your rights (GDPR)
As an EU resident you have the right to:
- Access — request a copy of the data we hold about you.
- Rectification — correct inaccurate data.
- Erasure — request deletion of your account and data.
- Portability — receive your data in a machine-readable format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — revoke health data permissions at any time through your device settings.
To exercise any right, email us at strideyear@hotmail.com. We will respond within 30 days. You also have the right to lodge a complaint with the Belgian Data Protection Authority (dataprotectionauthority.be).
7. Security
We use industry-standard encryption (HTTPS/TLS) for data in transit and Supabase’s built-in security for data at rest. Access to your data is restricted to you and essential service operations.
8. Children
StrideYear is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, contact us and we will delete it promptly.
9. Changes to this policy
We may update this policy as the app evolves. Material changes will be communicated via email or an in-app notice. The “Last updated” date at the top of this page reflects the most recent revision.
10. Contact
Kenny Geerinck — Belgium
strideyear@hotmail.com