Privacy Policy

1. Data Controller

Leon Zajchowski, operating under the business name paced.coach

Petersauer Strasse 34, 68307 Mannheim, Germany

Contact: support@paced.coach

2. Data Categories

• Account data, such as email address, authentication identifiers, and account metadata
• Profile data, athlete context, and training preferences
• Connected training provider and activity data that you authorize us to access
• Analysis, plan, recap, and coaching outputs generated in the service
• Technical logs for security, stability, and error analysis
• Support communications and account administration records
• Subscription and billing status data where trials or paid subscriptions are used

3. Purposes and Legal Bases

• Providing the platform, connected training data workflows, and coaching outputs (GDPR Art. 6(1)(b))
• Service operations, security, abuse prevention, and quota enforcement (GDPR Art. 6(1)(f))
• Compliance with legal obligations, for example tax, accounting, and retention duties (GDPR Art. 6(1)(c))
• Processing health related training data based on consent where required (GDPR Art. 9(2)(a))

4. Recipients and Processors

We share personal data only with processors that are necessary to operate the service:

• Hosting and delivery: Render (application servers, worker services, database) and Vercel (web application delivery). These providers may process data in the regions and network locations they make available to the service.
• Authentication: Clerk (user sign-in, session management). Processes email address and authentication metadata.
• Operational monitoring: Sentry may receive technical error and diagnostics data from the API or worker services so that we can detect failures and keep the service stable.
• AI inference: Anthropic and OpenAI (coaching analysis, plan generation, summaries, and related product features). Training and activity data may be sent to these providers when required to generate an output in the service.
• Connected training providers: When you connect a supported training provider, data is fetched based on your explicit authorization and is not shared back. Authorization credentials (OAuth tokens) are encrypted at rest using authenticated encryption and are never stored in plaintext or logged. While a provider is connected, data may be synced automatically on a recurring schedule to keep your coaching analysis current. Supported providers are listed in the app.
• Billing: Where paid access is available through checkout, Paddle may act as merchant of record for checkout, invoicing, tax, and payment processing. Paddle is identified in checkout and on invoices where billing is used.

We do not sell personal data. Data is shared with processors only for the purposes described above.

5. AI and Connected Device Data Transparency

If you connect a supported training source, imported activity, recovery, and related fitness data may be processed by AI systems to generate workout analysis, a season roadmap, a 28-day plan, daily coaching, and related summaries.

These outputs may combine connected-provider data, user-provided context, account history, and AI-generated reasoning. Connected-provider data remains one of the underlying sources used to prepare those outputs.

The service is intended to provide coaching support and training guidance. It is not intended to make fully automated decisions with legal or similarly significant effects.

Where consent is required for health-related or AI processing, we rely on that consent. You can stop future source imports by disconnecting the provider and can request deletion of stored data through our support and deletion channels.

6. International Transfers

Some of our processors operate outside the EU/EEA, in particular in the United States (Clerk, Anthropic, OpenAI, Vercel). Where personal data is transferred to countries without an EU adequacy decision, we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission, supplemented by additional technical and organizational measures where appropriate.

7. Retention

• Account and content data is stored while your account is active.
• When in-app account deletion succeeds, local account data is removed from active application systems as part of that flow. Requests sent by email or support are handled within applicable legal timelines.
• Tax, accounting, and invoice records may be retained for the periods required by law.
• Backup copies may continue to contain historical snapshots until they are overwritten in the normal disaster recovery cycle.

8. Cookies and Tracking

paced.coach currently relies on essential session and authentication technologies, including Clerk where account access is enabled. Operational monitoring may also process technical diagnostics. If non-essential analytics, marketing cookies, or similar tracking technologies are introduced later, this page will be updated before they are used.

9. Your Rights

You have rights to access, rectification, erasure, restriction, data portability, and objection. You can withdraw consent at any time with effect for the future.

You can also lodge a complaint with a data protection supervisory authority, especially in your place of residence or the place of the alleged infringement.

10. Deletion and Contact

Deletion details are available on Delete Account + Data. For support and privacy requests, use Support. Where paid access is offered through checkout, this page and the checkout flow identify the billing provider and the applicable subscription management path.