Privacy Policy for Pacing App

Last Updated: 26th December 2025

1. Introduction

Welcome to Pacing (“the App”), provided by Practicable LTD (“we,” “us,” or “our”). Practicable LTD is a company based in the UK and is committed to protecting your privacy in compliance with the General Data Protection Regulation (GDPR) and other relevant data protection laws.

This Privacy Policy outlines how we handle information when you access or use the Pacing iOS application. We believe in transparency and data minimization.

By accessing or using the Pacing App, you acknowledge that you have read and understood the terms of this Privacy Policy. If you do not agree with any part of this Privacy Policy, you must not access or use the Pacing App.

2. Information We Process (and What We Don’t)

We prioritize your privacy and significantly limit the data we process.

2.1. Data Stored Locally on Your Device (Not Processed by Us)

The core functionality of the Pacing App relies on data stored exclusively on your own device. This includes:

• Your created workout plans and structures.
• Your settings and preferences within the App.
• Any workout history or logs generated through your use of the App (if applicable).

Practicable LTD does not access, collect, or store this local data on our servers. You have full control over this data. You can modify or delete it at any time using the App’s features or through standard iOS application data management (including uninstalling the App, which will remove its associated local data).

Important Note on Local Data: By default, this data resides solely on your device, and you are responsible for its backup and security. Practicable LTD cannot recover this local data if your device is lost, damaged, reset, or if the App is deleted. Data loss due to device failure or user action is outside of our control. If you enable the optional Cloud Backup feature (see Section 2.4), your data will also be stored on our servers, providing backup and restore capabilities.

2.2. Information We Do Not Collect

Reflecting our commitment to data minimization, we do not collect, store, request, or transmit any Personally Identifiable Information (PII) for core app functionality. This includes, but is not limited to:

• Personal Details: Your name, phone number, age, gender, etc. Exception: If you enable the optional Cloud Backup feature, we collect your email address for account verification and recovery purposes (see Section 2.4).
• Account Information: The App does not require user accounts or registration for core functionality. Exception: The optional Cloud Backup feature requires email-based account verification (see Section 2.4).
• Location Data: We do not collect, track, or store your precise GPS location data in any backend service. All data stays local on your device.
  • Except when you explicitly choose to share it with third-party services (currently just posting to Strava). In such cases, the GPS data of your workout will be uploaded to Strava, and you should review and understand Strava’s Privacy Policy: https://www.strava.com/legal/privacy.
• Device Contacts, Photos, or Files: The App does not access personal files on your device.

2.3. Information Collected Automatically (Processed by Us)

To maintain and improve the quality, stability, and functionality of the Pacing App, we collect limited, non-personally identifiable information automatically when you use the App. Our lawful basis for processing this anonymous data under GDPR is our Legitimate Interest in understanding app usage to improve our service for all users, ensuring the impact on individual privacy is minimal due to the anonymous and aggregated nature of the data.

This data includes:

• Usage Data: Aggregated information about interactions, such as screens viewed, features used (e.g., workout creation), session duration, and UI element interactions (button taps). This data is aggregated across users and cannot identify you.
• Workout Analytics: Aggregated, statistical information about workout structures used within the app (e.g., types of intervals created, average number of intervals). This contains no personal metrics or location information.
• Anonymous Performance Data: Anonymized technical information like crash reports (without personal context) and general device characteristics relevant to performance (e.g., OS version, device model type) for debugging and optimization.

Crucially, all automatically collected data is:

• Anonymous after 90 days: Not linked to any identifier that could single you out.
• Aggregated: Analyzed for trends across many users.
• No Personal Context: Contains no PII.

Beyond the analytics described, when you use certain features of the Pacing App (such as workout or plan generation), identifiable backend request logs are stored with the full data. These logs may include workout summaries and details necessary to process your request and are linked to your Support ID (found in the App’s settings). These will not include any GPS data.

• Both analytics and logs may contain coarse location inferred from IP address.
• Retention: These identifiable logs are kept for up to 60 days, after which they are anonymised.
• Deletion Requests: You may request deletion of these logs before the 60-day period by emailing support@pacing.run and quoting your Support ID.
• Processor:
  • Analytics are processed by Posthog EU. Please also review Posthog’s Privacy Policy for more details (https://posthog.com/privacy).
  • Error reports are processed by Sentry EU. Please also review Sentry’s Privacy Policy for more details (https://sentry.io/privacy/).
  • Other request logs are processed by Axiom. Please also review Axiom’s Privacy Policy for more details (https://axiom.co/docs/legal/privacy).

2.4. Cloud Backup Feature (Optional)

The Pacing App offers an optional Cloud Backup feature that allows you to back up your workout data to the cloud and restore it when switching devices. This feature is entirely optional and can be disabled in settings. The data practices described in this section only apply if you choose to enable Cloud Backup.

2.4.1. Enabling Cloud Backup

To use Cloud Backup, you must:

• Provide and verify a valid email address (via email PIN, Google Sign-In, or Apple Sign-In).
• Explicitly enable the Cloud Backup feature within the App’s settings or onboarding.

Only one device can be actively backed up per account at a time. When you restore to a new device, that device becomes the active backup device.

You can disable Cloud Backup at any time through the App’s settings. When disabled, no new data will be uploaded to our servers, though previously backed-up data will remain until you explicitly delete it. You will need to re-verify your email to do so, or email (for that address) support@pacing.run.

2.4.2. Data We Store When Cloud Backup is Enabled

When you enable Cloud Backup, the following data is transmitted to and stored on our servers:

• Email Address: Used for account verification, authentication, account recovery, and service-related communications (see Section 2.4.7). Your email address is stored securely and will not be shared with third parties for marketing purposes.
• Workout Data: Your created workout plans, structures, and configurations.
• Settings and Preferences: Your in-app settings and preferences.
• Workout History: Any workout logs and execution records generated through your use of the App.

2.4.3. How We Protect Your Backed-Up Data

We take the security of your backed-up data seriously:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using industry-standard TLS (Transport Layer Security).
• Compression: Your data is compressed before transmission for efficiency.
• Optional End-to-End Encryption: You may set an encryption password within the App. When set, your backed-up data is encrypted on your device before upload and can only be decrypted with your password. We cannot access or recover data encrypted with your password if you forget it.
  • What is encrypted: Workout GPS data, heart rate data, workout structures, and timestamps are encrypted when you set an encryption password.
  • What is not encrypted: The date and total distance of completed or planned workouts remain unencrypted to enable efficient incremental sync operations (so only changes need to be transferred rather than your entire dataset).
• Access Controls: Access to backed-up data is protected by your verified email account.

2.4.4. Your Control Over Backed-Up Data

You have full control over your backed-up data:

• Disable Backup: You can disable Cloud Backup at any time in the App’s settings. This will stop new data from being uploaded but will not automatically delete data already stored on our servers.
• Delete Backed-Up Data: You can delete all your backed-up data from our servers at any time by:
  • Using the “Delete Cloud Data” option in the App’s settings, or
  • Emailing support@pacing.run with the subject line “Cloud Backup Data Deletion Request” and providing the email address associated with your account.
• Restore Data: You can restore your backed-up data to a new device by signing in with your verified email account.

2.4.5. Data Retention for Backed-Up Data

• Active Accounts: Your backed-up data is retained for as long as Cloud Backup remains enabled and your account is active.
• Data Deletion: Upon request to delete your backed-up data, we will permanently delete all associated data within 30 days.
• Inactive Accounts: If Cloud Backup remains disabled for a period of 24 months and no activity is detected, we may delete the associated backed-up data after providing 30 days’ notice to your registered email address.

2.4.6. Lawful Basis for Processing Backed-Up Data

Our lawful basis for processing your backed-up data under GDPR is Contract Performance (Article 6(1)(b) GDPR), as the processing is necessary to provide you with the Cloud Backup service you have requested by enabling this feature.

2.4.7. Service Communications

If you enable Cloud Backup, we may occasionally use your email address to contact you for:

• Service Notifications: Important updates about the Cloud Backup service, including maintenance, security issues, or changes to terms.
• Product Feedback: Requests for feedback to help us improve the Pacing App. These communications will be infrequent and directly related to your use of the App.

We will not use your email address for third-party marketing or sell it to advertisers. You may opt out of non-essential communications (such as feedback requests) by contacting support@pacing.run. Essential service notifications related to your account security or significant service changes cannot be opted out of while Cloud Backup remains enabled.

Our lawful basis for these communications under GDPR is Legitimate Interest (Article 6(1)(f) GDPR), as we have a legitimate interest in maintaining service quality and gathering user feedback, balanced against minimal impact on your privacy given the limited and relevant nature of these communications.

2.5. Purchases and Installs (RevenueCat)

We use RevenueCat to manage in-app purchases, subscriptions, and installs. RevenueCat provides us with a unique ID, known as the Support ID, which becomes the user ID used throughout the App and backend services.

• This ID is not tied to your Apple ID, Google Account, name, or other personal identifiers.
• RevenueCat processes purchase receipts and subscription status to ensure your access to premium features.
• For more details, please review RevenueCat’s Privacy Policy: https://www.revenuecat.com/privacy/

2.6. Share Links

The Pacing App allows you to generate shareable links to workouts you have created. These links are designed to make it easy to share your workout structures with others.

• Public Nature of Links: Any person who has access to a share link will be able to view the workout details contained in that link.
• No Authentication: Share links are not password-protected or restricted; they are accessible to anyone who has the link.
• User Responsibility: Please be mindful when sharing these links, as they may be forwarded or accessed by unintended recipients.
• Data Included: Share links contain only the workout structure you created (e.g., intervals, durations, rest periods). They do not include personal identifiers, GPS data, or workout history.
• Irrevocability: Once generated, share links cannot be deleted or revoked by Practicable LTD on your behalf. If you no longer wish others to access a workout you have shared, you must stop distributing the link.

3. How We Use Your Information

Logs and analytics data are only retained in an identifiable form for up to 60 days to help prevent abuse, resolve support requests, and maintain the reliability and stability of the system. In detail:

• Providing and Improving the Service: Understanding usage to identify popular features, detect areas for improvement, maintain stability, and enhance functionality.
• Analytics and Performance: Analyzing statistical usage patterns, diagnosing technical issues (like crashes), optimizing performance, and ensuring service quality.
• Feature Development: Guiding decisions about future updates based on anonymised and aggregated data.

We do not use this anonymous data for advertising, user profiling, or any purpose other than improving the Pacing App.

4. Disclosure of Your Information

We do not sell, rent, or trade any information. We only share information in the following limited circumstances:

• Service Providers (for Analytics): We may utilize third-party analytics services to help us process and understand the anonymous, aggregated data (Section 2.3). These providers act as Data Processors on our behalf. We ensure they are contractually obligated (including via Data Processing Agreements) to handle this data securely, maintain its anonymity, use it only for providing analytics services to us, and comply with GDPR standards. If these providers are located outside the EU/EEA, we ensure appropriate safeguards (like Standard Contractual Clauses) are in place.
• Service Providers (for Cloud Backup): If you enable Cloud Backup (Section 2.4), your data is stored on Cloudflare’s infrastructure. Cloudflare acts as a Data Processor on our behalf. Please review Cloudflare’s Privacy Policy for more details: https://www.cloudflare.com/privacypolicy/
• Business Transfers: In the event of a merger, acquisition, financing, reorganization, or sale of assets involving Practicable LTD, data assets (including backed-up data, if applicable) may be transferred. We will ensure the receiving party agrees to uphold the principles of this Privacy Policy regarding any transferred data.
• Legal Requirements: We may disclose information if required by law or in the good faith belief that such action is necessary to comply with a legal obligation (especially under EU or member state law), protect and defend our rights or property, prevent fraud, or protect against legal liability.

5. Data Retention

We retain the aggregated analytics data (Section 2.3) only for as long as necessary to fulfill the legitimate purposes outlined in Section 3 (e.g., trend analysis, performance monitoring). Once no longer needed, we securely delete or further anonymize it. Data stored locally on your device (Section 2.1) is retained according to your own actions (e.g., until you delete the app or data). You may request deletion of any identifiable data before the 60-day period by emailing support@pacing.run and quoting your Support ID, which is found in the settings page of the app.

Cloud Backup Data Retention: If you have enabled the Cloud Backup feature (Section 2.4), your backed-up data is retained as described in Section 2.4.5. You may request deletion of your backed-up data at any time by using the in-app deletion option or by contacting privacy@pacing.run.

6. Security

We implement reasonable technical and organizational measures designed to protect the information we process from loss, misuse, and unauthorized access or disclosure. For Cloud Backup data (Section 2.4), we provide optional end-to-end encryption with a user-controlled password. However, no electronic transmission or storage is 100% secure. Security of the data stored locally on your device (Section 2.1) is your responsibility.

7. International Data Transfers

Practicable LTD is based in the European Union. The anonymous analytics data is processed by Posthog Cloud EU and will stay within the EU. Cloud Backup data (if enabled) is stored on Cloudflare’s globally distributed infrastructure with appropriate safeguards in place for international transfers.

8. Children’s Privacy

The Pacing App is not intended for use by individuals under the age of 16 (or the applicable age of digital consent in your EU member state if lower, but not less than 13) without parental consent. We do not knowingly collect any information, anonymous or otherwise, from children under this age. If we become aware that we have inadvertently collected information from a child, we will take steps to delete it. If you are a parent or guardian and believe your child has provided us with information, please contact us at privacy@pacing.run.

9. Your Rights and Choices under GDPR

As Practicable LTD is based in the EU, you have certain rights under the GDPR regarding data processing.

• Rights Regarding Local Data: As explained in Section 2.1, your primary workout data is stored locally. You have direct control to access, modify, and erase this data through the App or your device settings at any time. These GDPR rights are effectively exercised directly by you on your device.

• Rights Regarding Anonymous Analytics Data: Regarding the anonymous data we process based on legitimate interest (Section 2.3):

  • Right to Object: You have the right to object to our processing of this anonymous data based on your particular situation.
  • Right to Restriction of Processing: You may have the right to request the restriction of processing under certain circumstances.
  • Other Rights (Limited Applicability): Rights like access, rectification, erasure, and data portability concerning personal data are generally not applicable to the anonymous analytics data we process, as it is not linked to you and we cannot identify your specific data within the aggregated, anonymized dataset.

• Rights Regarding Cloud Backup Data (if enabled): If you have enabled the Cloud Backup feature (Section 2.4), you have full GDPR rights regarding your backed-up personal data, including:

  • Right of Access: Request a copy of your backed-up data.
  • Right to Rectification: Correct inaccurate data (typically done directly through the App).
  • Right to Erasure: Request deletion of your backed-up data and account.
  • Right to Data Portability: Your data can be restored to your device at any time through the App.
  • Right to Withdraw Consent: Disable Cloud Backup at any time to stop future data uploads (note: this does not automatically delete previously backed-up data; see Section 2.4.4 for deletion options).

  To exercise these rights, contact privacy@pacing.run or use the relevant options in the App’s settings.

• Exercising Your Rights: To exercise your right to object or inquire about restriction concerning the anonymous analytics data, please contact us at privacy@pacing.run.

• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of data relating to you infringes GDPR.

10. Third-Party Links and Services

The Pacing App itself does not contain third-party links, but this policy may be hosted online. If you access this policy via a website that contains links, be aware we are not responsible for the privacy practices of those other sites.

11. Changes to This Privacy Policy

We may update this Privacy Policy occasionally to reflect changes in our practices, legal requirements, or App functionality. We will revise the “Last Updated” date when we do. If material changes occur, we will provide notice through appropriate means. Your continued use of the Pacing App after changes constitutes your acceptance of the revised policy. Please review this policy periodically.

12. Contact Us - Data Controller

Practicable LTD, based in the European Union, is the Data Controller for the data processed under this policy, including Cloud Backup data if you enable that feature.

If you have any questions, comments, concerns about this Privacy Policy, our data practices, or wish to exercise your GDPR rights (like the right to object), please contact our privacy team at:

Email: privacy@pacing.run