Privacy Policy

Last updated: April 30, 2026

race.fit is an AI-powered training coach for endurance athletes. This policy explains what data we collect, why we collect it, who we share it with, and how to delete your account.

Data we collect

From you directly:

• Your name, email, and profile photo (via Google sign-in)
• Optional: phone number, for SMS coaching
• Race goals, training history, fitness numbers (FTP, threshold pace, CSS), body weight
• Free-form chat messages you send to your AI coach

From connected services (only if you connect them):

• Strava — your activities, including duration, distance, heart rate, power, cadence, route polylines, and per-second power streams for cycling activities. We never read your Strava follows, comments, or messages.
• Google Calendar — we only create, update, and delete calendar events the race.fit app itself owns. We never read events created by other apps or other users on your calendar. The scope we request is calendar.events; we do not request calendar.readonly or full calendar access.

How we use your data

• Generate personalized training plans and adjust them as you train
• Push planned workouts to your Google Calendar (if you connect it)
• Send SMS coaching messages and respond to your replies
• Compute training load metrics (TSS, CTL, ATL, TSB) from your activities
• Send your activity data and chat messages to Anthropic's Claude API to power AI coaching

We do not sell your data, run advertising on it, or use it to train any machine learning model.

Subprocessors we share data with

• Anthropic — workout details, activity metrics, and chat messages, for AI coaching responses
• Strava — activity sync (only what we receive from them)
• Google — workout calendar events
• Twilio — SMS messages (when you opt in)
• Fly.io — application hosting and PostgreSQL database
• Upstash — Redis queue for background jobs

Google API Services User Data Policy

race.fit's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we only use Google Calendar data to push and manage workout events on your behalf inside the race.fit product. We do not transfer this data to others unless required to provide the service, do not use it for advertising, and do not allow humans to read it except (a) with your explicit consent, (b) for security purposes, or (c) to comply with law.

Data retention and deletion

We retain your account data while your account is active. You can request full deletion at any time by emailing [email protected] — we'll delete your athlete record, workouts, activities, plans, chat history, and tokens within 30 days. Disconnecting Google Calendar from settings revokes our access immediately and deletes our copy of your OAuth tokens.

Security

All traffic is HTTPS. OAuth tokens and credentials are stored encrypted at rest in our PostgreSQL database. We follow standard practices for password hashing, secret management via Fly.io's encrypted secret store, and principle-of-least-privilege access for our team.

Children

race.fit is not directed to children under 13 and we do not knowingly collect data from them.

Changes to this policy

We'll update this page if our practices change. The "Last updated" date at the top reflects the most recent revision.

Contact

Questions, requests, or complaints: [email protected]