Skip to main content

Privacy Policy

Last updated: September 1, 2025

Table of Contents

  1. Introduction
  2. Information We Collect
  3. How We Use Your Information
  4. Strava Integration
  5. Data Sharing and Disclosure
  6. Data Security
  7. Data Retention
  8. Your Rights and Choices
  9. Cookies and Tracking
  10. International Data Transfers
  11. Children's Privacy
  12. Changes to This Policy
  13. Contact Us

1. Introduction

Welcome to NuroStride ("we," "our," or "us"). We are committed to protecting your privacy and being transparent about how we collect, use, and share your information. This Privacy Policy explains how we handle your personal information when you use our AI-powered running analytics platform.

NuroStride provides personalized insights and recommendations based on your running data from Strava. We understand that your fitness data is sensitive and personal, and we take our responsibility to protect it seriously.

2. Information We Collect

2.1 Information You Provide Directly

  • Account information (name, email address, password)
  • Profile information (age, weight, running goals, preferences)
  • Payment information (processed securely by our payment providers)
  • Communications with our support team
  • Feedback and survey responses

2.2 Strava Data

When you connect your Strava account, we collect:

  • Activity data (distance, pace, elevation, heart rate, route data)
  • Performance metrics (personal records, training load)
  • Profile information from Strava
  • Activity photos and descriptions (if you choose to share them)
  • Segment and achievement data

2.3 Automatically Collected Information

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, features used, time spent)
  • Log data (access times, error logs, performance metrics)
  • Cookies and similar tracking technologies

2.4 Third-Party Sources

  • Information from authentication providers (Google, Apple)
  • Public information from social media platforms
  • Analytics and marketing partners

3. How We Use Your Information

3.1 Service Provision

  • Analyzing your running data to provide personalized insights
  • Generating AI-powered recommendations for training optimization
  • Creating performance reports and trend analysis
  • Identifying patterns to help prevent injuries
  • Providing goal tracking and achievement notifications

3.2 Account Management

  • Creating and maintaining your account
  • Processing payments and managing subscriptions
  • Providing customer support
  • Sending important account notifications

3.3 Improvement and Development

  • Improving our AI algorithms and analytics
  • Developing new features and services
  • Conducting research and analysis
  • Testing and quality assurance

3.4 Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract: To provide our services and fulfill our obligations
  • Consent: When you explicitly consent to specific processing activities
  • Legitimate Interests: For improving our services, security, and business operations
  • Legal Obligation: To comply with applicable laws and regulations

4. Strava Integration

NuroStride integrates with Strava through their official API. When you connect your Strava account:

  • You will be redirected to Strava's authorization page
  • You can choose which data to share with us
  • We only access data you explicitly authorize
  • You can revoke access at any time through your Strava settings
  • We comply with Strava's Terms of Service and API guidelines

We do not store your Strava login credentials. Authentication is handled securely through OAuth 2.0.

5. Data Sharing and Disclosure

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5.2 Service Providers

We share limited data with trusted service providers who help us operate our platform:

  • Cloud hosting and infrastructure providers (AWS, Google Cloud)
  • Payment processors (Stripe, PayPal)
  • Email service providers (for transactional emails)
  • Analytics providers (for anonymized usage statistics)
  • Customer support tools

5.3 Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal processes or government requests
  • Protect our rights and property
  • Ensure user safety and prevent fraud
  • Investigate violations of our Terms of Service

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

6. Data Security

We implement comprehensive security measures to protect your data:

6.1 Technical Safeguards

  • End-to-end encryption for data transmission
  • AES-256 encryption for data at rest
  • Secure cloud infrastructure with redundancy
  • Regular security audits and penetration testing
  • Multi-factor authentication for admin access

6.2 Organizational Measures

  • Strict access controls and need-to-know basis
  • Employee security training and background checks
  • Data processing agreements with all vendors
  • Incident response and breach notification procedures
  • Regular security awareness training

6.3 Your Role in Security

  • Use strong, unique passwords
  • Enable two-factor authentication
  • Keep your account information up to date
  • Report suspicious activity immediately

7. Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Until you delete your account, plus 30 days for backup recovery
  • Activity Data: For the duration of your subscription plus 1 year
  • Payment Records: 7 years for tax and accounting purposes
  • Support Communications: 3 years for quality and legal purposes
  • Analytics Data: Anonymized data may be retained indefinitely

When you delete your account, we will permanently delete your personal data within 30 days, except where retention is required by law.

8. Your Rights and Choices

8.1 Access and Control

You have the right to:

  • Access your personal information
  • Correct inaccurate data
  • Delete your account and data
  • Export your data in a portable format
  • Restrict certain processing activities
  • Object to processing based on legitimate interests

8.2 GDPR Rights (EU Residents)

If you're in the EU, you also have the right to:

  • Withdraw consent at any time
  • Data portability
  • Lodge a complaint with a supervisory authority
  • Not be subject to automated decision-making

8.3 California Rights (CCPA)

California residents have additional rights including:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information
  • Right to non-discrimination

8.4 Exercising Your Rights

To exercise any of these rights, contact us at legal@nurostride.com. We will respond within 30 days and may need to verify your identity.

9. Cookies and Tracking

We use cookies and similar technologies to improve your experience. See our Cookie Policy for detailed information about:

  • Types of cookies we use
  • How to manage cookie preferences
  • Third-party cookies and tracking
  • Do Not Track signals

10. International Data Transfers

NuroStride is based in the United States. Your information may be transferred to and processed in countries other than your own, including the US, which may have different data protection laws.

For international transfers, we ensure adequate protection through:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by relevant authorities
  • Certification schemes and codes of conduct
  • Binding corporate rules where applicable

11. Children's Privacy

NuroStride is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete it immediately.

For users between 13 and 18, we require parental consent before processing personal information. Parents can request access to, modification of, or deletion of their child's information by contacting us.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.

When we make changes:

  • We will update the "Last updated" date
  • For material changes, we will provide prominent notice
  • We may notify you via email or in-app notification
  • Previous versions will be archived for reference

Your continued use of NuroStride after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Email: legal@nurostride.com

Subject Line: Privacy Policy Inquiry

Response Time: We aim to respond within 48 hours

For GDPR-related inquiries, please include "GDPR" in your subject line. For CCPA-related requests, please include "CCPA" in your subject line.

Disclaimer: This privacy policy is a template for informational purposes. Consult with a qualified attorney for legal advice specific to your situation and jurisdiction.