Privacy Policy
1. Data Controller
besser als gestern UG (haftungsbeschränkt)
Elisabeth-Emter-Weg 6
79110 Freiburg im Breisgau
Germany
Email: help@race-mind.com
2. Overview
This Privacy Policy explains what personal data we collect when you use the app Race Mind – Triathlon & Running Coach (hereinafter “App”), how we process it, and what rights you have.
The App is intended for users aged 16 and older. We do not knowingly collect data from anyone under the age of 16.
3. What Data We Collect
3.1 Data You Provide Directly
| Category | Examples | Purpose |
|---|---|---|
| Profile data | Name, year of birth, height, weight | Training plan creation, zone calculation |
| Training experience | Experience duration, current weekly volume, available hours | Plan individualization |
| Performance data | Running personal bests, cycling speed, swim pace, heart rate values (Max HR, LTHR, resting HR) | Threshold calculation, race prognosis |
| Health data | Injuries and conditions (name, severity 1–5, body region) | Plan adjustment, injury management |
| Race data | Target race, date, distance, goal time | Training planning, prognosis |
| Availability | Rest days, time slots (AM/PM) | Weekly planning |
| Chat messages | Questions to the coach, feedback, mood check-ins | Coaching responses, plan adjustment |
| Account data | Email address (when linking account via Apple, Google, or email) | Authentication, data recovery |
3.2 Data From Third Parties
| Source | Data | Purpose |
|---|---|---|
| Strava | Training activities (duration, distance, pace, heart rate, power, lap data, elevation, cadence, device name) | Training analysis, baseline calculation, Performance Score |
| Intervals.icu | Training activities and performance data | Training analysis, plan optimization |
| Apple Health / HealthKit | Heart rate variability (HRV), sleep, resting heart rate | Recovery management, readiness check |
Connecting to these services is optional. You can use the App without any connections (manual data entry). When you connect a third-party service, the respective platform’s own privacy policy also applies to the collection and transfer of your data.
3.3 Automatically Collected Data
| Category | Details |
|---|---|
| Technical data | Device type, operating system, app version |
| Usage data | Timestamps of app usage, onboarding progress |
| Anonymous session | An anonymous session ID is created at app launch (no personal identification) |
4. Legal Basis for Processing
| Processing activity | Legal basis |
|---|---|
| Training plan creation, analysis, prognosis, chat coaching | Art. 6(1)(b) GDPR – Performance of a contract |
| Processing health data (injuries, heart rate, HRV) | Art. 9(2)(a) GDPR – Explicit consent |
| Subscription management and payment processing | Art. 6(1)(b) GDPR – Performance of a contract |
| Deletion of inactive anonymous profiles (cleanup) | Art. 6(1)(f) GDPR – Legitimate interest (data hygiene) |
| Connection to Strava, Intervals.icu, Apple Health | Art. 6(1)(a) GDPR – Consent |
Your consent for processing health data is obtained as a mandatory step during onboarding. Since the App’s core functionality (training planning, analysis, injury management) requires processing health-related data, consent is a prerequisite for using the App.
You can withdraw your consent at any time in the App under Settings → Privacy or by emailing us (see Section 9). Withdrawal means the core coaching features of the App can no longer be used.
5. Recipients and Third-Party Services
We use the following service providers to operate the App:
| Service provider | Purpose | Location | Safeguard |
|---|---|---|---|
| Supabase Inc. | Database, authentication, serverless functions | EU (Ireland) | Data processing within the EU |
| Google LLC (Gemini API) | Training plan generation, training analysis, coach chat | USA | EU Standard Contractual Clauses (SCCs) |
| RevenueCat Inc. | Subscription management, in-app purchases | USA | EU Standard Contractual Clauses (SCCs) |
| BuildShip (Rowy Inc.) | Serverless workflow execution (data preparation, metric calculation) | USA | EU Standard Contractual Clauses (SCCs) |
| Strava Inc. | Training import (only when connected) | USA | You authorize access directly with Strava (OAuth) |
| Intervals.icu | Training import (only when connected) | – | You authorize access directly |
| Apple (HealthKit) | Health data (only when shared) | On device | Data stays on your device; only categories you share are read |
Note on third-country transfers: Some of our service providers are based in the USA. We ensure an adequate level of data protection through EU Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs) pursuant to Art. 46(2)(c) GDPR.
6. Data Processing in Detail
6.1 Training Plan Generation
Your profile, performance, and availability data are sent to Google Gemini to create an individualized training plan. In this process:
- No real names are sent to Gemini (only anonymized user IDs)
- Data is used solely for plan calculation and is not used by Google for its own purposes
- Results are stored in our database (Supabase, EU)
6.2 Training Analysis
After each training session, your activity data (imported from Strava, Intervals.icu, or Apple Health) is analyzed:
- Metrics such as Efficiency Factor, Drift, and Pacing are deterministically calculated (no random element)
- The qualitative interpretation is provided by Google Gemini
- You receive a Performance Score (0–100) and actionable coaching advice
6.3 Coach Chat
Your chat messages are sent to Google Gemini along with relevant training context to provide personalized answers. Chat histories are stored in our database.
6.4 Automated Processing
Training plans, metrics, and prognoses are primarily based on deterministic calculations (mathematical formulas, threshold models, workload ratios). Google Gemini provides supplementary qualitative interpretation and coaching text. This does not constitute solely automated decision-making with legal or similarly significant effects within the meaning of Art. 22 GDPR. All outputs are recommendations for fitness purposes — you are free to adjust or disregard them at any time.
6.5 Anonymous Usage and Account Linking
When you start the App, an anonymous session is created. You can initially use the App without personal registration. After onboarding, we recommend linking your account with Apple, Google, or email to enable data recovery on device changes.
7. Data Retention
| Data | Retention period |
|---|---|
| Profile and training data | As long as your account is active |
| Chat histories | As long as your account is active |
| Anonymous profiles without completed onboarding | 48 hours, then automatically deleted |
| Anonymous profiles with subscription, no account link | Until subscription expires + 90 days of inactivity |
| System logs (Gemini Logs) | 90 days, then anonymized or deleted |
| Payment data | Managed by Apple/Google and RevenueCat; we do not store payment information directly |
After account deletion, all personal data is fully removed within 30 days (cascade delete across all linked tables).
8. Data Security
We implement the following technical and organizational measures:
- Row Level Security (RLS): Every database query is restricted to the user’s own ID. You can only access your own data.
- Encryption: All data is encrypted in transit (TLS/HTTPS) and at rest (database encryption).
- OAuth 2.0: Strava and Intervals.icu connections use industry-standard OAuth authentication. We store only access tokens, not your passwords.
- Anonymous authentication: Before account linking, the App operates with an anonymous session – no email or personal identification required.
9. Your Rights
Under the GDPR, you have the following rights:
| Right | Description |
|---|---|
| Access (Art. 15) | You can request to know what data we store about you at any time. |
| Rectification (Art. 16) | Inaccurate data can be corrected. |
| Erasure (Art. 17) | You can request deletion of your account and all data. |
| Restriction (Art. 18) | You can request restriction of processing. |
| Data portability (Art. 20) | You can receive your data in a machine-readable format. |
| Objection (Art. 21) | You can object to processing based on legitimate interests. |
| Withdrawal of consent (Art. 7(3)) | You can withdraw your consent at any time. The lawfulness of processing prior to withdrawal remains unaffected. |
How to exercise your rights:
You can manage your privacy settings directly in the App under Settings → Privacy (including withdrawal of health data consent). Alternatively, send an email to help@race-mind.com. We will respond within 30 days.
Right to lodge a complaint: You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart, Germany
www.baden-wuerttemberg.datenschutz.de
10. Disconnecting Third-Party Services
- Strava: In the App under Settings → Disconnect. Additionally at strava.com → Settings → My Apps.
- Intervals.icu: In the App under Settings → Disconnect.
- Apple Health: In iOS Settings → Privacy & Security → Health → Race Mind → Disable access.
Disconnecting a service stops further data import. Previously imported training data remains in your account until you request deletion.
11. Cookies and Tracking
The App uses no cookies and no tracking in the initial version. Integration of PostHog (product analytics) is planned for a future release. Before activation, you will be informed separately and asked for consent.
12. Push Notifications
Push notifications are planned (e.g., training reminders, coach tips). You can disable push notifications at any time in your device settings. The specific technical service will be disclosed in this Privacy Policy before activation.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time, for example when adding new features or in response to changed legal requirements. We will notify you of material changes via in-app notification. The current version is always available in the App and on our website.
14. Contact
For questions about data protection, you can reach us at:
besser als gestern UG (haftungsbeschränkt)
Elisabeth-Emter-Weg 6
79110 Freiburg im Breisgau, Germany
Email: help@race-mind.com