Privacy Policy

1. Introduction

Pacr ("we", "us", or "our") is a London-based endurance training platform designed for runners, athletes, and coaches.

We are committed to protecting your privacy and ensuring your personal data is handled safely, transparently, and in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy explains what data we collect, how we use it, and your rights as a user.

2. Data We Collect

We collect data in three main categories.

a. Account Information

• Name and email address (authentication is handled by our backend provider; we do not store your password in plain text).
• Profile details such as year of birth (we do not collect or store your full date of birth), sex, height, weight, and training goals.
• Subscription and entitlement information. Payments are processed securely by Stripe (web) and RevenueCat / Apple App Store / Google Play (mobile). We do not store full card details.
• Push notification device tokens (where you have enabled notifications).

b. Training and Activity Data

If you connect a wearable or third-party platform (e.g. COROS, Garmin, Polar, Strava) or record runs in-app, we collect:

• Workout data (distance, pace, duration, route GPS, elevation, splits).
• Biometric metrics from your device (heart rate, cadence, power, RPE if logged).
• Equipment and device information (watch model, firmware version, treadmill model).
• Photos, voice notes, and run media you choose to upload.

c. Communication and Support Data

• Messages between coaches and athletes for in-app training management. To reduce personal-data exposure, chat surfaces display first name and last initial only (e.g. "Jane S.") rather than full names.
• Feedback, bug reports, or feature requests submitted via app or email. Operational logs are scrubbed of raw email addresses and full names.

3. How We Use Your Data

We use collected data to:

• Deliver core features: create, manage, and analyse workouts and training plans.
• Sync wearable and third-party data (e.g. COROS workouts, Strava activities, Garmin push).
• Provide coaching tools: analytics dashboards, performance tracking, and athlete management for connected coach/athlete pairs.
• Improve the product using anonymised, aggregated usage analytics.
• Communicate with you about updates, account issues, or training insights.
• Comply with legal obligations, including tax, payment, and data protection laws.

We do not sell personal data to third parties.

4. Data Storage and Security

Personal data is stored in an encrypted, managed PostgreSQL database operated via Supabase on cloud infrastructure (AWS / GCP). Media (avatars, chat attachments, run photos, share cards) is held in private object storage with per-user access policies (Row-Level Security).

• Data in transit is encrypted via HTTPS/TLS 1.2+.
• Access to personal data is restricted to authorised Pacr personnel only and audited.
• Administrative role assignments are protected by database-level controls and cannot be self-modified.
• Push notifications, support tickets, and coach/athlete actions are gated by server-side authorisation; logs are scrubbed of identifying content.

You may request deletion at any time from within the app or by emailing support@runwithpacr.uk.

5. Third-Party Integrations

When you connect a third-party platform (e.g. COROS, Garmin, Polar, Strava), you authorise Pacr to access specific data under that platform's API terms. We only access and process the data necessary to deliver your chosen features (e.g. workout import/export, structured plan sync, activity upload). You can disconnect integrations at any time from within your Pacr account settings; doing so revokes our token and stops further sync.

6. Legal Basis for Processing

We process your data under the following legal bases:

• Performance of contract: to provide training and coaching services you request.
• Legitimate interest: to improve app functionality, security, and user experience.
• Consent: when you connect third-party accounts, enable location/health permissions, or opt into marketing communications.

7. International Data Transfers

Pacr uses cloud infrastructure (Supabase on AWS/GCP; Apple, Google, Stripe, and RevenueCat for payments and platform services) where servers may be located in the UK, EU, or US. When transferring data outside the UK/EU, we rely on Standard Contractual Clauses (SCCs) to ensure equivalent protection.

8. Your Rights

Under UK GDPR, you have the right to:

• Access your personal data.
• Request correction or deletion.
• Withdraw consent for data processing.
• Request a copy of your data (data portability).
• Lodge a complaint with the UK Information Commissioner's Office (ICO).

To exercise any of these rights, contact support@runwithpacr.uk.

9. Data Retention

• Account, training, and message data are retained while your account is active.
• Discarded / unsaved runs are automatically hard-deleted within 7 days.
• On account deletion, identifiable data is removed from active systems within 30 days, and from backups within 90 days.
• Aggregated, fully anonymised analytics may be retained beyond this period.

10. Children's Privacy

Pacr is intended for users aged 16 and older. We do not knowingly collect or process data from minors under 16. We collect year of birth only (not full date of birth) to verify eligibility and to compute age-derived training metrics such as estimated maximum heart rate.

11. Updates to This Policy

We may update this policy periodically. Updates will be posted to this page with a revised "Last updated" date. If significant changes are made, we will notify you via email or in-app notification.

12. Contact Information

• Email: support@runwithpacr.uk
• Address: Knoll Barn, Church Road, Rotherfield, Crowborough, England, TN6 3LA

Thank you for trusting PACR LTD with your information. Your privacy matters to us.