Privacy Policy

1. Who We Are

Pacewright™ is operated by TwelveTake Studios LLC, a Pennsylvania limited liability company. When we say "we," "us," or "our," we mean TwelveTake Studios LLC. Your data is stored and processed in the United States (Houston, Texas).

2. What We Collect

We collect the following categories of data:

• Account data: Email address, date of birth, gender (optional), timezone, and measurement preferences. We do not store passwords — authentication uses email magic links and passkeys (WebAuthn).
• User-provided health & fitness data: Workout logs you enter manually, running distances, durations, pace, RPE (perceived exertion), training plans, PT test scores, and self-reported injury reports. This data is collected only with your explicit consent.
• Third-party synced data: When you connect a third-party service (such as Strava or Garmin Connect), we sync your activity and health data including distances, durations, pace, heart rate, resting heart rate, body composition, GPS route/location data, and other activity metrics. The specific data synced depends on the service you connect and the permissions you grant. We do not collect biometric or health data directly — it comes only from services you choose to connect.
• Payment data: When paid subscriptions become available, payment will be processed by a third-party provider. We will not store your credit card number. This section will be updated with specific provider details before paid features launch.
• Location data: If you grant location permission, your browser provides approximate coordinates so we can fetch local weather conditions for pace adjustments. Location is sent to our server and forwarded to our weather provider (OpenWeatherMap) — it is not stored in your account or retained after the weather lookup completes. You can revoke location permission at any time in your browser settings, in which case you can set a city manually in your Pacewright profile instead.
• Technical & operational data: Authentication and session data, and limited server logs needed for reliability and security (timestamps, request paths, status codes, and email delivery events). We do not use IP addresses for tracking or advertising, and we minimize retention of technical data.
• Newsletter/beta signup: If you sign up for our beta or newsletter, we collect your email address. This email is used solely for sending you Pacewright product updates and newsletters — nothing else. It is never shared with third parties, never used for advertising, and never combined with app account data. Newsletter emails contain no tracking pixels or link tracking.

3. How We Use Your Data

• Generate and adapt your training plan
• Adjust workout pace targets for current weather conditions (temperature, humidity)
• Calculate performance analytics and predictions
• Score PT test practice results
• Send transactional emails (magic links, renewal reminders)
• Process subscription payments
• Maintain security and reliability of the Service
• Send newsletter and product updates to beta subscribers (if you signed up)

We do not use analytics trackers, advertising pixels, or behavioral profiling tools. We do not build user profiles for advertising. We do not and will not ever profit from user data. Your data is never used to train artificial intelligence or machine learning models. Pacewright's training algorithm is a deterministic, rule-based system built on published sports science — not AI/ML. Your workout history, health data, and personal information are used solely to generate and adapt your training plan, and for no other purpose.

Providing an online service necessarily involves transmitting data through internet infrastructure and service providers (such as our hosting and security providers, and your email provider when we send login links). Those parties may process limited technical metadata (such as IP addresses, timestamps, and delivery logs) for security and reliability under their own policies. We do not direct them to use this data for advertising.

4. Health Data (Special Category)

Health and fitness data is sensitive. Some US state laws (such as Washington's My Health My Data Act) specifically regulate this category of data. We collect health data only with your explicit, separate consent. You may withdraw this consent at any time from your Profile settings.

5. Cookies & Tracking

We use a single session cookie (pacewright_session — httpOnly, Secure, SameSite=Lax) that is strictly necessary for authentication. We do not currently use tracking cookies, advertising pixels, or third-party analytics scripts. Our infrastructure and security providers (e.g., Cloudflare) may set strictly necessary cookies for security or abuse prevention.

6. Service Providers

We use the following service providers to operate Pacewright. This is the complete list — we do not share your data with any party not listed here.

Email is delivered from our own mail server — we do not use a third-party email relay. Recipients' email providers process delivery under their own policies. As we add integrations (activity sync, payment processing, weather data, etc.), this table will be updated before each integration launches.

This list covers providers we intentionally use. It does not enumerate every ISP or network router involved in internet delivery.

7. Data Retention

We retain your data for as long as your account is active. When you delete your account, there is a 7-day grace period during which you can cancel the deletion. You may also choose to skip the grace period and permanently delete all data immediately. Immediate deletion requires multiple confirmation steps — not to inconvenience you, but to make sure there is no way to accidentally and irreversibly delete your data.

Operational logs (web server access logs, application logs, and email delivery logs) are retained for up to 90 days and then deleted. These logs are used solely for debugging, security monitoring, and reliability — not for tracking or profiling.

Server backups are stored on a separate server (Hetzner Cloud, Ashburn, VA) for disaster recovery and redundancy. These backups include the database and may contain user data. Backups are encrypted and access-restricted. When you delete your account, your data is removed from active systems promptly; it will age out of backup rotation on the next backup cycle.

Integration data: If you disconnect a connected service (such as Strava or Garmin Connect), you can choose to keep or delete your imported workout and health data. If a provider notifies us of a deauthorization, we remove data sourced from that provider within 48 hours.

Newsletter subscribers: If you unsubscribe from our newsletter, your email address is removed immediately. You can unsubscribe at any time via the link in any newsletter email.

When we say your data is deleted, we mean deleted from active systems promptly. Operational logs that may contain request metadata roll off on their 90-day schedule.

8. Your Rights

Depending on your jurisdiction, you have the right to:

• Access your data (Profile > Account > Export)
• Delete your data (Profile > Account > Delete)
• Withdraw consent for health data processing
• Request information about what data we hold
• Object to processing of your data

You can exercise these rights through the in-app controls listed above or by emailing privacy@pacewright.com . We will verify your identity using the email address associated with your account and respond within 30 days. If you disagree with our response, you may reply to request a review.

9. Do Not Sell My Personal Information

We do not sell your personal information. Under CCPA/CPRA, you have the right to opt out of the sale of personal information. As we do not sell personal information, no opt-out action is needed. If our practices ever change, we will update this policy and provide a mechanism to opt out.

10. Geographic Scope

The Service is directed to users in the United States and is not offered to individuals located in the European Union, European Economic Area, or United Kingdom. The Service is not intended for use by individuals located in those regions. We do not track or verify your location for this purpose and rely on your self-attestation.

Data is stored and processed in the United States, governed by US law for purposes of this policy and our Terms of Service. If our ability to serve additional regions changes in the future, we will update our compliance approach accordingly.

11. Children

Pacewright is not intended for users under 16 years of age. We do not knowingly collect data from anyone under 16. If we learn that we have collected data from a user under 16, we will delete it promptly.

12. Changes to This Policy

We may update this policy from time to time. Changes apply going forward from the date of update. We will notify you of material changes via email. Where required by law, we will obtain your consent before changes take effect. Continued use of the Service after non-material changes constitutes acceptance.