Privacy Policy

1. Information We Collect

We collect information you provide directly, information generated when you use the Services, and information you authorize us to receive from connected services.

• Account information, such as name, email address, authentication details, subscription status, and account settings
• Running preferences, race selections, target times, pacing preferences, units, route choices, and training preferences
• Location and route information, such as race locations, training locations, start and finish coordinates, GPS tracks, route polylines, and elevation data
• Weather and performance context, such as forecast data, historical weather, calculated wind/heat/elevation impacts, and pacing adjustments
• Payment and entitlement information, such as subscription tier, purchase source, renewal state, and billing identifiers from app stores or payment providers
• Support and communication data, such as messages you send to us and feature interest forms
• Device, usage, log, and analytics data, such as app version, platform, error logs, feature usage, and approximate technical diagnostics

2. Connected Services: Strava, Garmin, and COROS

If you choose to connect Strava, Garmin Connect, or COROS, we process data that you authorize through that provider's connection flow.

Connected-service data may include:

• Provider account identifiers and connection status
• Access tokens, refresh tokens, token expiry times, and granted permissions/scopes
• Activity summaries, such as activity type, name, date/time, distance, duration, pace/speed, elevation, calories, cadence, heart rate, device name, and timezone information
• Activity location data, such as GPS coordinates, route paths, encoded polylines, start/end coordinates, and elevation samples
• Activity details or files, such as laps, splits, samples, streams, FIT-derived data, callback payloads, or provider JSON where available and authorized
• Planned workouts, race workouts, split targets, workout steps, target paces, notes, scheduled workout dates, and delivery/status identifiers

For Garmin and COROS, MeteoPace may send race plans, structured workouts, planned workouts, pacing targets, split guidance, notes, and related information to your connected account or device. Where you authorize activity syncing, MeteoPace may also import activity logs to provide training insights, weather impact analysis, pace analysis, and related features.

We use connected-service data only to provide, maintain, secure, troubleshoot, and improve MeteoPace features. We do not sell connected-service data. We do not use connected-service data to train general-purpose AI models.

You can revoke connected-service access through MeteoPace where available and/or through the third-party provider's account settings. Revoking access stops future syncing, but it may not automatically delete all data already imported into MeteoPace unless the product flow specifically offers deletion or you request deletion from us.

3. How We Use Information

• Provide and maintain the Services
• Authenticate users and protect accounts
• Deliver race weather, pacing, route, heat, wind, elevation, and training insights
• Send workouts, race plans, or planned activities to connected watch platforms when requested
• Sync and analyze activity logs where authorized
• Manage subscriptions, purchases, entitlements, refunds, and billing support
• Provide support, respond to messages, and troubleshoot issues
• Improve reliability, performance, safety, and product quality
• Send service updates and, where permitted, marketing communications
• Prevent fraud, abuse, security incidents, and unauthorized access
• Comply with legal, tax, accounting, app store, payment, and platform obligations

4. Legal Basis for Processing

Where GDPR or UK GDPR applies, we process personal data using the following legal bases:

• Contract performance: to provide the Services you request
• Consent: for connected-service access, marketing communications, non-essential cookies, and where required for health, fitness, location, or activity data
• Legitimate interests: to improve, secure, debug, and operate the Services, prevent fraud, and understand product performance
• Legal obligation: to comply with law, tax, accounting, payment, and regulatory requirements

Some running, activity, health, heart-rate, GPS, or fitness data may be considered sensitive or special-category data in some jurisdictions. Where required, we rely on your explicit consent to process that data. You may withdraw consent by disconnecting the relevant provider or contacting us, but this may limit or disable related features.

5. Information Sharing

We do not sell or rent your personal information.

We may share or process information with:

• Connected services you choose to use, such as Strava, Garmin Connect, and COROS
• Cloud hosting, database, storage, authentication, and infrastructure providers
• Weather and map providers, such as Open-Meteo, MeteoBlue, Apple Weather, Meteomatics, and mapping/geocoding providers, where needed to provide forecast, route, and location-based features
• App stores, payment processors, subscription platforms, and billing providers, such as Apple, Google, RevenueCat, and Paddle, where needed for purchases, entitlements, refunds, and subscription management
• Analytics, crash reporting, logging, email, and customer support providers
• Professional advisers, regulators, courts, law enforcement, or other parties where required by law or necessary to protect rights, safety, and security

When we send workouts or training plans to Garmin or COROS, the relevant workout information is shared with that provider so it can appear in your connected account or on your device.

6. Data Retention

We keep personal data only for as long as needed for the purposes described in this policy, unless a longer period is required by law, accounting obligations, security needs, dispute resolution, or platform requirements.

• Account data: while your account remains active, and for a reasonable period afterward where needed for legal, security, or support purposes
• Subscription and billing records: as required for tax, accounting, payment, refund, and fraud-prevention purposes
• Connected-service tokens: while the connection is active, until revoked, expired, replaced, or deleted
• Synced workouts and activity data: while your account or connection remains active, unless deleted through the product flow or by request, subject to legal and operational limits
• Logs and diagnostics: for a limited period needed for security, troubleshooting, and service reliability

If you disconnect Garmin, COROS, or Strava, we stop using that connection for future syncing. Depending on the feature and provider, you may be able to choose whether imported activities are also deleted. You may also contact us to request deletion.

7. Data Deletion and Your Choices

You may request deletion of your personal data by contacting us at hello@eidrix.com with the subject line "Data Deletion Request".

• Disconnect Strava, Garmin, or COROS from MeteoPace where available
• Revoke access directly in your Strava, Garmin, or COROS account settings
• Delete your MeteoPace account where the product offers account deletion
• Manage app permissions, location permissions, notifications, and tracking choices in your device settings

After deletion, some limited information may remain where necessary for legal compliance, fraud prevention, security, accounting, dispute resolution, backups, or where retention is otherwise permitted by law. Backups may take additional time to expire.

8. Your Rights

Depending on where you live, privacy laws may give you choices and rights over your personal data. For example, you may be able to ask us to:

• Show you the personal data we hold about you
• Correct information that is inaccurate or incomplete
• Delete your personal data where applicable
• Limit or stop certain uses of your data
• Provide a copy of your data in a portable format
• Withdraw consent, including for connected services where consent is the basis for processing
• Stop direct marketing messages

You may also have the right to complain to your local data protection authority. To make a request, contact us at hello@eidrix.com.

9. Cookies and Tracking

We use cookies and similar technologies to operate the Services, remember preferences, measure usage, improve performance, and support security. Where required, we ask for consent before using non-essential cookies or tracking technologies.

You can control cookies through your browser settings and device settings.

10. Security

We use reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, and disclosure. No system is completely secure, and we cannot guarantee absolute security.

OAuth tokens and connected-service credentials are used to provide connected features. You should protect your own account credentials and notify us if you believe your account has been compromised.

11. International Transfers

We may process and store personal data in countries other than your own, including the United Kingdom, European Economic Area, United States, and countries where our service providers operate. Where required, we use appropriate safeguards for international transfers.

12. Children's Privacy

The Services are not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal data, contact us so we can take appropriate action.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify you, such as through the Services or by email.

14. Contact

If you have questions about this Privacy Policy or want to exercise your rights, contact us at hello@eidrix.com.