Skip to content
TrailUP
TrailUP

Privacy Policy

Last updated: April 2026

1. Introduction

Welcome to TrailUP ("we," "our," or "us"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the TrailUP trail running training platform ("Service"), including our website at trailup.run and the TrailUP web application.

By using TrailUP, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

  • Email address — for authentication and communication
  • Full name — for personalization
  • Date of birth, country, gender — for plan calibration

2.2 Training Data

  • Running experience, weekly mileage, training preferences
  • Heart rate data (maximum HR, resting HR, aerobic/anaerobic thresholds)
  • Target race information (distance, elevation, date)
  • Workout completion records, actual duration, distance, and effort

2.3 Strava Integration (Optional)

If you choose to connect your Strava account during onboarding, we use Strava's official OAuth flow to obtain your explicit consent before accessing any of your Strava data.

What data we collect: with your authorization, we fetch summaries of your activities from the last 91 days where the activity type is Run, Trail Run, Virtual Run, Hike, or Walk. For each activity we read distance, duration, elevation gain, heart-rate averages, and start time.

How we use it: we summarize your own activities into your own weekly training profile (your weekly distance, weekly time, weekly elevation, and longest single run) and present those values to you as a pre-fill for the onboarding question about your recent training. You review the values, edit anything that looks wrong, and confirm. The values you confirm are saved to your account profile.

What we do not do with Strava data:

  • We do not combine your Strava data with other users' data.
  • We do not run cross-user analytics, customer-insights generation, or product-improvement analyses on Strava data, in either raw or de-identified form.
  • We do not feed Strava data into AI or machine-learning systems.
  • We do not display your Strava data to any other user.
  • We do not sell, rent, license, or share Strava data with third parties.
  • We do not use Strava data for advertising or targeting.

Tokens and ongoing access: we do not store Strava access tokens or refresh tokens. Immediately after the one-time fetch, we call Strava's deauthorization endpoint to revoke our access. There is no persistent connection to your Strava account and no webhook subscription.

How to withdraw consent: because we deauthorize at the end of the sync, there is no active connection for you to disconnect. To prevent any future sync, simply do not click "Connect with Strava" again. To revoke any past authorization separately, you can do so at any time from your Strava account settings at strava.com/settings/apps.

How to request deletion: the values originally derived from your Strava activities live on your TrailUP profile and are deleted whenever you delete your TrailUP account (via Settings → Delete Account, or by emailing us at contact@trailup.run). You can also edit or clear these values at any time from your profile.

Strava's own data collection: Strava may collect usage data about your interactions with their API in connection with this integration. Strava's handling of that data is governed by Strava's Privacy Policy, which we encourage you to review. Strava remains a separate data controller for any data they collect from you directly.

2.4 Waitlist Data

If you join our pre-launch waitlist, we collect your email, name, country, and target race distance to notify you about the launch and prioritize features.

3. How We Use Your Data

We use your information to:

  • Generate and manage your personalized training plan
  • Monitor your own training progress and plan compliance
  • Push planned workouts to your connected watch (where supported) and import your completed workouts back from it
  • Send training-related notifications and product updates
  • Improve the TrailUP product and user experience using non-Strava data only

We do not:

  • Sell, rent, or share your personal data with third parties for marketing
  • Use ad-targeting cookies
  • Send marketing spam — only training-related notifications
  • Use Strava data for product analytics, cross-user analyses, customer insights, or AI/ML training (see §2.3)

4. Data Storage & Security

Your data is stored securely on encrypted servers with industry-standard security measures. We use encryption in transit and at rest to protect your information. Access to your data is strictly scoped to your account — other users cannot see your information.

For connected fitness platforms, we do not store integration tokens. Tokens are used once during the sync process and immediately revoked.

5. Third-Party Services

TrailUP integrates with several third-party services. Each remains a separate data controller for the data they hold about you, and you remain subject to each service's own privacy policy.

  • Strava — one-time onboarding sync only; see §2.3 for the full disclosure. Token is revoked immediately after sync. Strava Privacy Policy.
  • Suunto — when you connect your Suunto account, we maintain a persistent connection to receive your completed workouts and push planned workouts to your watch. We store an access token and refresh token for this purpose; you can disconnect at any time from your TrailUP profile.
  • Supabase — our database and authentication provider. They process your account data on our behalf.
  • Resend — transactional email delivery (account confirmations, password changes, etc.).
  • Cloudflare — DNS, hosting for the marketing site, and bot-protection (Turnstile) on our public forms.

6. Cookies & Local Storage

We use only essential cookies and local storage for:

  • Authentication session management
  • Theme preferences (dark/light mode)
  • Unit preferences (metric/imperial)

We do not use tracking cookies, third-party analytics cookies, or advertising cookies.

7. Your Rights

You have the right to:

  • Access — request a copy of your personal data
  • Correct — update inaccurate information via your profile
  • Delete — request deletion of your account and all associated data
  • Disconnect — revoke access to any connected fitness platform at any time
  • Unsubscribe — opt out of any communications

To exercise any of these rights, email us at contact@trailup.run. We will respond within 30 days.

8. Data Retention

We retain your data for as long as your account is active. If you request account deletion, we will remove all personal data — including the values originally derived from your Strava sync — within 30 days. Strava data, in any form (raw or derived), is never retained for product improvement, analytics, or any cross-user purpose.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact

For any privacy-related questions or requests, contact us at:

contact@trailup.run

← Back to home