Privacy Policy

Last updated: February 28, 2026

Pacia ("we", "us", or "our") operates the pacia.app platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address, display name, and preferred language. If you sign in via Google OAuth, we receive your name and email address from Google — we do not receive or store your Google password.

1.2 Profile & Training Data

To generate personalised training plans, we collect information you provide such as your date of birth, gender, weekly running volume, longest recent run, target race details, and training preferences.

1.3 Wearable & Activity Data

When you connect a wearable provider (Garmin Connect, Strava), we receive activity data from those services, including: activity type, date, duration, distance, pace, heart rate, cadence, elevation, and GPS route data (GPX/FIT/TCX files). We only access the data scopes you explicitly authorise.

Garmin Connect: We use the Garmin Health API to receive activity summaries and workout files that you authorise. We do not access your Garmin account credentials. You can revoke access at any time from your Pacia profile connections page or from the Garmin Connect app.

Strava: We use the Strava API v3 to receive activity data that you authorise. We do not access your Strava account credentials. You can revoke access at any time from your Pacia profile connections page or from Strava settings.

1.4 AI Interaction Data

When we generate training plans or analyse your sessions using AI, we store the model used, a hash of the prompt, the knowledge base chunks referenced, and the generated output. We do not share your personal data with third-party AI providers — your data is processed on our own infrastructure.

1.5 Cookies & Technical Data

We use essential cookies for session management and CSRF protection. With your consent, we may use analytics cookies to understand how the Service is used. We collect standard server logs (IP address, browser type, pages visited) for security and performance monitoring.

2. How We Use Your Information

  • To create and manage your account
  • To generate personalised AI-powered training plans
  • To analyse your running sessions and provide coaching insights
  • To sync activity data from connected wearable providers
  • To send transactional emails (login codes, alerts)
  • To improve the Service and fix bugs
  • To comply with legal obligations

3. Data Sharing & Disclosure

We do not sell, rent, or trade your personal data. We may share information only in the following circumstances:

  • Service providers: Hosting, email delivery, and payment processing partners who act on our behalf under strict data processing agreements.
  • Legal requirements: When required by law, court order, or governmental authority.
  • With your consent: When you explicitly authorise sharing with a third party.

4. Data Retention

We retain your data for as long as your account is active. If you delete your account, your personal data is soft-deleted immediately and permanently erased within 30 days. Activity files (GPX/FIT/TCX) are permanently erased within 90 days of account deletion.

5. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access — Request a copy of the personal data we hold about you.
  • Rectification — Request correction of inaccurate data.
  • Erasure — Request deletion of your data ('right to be forgotten').
  • Data portability — Export your data in a machine-readable format.
  • Restrict processing — Request that we limit how we use your data.
  • Object — Object to processing of your data for certain purposes.
  • Withdraw consent — Withdraw consent at any time where processing is based on consent.

You can exercise your data access, export, and deletion rights directly from your profile settings. For other requests, contact us at the address below.

6. Security

We implement industry-standard security measures to protect your data, including encrypted connections (TLS), encrypted storage of sensitive tokens (OAuth tokens), rate-limited authentication, and regular security audits. However, no method of electronic transmission or storage is 100% secure.

7. Third-Party Services

Our Service integrates with the following third-party services:

  • Garmin Connect — Activity data sync via Garmin Health API
  • Strava — Activity data sync via Strava API v3
  • Google — OAuth sign-in
  • Stripe — Payment processing

Each of these services has its own privacy policy. We encourage you to review their policies. You can disconnect any third-party service from your profile connections page at any time.

8. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete that information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by displaying a prominent notice on the Service. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Email: privacy@pacia.app