DE EN

Privacy Policy

Last updated: April 2026

1. Data Controller

besser als gestern UG (haftungsbeschränkt)
Elisabeth-Emter-Weg 6
79110 Freiburg im Breisgau
Germany

Email: help@race-mind.com

2. Overview

This Privacy Policy explains what personal data we collect when you use the app Race Mind – Triathlon & Running Coach (hereinafter “App”) and our website race-mind.com (hereinafter “Website”), how we process it, and what rights you have.

The App is intended for users aged 16 and older. We do not knowingly collect data from anyone under the age of 16.

3. What Data We Collect

3.1 Data You Provide Directly

Category	Examples	Purpose
Profile data	Name, year of birth, height, weight	Training plan creation, zone calculation
Training experience	Experience duration, current weekly volume, available hours	Plan individualization
Performance data	Running personal bests, cycling speed, swim pace, heart rate values (Max HR, LTHR, resting HR)	Threshold calculation, race prognosis
Health data	Injuries and conditions (name, severity 1–5, body region)	Plan adjustment, injury management
Race data	Target race, date, distance, goal time	Training planning, prognosis
Availability	Rest days, time slots (AM/PM)	Weekly planning
Chat messages	Questions to the coach, feedback, mood check-ins	Coaching responses, plan adjustment
Account data	Email address (when linking account via Apple, Google, or email)	Authentication, data recovery

3.2 Data From Third Parties

Source	Data	Purpose
Strava	Training activities (duration, distance, pace, heart rate, power, lap data, elevation, cadence, device name)	Training analysis, baseline calculation, Performance Score
Intervals.icu	Training activities and performance data	Training analysis, plan optimization
Garmin Connect	Training activities (duration, distance, pace, heart rate, power, lap data, elevation, cadence, device name)	Training analysis, baseline calculation, workout push to watch
Apple Health / HealthKit (iOS)	Heart rate variability (HRV SDNN), resting heart rate, sleep duration and stages	Recovery assessment, training readiness
Google Health Connect (Android)	Heart rate variability (HRV RMSSD), resting heart rate, sleep sessions and stages	Recovery assessment, training readiness

Connecting to these services is optional. You can use the App without any connections (manual data entry). When you connect a third-party service, the respective platform’s own privacy policy also applies to the collection and transfer of your data.

3.3 Automatically Collected Data

Category	Details
Technical data	Device type, operating system, app version, error reports (crash logs via Sentry)
Usage data	Timestamps of app usage, onboarding progress
Anonymous session	An anonymous session ID is created at app launch (no personal identification)

3.4 Data Processing on Our Website (race-mind.com)

In addition to using the App, we also process personal data when you visit our Website or contact us through it.

Website Hosting and Server Log Files

When you access our Website, the hosting provider automatically collects and stores information in server log files that your browser transmits automatically. This includes:

Browser type and version
Operating system
Referrer URL (the previously visited page)
Hostname of the accessing device
Time of server request
IP address

This data is processed exclusively by the hosting provider (GitHub Pages) as part of operating the Website. We do not store server log files ourselves and do not have access to this data. This data is not merged with other data sources.

Purpose: Ensuring a smooth connection, system security, and technical reliability of the Website.
Legal basis: Art. 6(1)(f) GDPR. The legitimate interest lies in the secure and error-free provision of the Website.

Contact Form and Email Contact

If you send us inquiries via the contact form on the Website or by email, your details from the inquiry form (name, email address) including the message you entered are stored for the purpose of processing your request and in case of follow-up questions. We do not share this data without your consent.

Purpose: Processing and responding to your individual inquiry.
Legal basis: If your inquiry relates to the conclusion of a contract (e.g., questions about subscriptions or app usage), the legal basis is Art. 6(1)(b) GDPR (performance of a contract or pre-contractual measures). In all other cases, processing is based on our legitimate interest in effectively handling inquiries directed to us under Art. 6(1)(f) GDPR.
Retention: The data you enter in the contact form remains with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been fully processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

4. Legal Basis for Processing

Processing activity	Legal basis
Training plan creation, analysis, prognosis, chat coaching	Art. 6(1)(b) GDPR – Performance of a contract
Processing health data (injuries, heart rate, HRV)	Art. 9(2)(a) GDPR – Explicit consent
Deletion of inactive anonymous profiles (cleanup)	Art. 6(1)(f) GDPR – Legitimate interest (data hygiene)
Connection to Strava, Intervals.icu, Garmin Connect, Apple Health	Art. 6(1)(a) GDPR – Consent

Your consent for processing health data is obtained as a mandatory step during onboarding. Since the App’s core functionality (training planning, analysis, injury management) requires processing health-related data, consent is a prerequisite for using the App.

You can withdraw your consent at any time by deleting your account in the App under Settings → Legal → Delete Account or by emailing us (see Section 9). Withdrawal means the core coaching features of the App can no longer be used.

5. Recipients and Third-Party Services

We use the following service providers to operate the App and Website:

Service provider	Purpose	Location	Safeguard
Supabase Inc.	Database, authentication, serverless functions	EU (Ireland)	Data processing within the EU
Google LLC (Gemini API)	Training plan generation, training analysis, coach chat	USA	EU Standard Contractual Clauses (SCCs)
Google LLC (Firebase Cloud Messaging)	Push notification delivery (FCM to Android devices)	USA	EU Standard Contractual Clauses (SCCs), Data Privacy Framework
Strava Inc.	Training import (only when connected)	USA	You authorize access directly with Strava (OAuth)
Garmin International, Inc.	Training import, workout push to watch (only when connected)	USA	You authorize access directly with Garmin (OAuth); EU Standard Contractual Clauses (SCCs)
intervals.icu Ltd	Training import (only when connected)	UK (operator); data processing in Germany/Finland	You authorize access directly (OAuth); EU data processing; UK adequacy decision
GitHub Inc. (GitHub Pages)	Website hosting and server log files	USA	EU Standard Contractual Clauses (SCCs), Data Privacy Framework
Sentry (Functional Software, Inc.)	Error and crash monitoring of the App	EU (Frankfurt)	EU hosting (Sentry EU/Frankfurt), Data Processing Agreement (DPA), data processing within the EU
IONOS SE	Domain registration and DNS for race-mind.com	Germany	Data Processing Agreement (DPA), data processing within the EU
Expo, Inc.	Push notification delivery (relay to Apple APNs and Google FCM)	USA	EU Standard Contractual Clauses (SCCs)

Note on third-country transfers: Some of our service providers are based in the USA. We ensure an adequate level of data protection through EU Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs) pursuant to Art. 46(2)(c) GDPR.

6. Data Processing in Detail

6.1 Training Plan Generation

Your profile, performance, availability, and — if provided — injury data are sent to Google Gemini to create an individualized training plan. In this process:

No real names are sent to Gemini (only anonymized user IDs)
Data is used solely for plan calculation and is not used by Google for its own purposes
Results are stored in our database (Supabase, EU)

6.2 Training Analysis

After each training session, your activity data (imported from Strava, Intervals.icu, or Apple Health) is analyzed:

Metrics such as Efficiency Factor, Drift, and Pacing are deterministically calculated (no random element)
The qualitative interpretation is provided by Google Gemini
You receive a Performance Score (0–100) and actionable coaching advice

6.3 Coach Chat

Your chat messages are sent to Google Gemini along with relevant training context to provide personalized answers. Chat histories are stored in our database.

6.4 Health Data (Apple Health / Google Health Connect)

If you choose to connect Apple Health (iOS) or Google Health Connect (Android), the App reads the following data locally on your device:

Heart rate variability (HRV) – SDNN (iOS) or RMSSD (Android)
Resting heart rate
Sleep duration and stages (e.g., deep sleep, REM, light sleep)

This data is used to calculate your daily Training Readiness – a recovery indicator that helps you decide whether to train as planned, reduce intensity, or take a rest day.

How the data is processed:

Health data is read directly from Apple Health / Health Connect on your device via the respective platform APIs
Daily summaries (HRV, resting HR, sleep duration) are transmitted to our database (Supabase, EU) and stored in the wellness_daily table, linked to your user ID
If you also have Intervals.icu connected, health data from that source takes priority; Apple Health / Health Connect data only fills in missing values
Apple Health / Health Connect data (HRV, resting heart rate, sleep) is never shared with third parties, used for advertising, or sent to AI services. Injury information you enter during onboarding may be included in AI-based plan generation (see Section 6.1).
On first connection, the App backfills the last 14 days of health data to establish a stable baseline

Connecting Apple Health or Health Connect is entirely optional. You can use all other features of the App without it. You can disconnect at any time in the App under Settings → Connections, which stops further data synchronization. Previously synced data remains in your account until you request deletion.

Legal basis: Art. 9(2)(a) GDPR – Explicit consent (you actively choose to connect and grant permissions via the platform’s permission dialog)

6.5 Automated Processing

Training plans, metrics, and prognoses are primarily based on deterministic calculations (mathematical formulas, threshold models, workload ratios). Google Gemini provides supplementary qualitative interpretation and coaching text. This does not constitute solely automated decision-making with legal or similarly significant effects within the meaning of Art. 22 GDPR. All outputs are recommendations for fitness purposes — you are free to adjust or disregard them at any time.

In accordance with Art. 50 of Regulation (EU) 2024/1689 (AI Act), we inform you that the coach chat, training plans, and analysis texts are generated with the assistance of an AI system (Large Language Model). AI-generated content is labeled accordingly in the App.

6.6 Anonymous Usage and Account Linking

When you start the App, an anonymous session is created. You can initially use the App without personal registration. After onboarding, we recommend linking your account with Apple, Google, or email to enable data recovery on device changes.

7. Data Retention

Data	Retention period
Profile and training data	As long as your account is active
Chat histories	As long as your account is active
Anonymous profiles without completed onboarding	48 hours, then automatically deleted
System logs (Gemini Logs)	90 days, then anonymized or deleted

After account deletion, all personal data is fully removed within 30 days (cascade delete across all linked tables).

8. Data Security

We implement the following technical and organizational measures:

Row Level Security (RLS): Every database query is restricted to the user’s own ID. You can only access your own data.
Encryption: All data is encrypted in transit (TLS/HTTPS) and at rest (database encryption).
OAuth 2.0: Strava, Garmin Connect, and Intervals.icu connections use industry-standard OAuth authentication. We store only access tokens, not your passwords.
Anonymous authentication: Before account linking, the App operates with an anonymous session – no email or personal identification required.

9. Your Rights

Under the GDPR, you have the following rights:

Right	Description
Access (Art. 15)	You can request to know what data we store about you at any time.
Rectification (Art. 16)	Inaccurate data can be corrected.
Erasure (Art. 17)	You can request deletion of your account and all data.
Restriction (Art. 18)	You can request restriction of processing.
Data portability (Art. 20)	You can receive your data in a machine-readable format.
Objection (Art. 21)	You can object to processing based on legitimate interests.
Withdrawal of consent (Art. 7(3))	You can withdraw your consent at any time. The lawfulness of processing prior to withdrawal remains unaffected.

How to exercise your rights:

You can delete your account and all associated data directly in the App under Settings → Legal → Delete Account. This also withdraws any previously given consent. Alternatively, send an email to help@race-mind.com. We will respond within 30 days.

Right to lodge a complaint: You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart, Germany
www.baden-wuerttemberg.datenschutz.de

10. Disconnecting Third-Party Services

Strava: In the App under Settings → Disconnect. Additionally at strava.com → Settings → My Apps.
Garmin Connect: In the App under Settings → Disconnect. Additionally at connect.garmin.com → Account Settings → Connected Apps.
Intervals.icu: In the App under Settings → Disconnect.
Apple Health / Health Connect: In the App under Settings → Connections. Additionally, you can revoke the App’s access in your device’s health settings (iOS: Settings → Health → Data Access; Android: Settings → Health Connect → App permissions).

Disconnecting a service stops further data import. Previously imported training and health data remains in your account until you request deletion.

11. Cookies and Tracking

The App and the Website use no cookies and no tracking. Integration of PostHog (product analytics) is planned for a future release of the App. Before activation, you will be informed separately and asked for consent.

12. Push Notifications

The App uses push notifications to remind you of training sessions, send coach tips, and deliver other relevant updates. Push notifications are delivered via the Expo Push Notification Service (Expo, Inc.), which acts as a relay to Apple Push Notification Service (APNs) on iOS and Firebase Cloud Messaging (FCM) (Google LLC) on Android. Firebase Cloud Messaging is a service of Google LLC (USA); data transfer is based on EU Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework.

For delivery, a device-specific push token (Expo Push Token) is generated and stored in our database (Supabase, EU). This token is a technical identifier tied to your device and app installation — it does not contain personal information such as your name or email address.

Push notifications are optional. You can disable them at any time in your device settings (iOS: Settings → Notifications → Race Mind; Android: Settings → Apps → Race Mind → Notifications).

Purpose: Delivery of training reminders, coaching tips, and app-related updates.
Legal basis: Art. 6(1)(b) GDPR – performance of a contract (notifications as part of the coaching service); Art. 6(1)(f) GDPR – legitimate interest (general product updates).

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example when adding new features or in response to changed legal requirements. We will notify you of material changes via in-app notification. The current version is always available in the App and on our website.

14. Contact

For questions about data protection, you can reach us at:

besser als gestern UG (haftungsbeschränkt)
Elisabeth-Emter-Weg 6
79110 Freiburg im Breisgau, Germany

Email: help@race-mind.com