Pace Craft Training — Privacy Policy

Status: v1 draft, not yet attorney-reviewed. Not for production use until a licensed attorney passes on the document and any state-specific requirements (CCPA, OH auto-renew, etc.) are confirmed. Effective date: [TBD on launch] Last updated: [TBD on launch]

This Privacy Policy explains how Pace Craft Training (“Pace Craft,” “we,” “us”) collects, uses, and shares information when you use our coaching service, our website (pacecrafttraining.com), and related products (collectively, the “Service”).

We’ve written this in plain language wherever we can. If you don’t agree with this policy, please don’t use the Service.

Who we are

Pace Craft Training is a coaching concierge service for endurance athletes, based in the United States. You can reach us at privacy@pacecrafttraining.com.

What data we collect

Account data. Your name, email address, password (stored hashed), and billing details. Payment card information is collected and stored by our payment processor (Stripe), not by us — we receive only a token that lets us charge you.

Athlete profile data. Training goals, race calendar, current fitness, injury and medical history you choose to share, weekly availability, and similar information you provide so we can build a coaching plan for you.

Connected-service data. If you connect Strava, Oura, Garmin Connect, Google Calendar, your email, or any other third-party service, we receive the data those services share with us under your authorization. Examples: workouts, heart rate, sleep, recovery scores, calendar events, and emails relevant to your training. You control which services you connect, and you can disconnect any of them at any time.

Communications. Messages you send us (including coaching conversations, support requests, and emails), and messages we send you. On the Elite and Signature tiers, this includes conversations with your coach.

Usage data. Information about how you use the Service: pages visited, features used, dates and times of activity, device and browser information, IP address, and similar diagnostic data.

How we use your data

  • Provide your coaching service. Build and adapt your training plan, monitor recovery, and deliver daily briefings.
  • Concierge auto-scheduling (Pro tier and up). With your authorization, schedule appointments with partner businesses on your behalf. We share with each partner only the information needed to make and execute a booking — typically your name, contact info, and the specific service requested.
  • Operate the Service. Authentication, billing, customer support, security monitoring, fraud prevention, and product analytics.
  • Communicate with you. Service updates, billing notifications, security alerts, and (with your permission) marketing.
  • Improve the Service. We analyze aggregated, de-identified data to improve our coaching methodology and product.

Automated processing and machine-learning providers

We use machine-learning systems and third-party language-model providers to generate coaching plans, daily briefings, and communications. When we send your data to these providers, we do so under data processing agreements that prohibit them from using your data to train their general-purpose models.

We don’t sell your data, and we don’t use your data for advertising. Where the Service makes a recommendation that has a meaningful impact on your training, you remain in control: nothing is acted on without your authorization, and any auto-scheduled booking can be reversed.

Who we share your data with

  • Service providers (hosting, payments, transactional email, analytics, error monitoring, machine-learning providers) — only as needed to operate the Service and only under contracts that limit their use of your data to providing services to us.
  • Partner businesses (Pro tier and up). When you’ve authorized auto-scheduling and we book an appointment for you, we share the booking details with the partner.
  • Your coach (Elite and Signature tiers). Your coach receives the athlete data needed to coach you effectively.
  • Legal compliance. When required by law, subpoena, or court order, or to protect rights, property, and safety.
  • In a business transfer. If we’re acquired or merge, your data may transfer to the successor under terms at least as protective as this policy.

We don’t sell your data, and we don’t share it for cross-context behavioral advertising.

How long we keep your data

  • Account and athlete profile data: while your account is active, plus 24 months after closure.
  • Connected-service data: while you’ve authorized the connection, plus 90 days for backups.
  • Coaching conversations and plans: while your account is active, plus 24 months. You can export and delete these earlier on request.
  • Billing records: 7 years (tax and audit obligations).

You can delete your account at any time. We’ll delete or anonymize your data within 30 days, except where we’re required to retain it for legal reasons.

Your rights

You can:

  • Access the personal data we hold about you.
  • Correct inaccurate data through your account settings or by emailing us.
  • Export your data in a portable format.
  • Delete your account and associated data.
  • Disconnect any third-party integration at any time.
  • Opt out of marketing communications (transactional and service emails will continue).

To exercise these rights, email privacy@pacecrafttraining.com. We’ll respond within 30 days.

California residents

If you’re a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we’ve collected, the right to delete it, the right to correct it, and the right to opt out of any “sale” or “sharing” of personal information (we don’t engage in either). To exercise these rights, email privacy@pacecrafttraining.com.

We don’t discriminate against you for exercising any of your rights.

Security

We use industry-standard technical and organizational measures to protect your data, including encryption in transit and at rest, access controls, and routine security review. No system is perfectly secure, and we can’t guarantee absolute security.

If we discover a data breach affecting your information, we’ll notify you and any required regulators in accordance with applicable law.

Children

The Service is for adults 18 and older. We don’t knowingly collect data from anyone under 18. If you believe a minor has provided us data, contact us and we’ll delete it.

International users

The Service is offered to users in the United States. If you access the Service from outside the U.S., your data will be processed in the U.S. and you should not use the Service if that isn’t acceptable to you under your local law.

Changes to this policy

We’ll update this policy as the Service and legal requirements evolve. When we make material changes, we’ll notify you by email and post a notice in the app at least 14 days before the changes take effect.

Contact us

privacy@pacecrafttraining.com