Privacy Policy

Introduction

State of Stride ("we," "us," or "our") operates stateofstride.com (the "Website"), the State of Stride mobile applications for iOS and Android (the "Mobile Apps"), and companion watch applications for Apple Watch and Wear OS (the "Watch Apps"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Website, Mobile Apps, and Watch Apps (collectively, the "Services").

We approach your privacy with the same care and intention we bring to running. Your data belongs to you—we're simply here to help you practice excellence.

Please read this Privacy Policy carefully. By accessing or using our Services, you agree to this Privacy Policy. If you do not agree, please discontinue use of our Services.

1. Information We Collect

1.1 Information You Provide to Us

Account Information:

• Email address
• Password (encrypted and never stored in plain text)
• Name
• Date of birth or age
• Physical metrics (weight, height)
• Preferred units of measurement (metric or imperial)
• Runner experience level

Purchase Information (Web Shop):

• Shipping address
• Billing information (processed securely by our payment processor—we do not store full payment card details)
• Order history

User-Generated Content:

• Run reflections (journal entries and notes)
• Photos you upload to your reflections
• Training goals and preferences

1.2 Information Automatically Collected

Mobile & Watch Apps - Location Data:

• Precise GPS location data during active run tracking sessions
• Route maps and elevation data
• Location data is only collected when you actively start a run
• You can use treadmill mode to track runs without GPS
• Location tracking stops immediately when you end a run

Mobile & Watch Apps - Device Information:

• Device type and operating system
• App version
• Device identifiers (for crash reporting and analytics)
• Camera access (mobile only, when you choose to add photos to reflections)
• Heart rate data (watch apps only, with your permission)

Mobile & Watch Apps - Crash Reporting & Performance Data:

• Crash reports and error stack traces (collected automatically when the app encounters a problem)
• App performance metrics (e.g., screen load times, app startup duration, network request timing)
• Device model, operating system version, and app version
• Anonymous device identifier used to group related events (not linked to your account or personal identity)
• Diagnostic context immediately preceding an error (e.g., recent navigation, app interactions)

Website - Usage Data:

• Browser type and version
• Pages visited and time spent
• Referring website
• IP address (anonymized)
• Cookies and similar tracking technologies
• Product analytics events (e.g., pages viewed, links and buttons clicked, sign-up and checkout steps reached)
• Session replays — recordings of your interactions with the Website (mouse movement, clicks, scrolling, and page navigation) used to understand and improve the experience. Text you type into form fields (such as your password, email, and profile details) is automatically masked and is not captured in these recordings.

Run Data:

• Distance, duration, pace, and splits
• Heart rate data (if connected to compatible devices)
• Elevation gain/loss
• Workout type (outdoor or treadmill)
• Personal records and achievements

2. How We Use Your Information

We use your information to:

2.1 Provide and Improve Services

• Process and display your run data
• Generate personalized training plans
• Calculate personal records and achievements
• Sync your data across devices
• Provide customer support
• Improve app performance and fix bugs

2.2 Enable Core Features

• GPS tracking during runs (mobile and watch apps)
• Store and display run reflections with photos
• Track progress and unlock milestone achievements
• Enable offline functionality and data sync between devices
• Process shop orders (web)

2.3 Communications

• Send transactional emails (account verification, password resets, order confirmations)
• Respond to your inquiries
• Send important service updates (we do not send marketing emails without your explicit consent)

2.4 Legal and Safety

• Comply with legal obligations
• Protect against fraudulent or illegal activity
• Enforce our Terms of Service

3. How We Share Your Information

We do not sell your personal information. State of Stride is not a social platform—your runs, reflections, and data are private by default.

We may share your information only in the following limited circumstances:

3.1 Service Providers

We work with trusted third-party service providers who help us operate our Services:

• Supabase (database hosting and authentication)
• Vercel (website hosting)
• Stripe (payment processing for shop purchases)
• Apple/Google (in-app subscription payments)
• Anthropic (AI coaching service — generates personalized training plans)
• Sentry (crash reporting and performance monitoring — helps us identify and fix bugs)
• PostHog (product analytics and session replay for the Website — helps us understand how visitors use the site)

These providers are contractually obligated to protect your data and may only use it to provide services to us.

3.2 AI Coaching Service

State of Stride uses Anthropic's AI service to generate personalized training plans. When you request a training plan, the following data is sent to Anthropic:

• Running experience level and training history
• Training goals and race targets
• Preferred training days and available time
• Estimated pace information

No health data, GPS location data, personal contact information, or payment details are shared with Anthropic. Your data is used solely to generate your training plan and is not retained by Anthropic after processing. You will be asked for explicit consent before any data is sent.

3.3 Crash Reporting and Performance Monitoring

State of Stride uses Sentry (operated by Functional Software, Inc.) to collect crash reports, error data, and basic performance metrics from the Mobile Apps and Watch Apps. This helps us identify and fix issues to improve app stability and performance. The data sent to Sentry includes:

• Crash reports and error stack traces
• Device model, operating system version, and app version
• App performance metrics (load times, network request timing)
• Recent navigation history and app interactions leading up to an error

We do not link this data to your personal identity, share it with advertisers, or use it for tracking purposes across other apps or services. Crash reporting data is used solely for application functionality and quality improvement. For more information, see Sentry's privacy policy at https://sentry.io/privacy/.

3.4 Website Analytics and Session Replay

On our Website (not the Mobile or Watch Apps), we use PostHog (operated by PostHog, Inc., United States) for product analytics and session replay to understand how visitors navigate the site and to improve it. The data collected includes:

• Analytics events such as pages viewed, buttons and links clicked, and sign-up or checkout steps reached
• Session replays that record on-page interactions — mouse movement, clicks, scrolling, and navigation — so we can see how the site is actually used
• Approximate location (derived from IP address), browser, and device type
• Console and network performance information to help diagnose errors

Text you type into forms — including your password, email, name, and other profile details — is automatically masked and is not captured in session replays. Recordings may include account information (such as your name or email) where it is displayed on the screen of a signed-in page. We use this data solely to understand and improve the Website experience. We do not sell it or use it for cross-site advertising.

Data is processed in the United States. For more information, see PostHog's privacy policy at https://posthog.com/privacy.

3.5 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

3.6 Business Transfers

If State of Stride is acquired or merged with another company, your information may be transferred as part of that transaction. We will notify you of any such change.

4. Data Storage and Security

4.1 Where We Store Data

Your data is stored on secure servers provided by Supabase, with server locations in the United States. All data transmission is encrypted using industry-standard SSL/TLS protocols.

4.2 How We Protect Data

• All passwords are encrypted using bcrypt hashing
• GPS data and photos are transmitted over encrypted connections
• We implement row-level security on our database
• Regular security audits and monitoring
• Offline data on your device is stored securely in encrypted local storage

4.3 Data Retention

• Account Data: Retained while your account is active
• Run Data: Retained indefinitely unless you delete specific runs
• Photos: Retained until you delete them
• Deleted Data: Permanently removed within 30 days of deletion

Note: We cannot recover data once it has been permanently deleted.

5. Your Rights and Choices

5.1 Access and Control

You have the right to:

• Access all personal data we hold about you
• Update or correct your information via account settings
• Delete specific runs, reflections, or photos
• Delete your entire account and all associated data
• Export your data (run history, reflections, photos)

5.2 Location Data Controls (Mobile & Watch)

• Grant or revoke location permissions in your device settings
• Use treadmill mode to track runs without GPS
• Location data is only collected during active run sessions
• Control heart rate data collection through your watch settings

5.3 Marketing Communications

We do not send marketing emails by default. If we introduce marketing communications in the future, you will have the right to opt out at any time.

5.4 Cookies (Website)

You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.

6. Children's Privacy

State of Stride is not intended for users under 13 years of age. We do not knowingly collect information from children under 13. If we discover we have collected information from a child under 13, we will delete it immediately.

Users aged 13-17 should use our Services only with parental consent.

7. International Users

State of Stride is based in the United States. If you access our Services from outside the U.S., your information will be transferred to, stored, and processed in the United States. By using our Services, you consent to this transfer.

7.1 GDPR Rights (European Users)

If you are in the European Economic Area, you have additional rights under GDPR:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

To exercise these rights, contact us at team@stateofstride.com.

7.2 CCPA Rights (California Users)

California residents have the right to:

• Know what personal information we collect
• Know whether we sell or disclose personal information (we do not sell your information)
• Access your personal information
• Request deletion of your personal information
• Opt out of the sale of personal information (not applicable—we don't sell data)

To exercise these rights, contact us at team@stateofstride.com.

8. Third-Party Links

Our Services may contain links to third-party websites or services (e.g., when you "Shop on Web" from the mobile app). We are not responsible for the privacy practices of these third parties. Please review their privacy policies before providing them with any information.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Updating the "Last Updated" date at the top of this policy
• Sending an email notification (if we have your email)
• Displaying a prominent notice in the app or website

Your continued use of our Services after changes take effect constitutes acceptance of the updated policy.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: