Legal

Privacy Policy

Last updated: July 2026

PacecraftAI ("we", "our", "us") is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights as a user of our AI running coach platform at pacecraft.fit.

By using PacecraftAI, you agree to the practices described in this policy. If you do not agree, please do not use our services.


1. Information We Collect

We collect information you provide directly and information generated by your use of the platform:

  • Account data — name, email address, and Google OAuth profile when you sign in
  • Running data — runs you log manually or sync via Strava (distance, pace, duration, heart rate, temperature, perceived effort)
  • Training preferences — your goal race, weekly availability, preferred run times, and coaching preferences
  • Conversation data — messages you send to the AI coach and the responses generated
  • Device & usage data — browser type, IP address, pages visited, and interaction events (via PostHog analytics)
  • Push notification subscriptions — if you opt in to browser push notifications, we store your subscription endpoint

2. How We Use Your Data

  • Provide and personalise your AI coaching experience
  • Generate and adapt your training plan based on your performance
  • Send proactive coaching messages, reminders, and race countdown notifications
  • Analyse training load and flag injury risk
  • Improve the platform through aggregated, anonymised usage analytics
  • Communicate with you about your account and service updates

We do not sell your personal data to third parties.

3. Third-Party Services

PacecraftAI uses the following third-party services that may process your data:

  • Anthropic (Claude) — AI language model that powers coaching responses. Messages are processed to generate replies and are subject to Anthropic's data handling policies.
  • Google OAuth — for sign-in only. We receive your name, email, and profile picture.
  • Strava — if you connect Strava, we access your activity data via the Strava API under your authorisation.
  • PostHog — anonymous product analytics to understand how users interact with the platform.
  • Google Analytics — site traffic analytics.
  • Railway — cloud infrastructure that hosts the platform and stores your data.

4. Data Retention

We retain your account data and training history for as long as your account is active. If you delete your account, your personal data is permanently removed within 30 days, except where we are required to retain it for legal or compliance purposes.

Conversation history is retained to provide continuity of coaching. You may request deletion at any time.

5. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Object to or restrict certain processing
  • Request a portable copy of your data

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

6. Cookies

PacecraftAI uses essential cookies for authentication (JWT session token stored in localStorage) and analytics cookies via PostHog and Google Analytics. No advertising or tracking cookies are used.

7. Security

All data is transmitted over HTTPS. Your data is stored on Railway's cloud infrastructure with industry-standard access controls. We do not store raw passwords — authentication is handled via Google OAuth.

8. Children's Privacy

PacecraftAI is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the platform or emailing you. Continued use of PacecraftAI after changes constitutes acceptance of the updated policy.


Questions?

Contact us at [email protected]. We aim to respond to all privacy enquiries within 2 business days.