Skip to content
Endurance AnalyticsEndurance Analytics

Privacy Policy

Last Updated: March 14, 2026

1. Introduction

Welcome to Endurance Analytics ("we," "our," or "us"). Endurance Analytics is the controller of personal data processed through this website. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website. By using our website, you acknowledge the data practices described in this policy.

2. Information We Collect

2.1 Server Logs

Our server automatically logs standard HTTP request data for security, performance monitoring, and abuse prevention purposes:

  • Data Collected: IP address, HTTP method, requested URL, response status code, user agent, and timestamps.
  • Legal Basis: Legitimate Interest (GDPR Article 6(1)(f)), necessary for ensuring website security, detecting abuse, and improving website performance.

We do not use cookies, trackers, or any client-side analytics. All data collection happens exclusively on the server side through standard HTTP request logging.

2.2 Publicly Available Race Data

We aggregate and display publicly available race results from official race organizer websites, public results databases, and sports federations (such as ITRA, UTMB, and others). This data may include:

  • Athlete names and surnames
  • Nationality or country of representation
  • Race finishing times, splits, and rankings
  • Race category and age group
  • Historical race participation records

Legal Basis: Legitimate Interest (GDPR Article 6(1)(f)). We process this data to provide sports analytics, statistical insights, and historical records for the endurance sports community. This data has been made publicly available by race organizers or official results services.

We do not collect sensitive personal data such as exact dates of birth, home addresses, contact information, or health data of athletes.

2.3 User Account Data

When you create an account on our platform via third-party authentication (Google Account or Strava Account), we may collect:

  • Email address
  • Display name and profile photo (as provided by the authentication provider)
  • Strava athlete ID and activity data (if connected via Strava)

Legal Basis: Consent (GDPR Article 6(1)(a)). You voluntarily create an account and authorize the transfer of this data during the authentication process.

We request only the minimum necessary permissions (scopes) from third-party authentication providers and use the obtained data solely for the features you have explicitly chosen to use.

2.4 Voluntary Communications

If you contact us via email, we collect the information you provide in your message (name, email address, message content) for the purpose of responding to your inquiry.

3. How We Use Your Information

  • Server logs: Security monitoring, intrusion detection, performance optimization, error debugging, understanding aggregate traffic patterns, and compliance with legal obligations.
  • Race data: Providing sports analytics, statistics, visualizations, athlete profiles, race difficulty ratings, and historical comparisons.
  • User account data: Providing personalized features such as athlete profile management, race lists, and user preferences.
  • Communications: Responding to your inquiries and providing support.

4. Your Rights

4.1 General Rights Under GDPR

If you are located in the European Economic Area (EEA) or in a jurisdiction with similar data protection laws, you have the following rights:

  • Right to Access: Request a copy of your personal data that we hold.
  • Right to Rectification: Request correction of inaccurate personal data.
  • Right to Erasure: Request deletion of your personal data (subject to legal retention requirements and the conditions described below).
  • Right to Object: Object to processing based on Legitimate Interest.
  • Right to Data Portability: Request your data in a structured, machine-readable format.
  • Right to Lodge a Complaint: If you believe that our processing of your personal data infringes your rights, you have the right to lodge a complaint with a competent data protection supervisory authority in your country of residence or place of work.

4.2 Athlete Data: Erasure, Objection, Restriction, and Anonymization

If you are an athlete whose personal data appears on our platform through publicly available race results, you have the right to request erasure, restriction of processing, or anonymization of your data.

Identity Verification: Before processing any such request, we may ask you to provide reasonable proof of identity to confirm that the request relates to your own personal data. This is necessary to protect athletes from unauthorized modification or deletion of their records.

Upon receiving and verifying a request, we will review it and respond within one month. Depending on the nature of the request and applicable legal requirements, we may:

  • Anonymize your personally identifiable information by replacing it with an anonymous identifier across our platform.
  • Remove your data from search results on our website.
  • Restrict the display of your personal data.
  • In limited cases, decline the request (in whole or in part) if there are overriding legitimate grounds for continued processing, in which case we will provide a written explanation.

Please note:

  • Aggregated and anonymized statistical data (such as average speeds, finish time distributions, and other non-identifiable metrics) may be retained, as this data cannot be linked back to you.
  • This process applies only to data hosted on our platform. We cannot remove your data from original third-party sources (race organizer websites, official results databases).
  • If you have a user account linked to your athlete profile, deleting your account will also trigger anonymization of your athlete data upon request.

4.3 User Account Deletion

Registered users can request complete deletion of their account and all associated data. Upon account deletion:

  • Your profile, preferences, and any user-generated content will be permanently removed.
  • If requested, your linked athlete data will be anonymized as described in section 4.2.
  • You can revoke this application's access in your Strava settings at any time. Upon revocation, we will automatically delete your Strava data from our servers within 14 days.

To exercise any of these rights, please contact us at contact@endurance-analytics.com.

5. Data Retention

  • Server logs: We configure our server log retention period to 30 days, after which logs are automatically deleted. We do not extend this retention period unless required by law.
  • Race data: Retained for as long as it remains relevant for sports analytics purposes, or until an athlete requests anonymization or erasure.
  • User account data: Retained for as long as the account is active. After account deletion, data is permanently removed within 30 days.
  • Communications: Retained for up to 12 months after the last communication, unless a longer retention is necessary for legal purposes.

6. Third-Party Services

Our website relies on the following third-party services that may process your data:

  • Google Cloud Platform (GCP) Cloud Run — website hosting and server infrastructure. Google Cloud Privacy Policy
  • Gandi.net — domain registration and email forwarding. Gandi Privacy Policy
  • Google OAuth — user authentication (when signing in with Google). Google Privacy Policy
  • Strava API — user authentication and activity data (when connecting a Strava account). Strava Privacy Policy

Our website may also contain links to external sites (e.g., race organizer websites, social media). We are not responsible for the content or privacy practices of these third-party sites.

7. International Data Transfers

Our servers are hosted on Google Cloud Platform, which may process data in data centers located outside the European Economic Area (EEA). Google ensures adequate protection for international data transfers through Standard Contractual Clauses (SCCs) and other mechanisms approved by the European Commission. For more details, see Google's Data Transfer Frameworks.

8. Data Security

We implement reasonable technical and organizational measures to protect your personal data, including encryption in transit (TLS/HTTPS) and access controls. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

9. Children's and Minors' Privacy

Our website is not directed at individuals under the age of 16, and we do not allow direct registration of accounts by minors without the involvement of a parent or legal guardian.

Our platform may display publicly available race results that include data of young athletes (juniors) published by race organizers. If you are a parent or legal guardian and wish to request removal or restriction of a minor's personal data displayed on our platform, we will review and prioritize such requests. Please contact us at contact@endurance-analytics.com.

10. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. Changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically.

11. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or want to request erasure or anonymization of your athlete data, please contact the data controller at:

Endurance Analytics

Email: contact@endurance-analytics.com

← Back to Home

© 2026 Endurance-Analytics. All rights reserved.

Privacy PolicyTerms of ServiceContact