Privacy Policy
Last updated: July 14, 2026
This policy explains what Race Lab collects, why, and who can see it. The short version: we collect what's needed to run your training, your gym's coach and crew can see the training activity you share with them, and we don't sell your data.
1. What we collect
- Account data — name, email, password (stored hashed), division and experience level, and your role (athlete or coach).
- Training data — your race dates, generated training cycles, focus track, logged results (times, RPE, notes).
- Gym membership — which gym you belong to and when you joined.
- Sign-in with Google or Apple — the name and email those providers share; we never see your password with them.
- Billing — for gym licenses, our payment provider processes your card; we store the plan, subscription status, and provider references, never card numbers.
- Device data — a push-notification token if you enable notifications on your device, and standard technical logs (IP address, requests) for security and reliability.
2. How we use it
- To generate and deliver your training program, anchored to your race date.
- To run shared benchmark boards and crew features within your gym.
- To send push notifications you've opted into — every notification type can be turned off in settings.
- To serve your personal training-calendar feed if you subscribe to it.
- To bill gym subscriptions, prevent abuse, and keep the Service running.
- To improve programming using aggregated, de-identified training data.
3. Who can see your data
- Your gym's crew — if you join a gym, your name and logged shared-benchmark results appear on that gym's boards.
- Your gym's coach — sees roster-level training compliance (what you've logged and when) and your recent sessions.
- Platform administrators — our staff can see tenant-level account data to operate and support the Service.
- Service providers — payment processing, push-notification delivery (Apple/Google), and hosting providers process data on our behalf.
- We do not sell your personal data, and we don't share it with advertisers.
4. Calendar feeds
Your training-calendar feed is served at a private, unguessable URL. Anyone with that URL can read your schedule, so treat it like a password — you can reset it at any time in the app, which immediately revokes the old link.
5. Data retention
We keep your data while your account is active. If you delete your account, personal data is deleted or de-identified within 30 days, except records we must keep for legal, billing, or security reasons. Results already posted to a gym's shared boards are removed with your account.
6. Your rights
You can access and update your profile in the app, export your training data by asking us, opt out of any notification category in settings, leave a gym at any time, and delete your account. Depending on where you live you may have additional rights (access, correction, deletion, portability) — contact us and we'll honor them.
7. Security
Passwords are hashed, traffic is encrypted in transit, tenant data is scoped so gyms can't see each other, and access by staff is limited and logged. No system is perfectly secure; if a breach affects your data we'll notify you as required by law.
8. Children
The Service is not directed to children under 16, and we don't knowingly collect their data.
9. Changes
We'll post updates here and, for material changes, notify you in the app or by email before they take effect.
10. Contact
Privacy questions or requests: [email protected].