GridRunGP Privacy Policy

Overview

GridRunGP ("GridRunGP," "we," "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what information we collect or access, how it is used, and the choices you have regarding your data.

GridRunGP is not affiliated with, endorsed by, or sponsored by any motorsport organization, Strava, Inc., or any other third-party fitness platform.

Sources of Activity Data

GridRunGP may process activity data from the following sources:

• GridRunGP Run Recorder – activity data recorded directly within the GridRunGP app using your device's GPS
• Strava – running activities imported via Strava's OAuth API when you connect your Strava account
• Garmin Connect – running activities pushed automatically via Garmin's webhook API when you connect your Garmin account
• Apple Health (HealthKit) – running workouts read from Apple Health on your iOS device, including data from Apple Watch or other connected fitness devices (e.g., COROS, Fitbit)

The type and amount of data available to GridRunGP depends on the source and the permissions you grant. You must explicitly authorize each connection before any data is accessed.

Data We Collect from the GridRunGP Run Recorder

When you record a run using the GridRunGP app, we may collect:

• Activity type (e.g., run)
• Distance and duration
• Activity start time and timestamps
• GPS location data (latitude, longitude, altitude) recorded as part of activity stream data
• Summary-level performance metrics
• Device or session identifiers necessary for recording and syncing

GPS coordinates are collected and stored as part of activity streams. Verification scoring uses distance and time data; raw coordinates are not used for scoring and are not publicly displayed as route maps.

Data We Access from Connected Platforms

When you connect Strava or Garmin Connect, or grant Apple Health (HealthKit) access, GridRunGP may access the following activity data:

• Activity type (e.g., run, walk)
• Distance, duration, and elapsed time
• Activity start date and time
• GPS location data (latitude, longitude, altitude) collected as part of activity stream data
• Heart rate data, when available from your fitness device (e.g., Apple Watch, Garmin watch)
• Elevation and altitude data
• Calories burned
• Summary-level activity metadata (pace, speed)
• Athlete or account identifier provided by the platform
• Device and source app information

This data is classified as health and fitness data. It is accessed only with your explicit authorization and used solely to support GridRunGP features such as challenge verification, leaderboards, and progress tracking.

Health Data from Apple Health (HealthKit)

On iOS devices, GridRunGP can read workout data from Apple Health with your permission. This may include data originally recorded by Apple Watch, Garmin, COROS, Fitbit, or other devices that sync to Apple Health. The data accessed includes:

• Workout type, distance, duration, and calories
• Workout start and end times
• GPS route data (latitude, longitude, altitude) associated with the workout
• Heart rate samples recorded during the workout
• Source device and app name

GridRunGP does not write any data to Apple Health. All HealthKit data access requires your explicit permission through the iOS Health permissions dialog, and you can revoke access at any time through your device's Settings.

What We Do Not Collect

GridRunGP does not collect or store:

• Continuous background location monitoring outside of active run recording
• Audio, video, or background sensor data unrelated to fitness activities
• Payment or financial information
• Advertising, marketing, or behavioral profiling data
• Medical or clinical health data (diagnoses, medications, lab results)

While GridRunGP does collect and store GPS coordinates as part of activity stream data, verification scoring uses only distance and time data — raw coordinates are not used for scoring and are not publicly displayed as route maps. Heart rate data may be displayed to the user in their activity details. We intentionally minimize data collection to reduce privacy risk.

How We Use Your Data

We use activity and health/fitness data only to:

• Verify participation in challenges using distance, time, and activity metrics
• Calculate distances, lap times, rankings, and summaries
• Display leaderboards, progress views, and visualizations
• Detect and prevent fraudulent or implausible activity submissions (e.g., speed checks, distance/time integrity analysis)
• Deduplicate activities that appear across multiple connected platforms
• Operate and improve core GridRunGP features

All activity verification and scoring is rule-based — we do not use artificial intelligence or machine learning to process your activity or health data. Heart rate data may be displayed to the user within their own activity details. We do not use your data for advertising, resale, health profiling, or unrelated analytics.

Data Storage and Retention

Activity data may be stored as long as necessary to support GridRunGP features such as:

• Active challenges
• Historical results
• Personal progress views

We aim to retain data only while it serves a clear, user-facing or operational purpose.

Data Deletion and User Rights

You may:

• Revoke access to connected platforms at any time through the GridRunGP Connections section or the third-party platform's settings (e.g., Strava, Garmin Connect, or iOS Health Settings for Apple Health)
• Request deletion of your GridRunGP account and all associated data, including health and fitness data, through our Account Deletion page or by emailing delete@gridrungp.com

Upon request or account deletion, we will delete your associated data — including all activity data, GPS data, heart rate data, and stream data — within a reasonable timeframe, unless retention is required for legitimate operational or legal reasons.

Data Sharing

GridRunGP does not sell, rent, or trade user data.

We use Supabase (database and authentication) and Netlify (serverless functions) for data processing and storage. These providers are used solely to operate the GridRunGP service. We do not sell, share, or provide user data to any other third parties for marketing, advertising, or any other purpose.

Security

We take reasonable technical and organizational measures to protect data from unauthorized access, misuse, or disclosure. However, no system can be guaranteed to be 100% secure.

Children's Privacy

GridRunGP is not intended for children under the age of 16. We do not knowingly collect personal data from children.

Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of GridRunGP after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy or would like to request data deletion, please contact:

Email: support@gridrungp.com