Race Day iOS privacy policy

-

Race Day App Privacy Policy

Last Updated: May 5, 2026 Version: 3.0

Race Day App for iOS allows coaches, parents, and friends of cross country runners to view real-time stats on their runner.

In order for Race Day App to work, it needs to collect some data, which is stored in the cloud. If you do not want this data to be stored, please do not use this app.

This data is used to provide the app's core features, to allow the developer to understand who is using the app, and to debug and improve the app. This data is never sold to third parties.

Race Day App does not permit use by users under the age of 13, in compliance with US law (COPPA).

DATA WE COLLECT

From the Runner's Garmin Watch:

  • App version
  • Device ID
  • Heart rate (beats per minute)
  • Cadence (steps per minute)
  • Distance
  • Time (duration of activity)
  • Activity state (paused, in-progress, etc.)
  • GPS signal strength (signal quality only — not location coordinates)
  • Event ID (unique per event)
  • Lap data (split times at varying intervals throughout the race)
  • Time of activity (derived)

From the Phone App:

  • Account email and username
  • Authentication credentials (passwords are hashed and salted; the developer cannot view them)
  • Device identifiers (for pairing)
  • Runner name/nickname (entered by user)
  • Runner grade (entered by user)
  • Default diagnostic data provided by Apple (crash reports, app install numbers, app deletion numbers, etc)
  • Team ID
  • User's role (e.g., coach, parent, spectator)
  • Last app usage timestamp
  • Team name and info
  • Agreement to Privacy Policy and timestamp

From/With Firebase:

  • Push notification tokens

Race Day App does not collect location data (GPS coordinates).

WHY WE COLLECT THIS DATA

Nearly all data is collected to provide the app's core functionality. The legal bases for processing under GDPR are:

  • Providing the service you signed up for: account data, runner data, watch telemetry, push tokens, team data
  • Legitimate interest (improving and securing the service): app version, device identifiers, last app usage timestamp, diagnostic data
  • Legal obligation: records of consent and policy agreement

The "last app usage timestamp" is also used to let users see that other users are active.



HEALTH DATA Heart rate is health-related data and we treat it carefully. We collect it only to display real-time race telemetry to people you have authorized. You can request deletion of your heart rate data at any time using the contact methods below.

THIRD-PARTY DATA PROCESSORS

We use the following service providers to operate the app. These providers process data on our behalf under their own privacy and security commitments:

  • Amazon Web Services (AWS) — backend hosting and data storage (EC2, EBS). AWS Privacy Notice
  • Google (Firebase Cloud Messaging, Google Forms, and Google Sheets) — push notification delivery (including handoff to Apple's push service) and processing of user data requests submitted via our request form. Google Privacy Policy | Firebase Privacy Information
  • Apple (Apple Push Notification Service) — push notification delivery to iOS devices. Used indirectly via Firebase. Apple Privacy Policy

SECURITY

We protect your data using industry-standard measures, including:

  • Encryption in transit — all data sent between the app and our servers uses TLS.
  • Encryption at rest — data stored on AWS uses EBS encryption.
  • Hashed and salted passwords — passwords are never stored in plain text and cannot be retrieved by the developer.
  • Access controls — only authorized personnel can access backend systems.

No system is perfectly secure. If we become aware of a data breach affecting your personal information, we will notify you in accordance with applicable law.

DATA RETENTION

  • Active race data: Retained until account deletion.
  • Account information: Retained until account deletion.
  • Crash logs: Retained for Apple's default log retention period.

YOUR RIGHTS

You have the right to:

  • Access your data — Email sirlancelot2604@outlook.com to request a copy of your data, or use this form: https://docs.google.com/forms/d/e/1FAIpQLScIKSSBbePkyFqjCr0pmrR-WrXVqUCZpRiBAgAJTojw04qC8g/viewform?usp=header
  • Delete your data — Email the same address to request deletion of your data. Parents may contact us to delete data collected from their child under the age of 18.
  • Correct your data — Email the same address to request correction of inaccurate data.
  • Object to or restrict processing — Email us if you believe data is being processed unlawfully or wish to limit processing.
  • Data portability — Request your data in a machine-readable format.
  • Lodge a complaint — Users in the EU/UK may lodge a complaint with their local data protection authority.

We will respond to verified requests within 30 days.

WHO CAN VIEW YOUR DATA

  • The Developer
  • People on a team you've joined
  • Users with whom you have shared data via a sharing link (note: anyone who has the link may be able to view that data — please share carefully)
  • Users who have paired your watch to their phone

CHILDREN'S PRIVACY

Race Day App is not intended for use by children under the age of 13, and we do not knowingly collect data from users under 13. If we learn we have collected data from a user under 13, we will delete it.

For users between the ages of 13 and 18, parents or legal guardians may contact us to access, correct, or delete their child's data.

CHANGES TO THIS POLICY

We may update this policy from time to time. For material changes, we will notify users through the app or via email at least 14 days before the changes take effect. The "Last Updated" date at the top of this policy will reflect any revisions. Continued use of the app after the effective date constitutes acceptance of the updated policy.

CONTACT

Questions, concerns, or requests regarding this policy or your data: sirlancelot2604@outlook.com, or the form


Last updated May 5, 2026 to clarify health data and add google forms/sheets as a data processor.