Privacy Policy

Connected Steps ("we", "us", "our") operates the website connectedsteps.in and provides running coaching and community services. Our contact email is connected.steps2106@gmail.com.

We collect the following information when you register or use our platform:

• Account data: first name, last name, email address, phone number, training location, and running goal.
• Training data: session attendance records logged by your coach.
• Strava data (optional): if you choose to connect your Strava account, we access the data described in Section 4 below.

• To personalise your training plan and coach recommendations.
• To calculate and display your position on the community leaderboard.
• To send you communications about sessions and events (where you have agreed).
• To improve our platform and services.

We do not sell your personal data to any third party.

Connected Steps integrates with the Strava API. Connecting Strava is entirely optional. If you choose to connect, we access the following data from your Strava account:

• Activity name, type (e.g. Run, Walk, Ride), date and time
• Distance (km) and moving time (seconds)
• Average speed (used only to compute estimated pace)

What we do NOT access or store:

• GPS coordinates, routes, or map data
• Heart rate, power, cadence, or other sensor data
• Photos, segments, kudos, or social interactions
• Any private activities (we only access the scope you grant)

What we store: We store only aggregated monthly summaries (total runs, total km, total time, and points score) for leaderboard purposes. Raw activity lists are processed in your browser session and are not persisted on our servers.

Powered by Strava: Activity data displayed on Connected Steps is sourced from Strava. We comply with the Strava API Agreement.

Revoking access: You can disconnect Strava at any time from your dashboard. To fully revoke access you can also visit Strava Settings → My Apps and remove Connected Steps. Upon disconnection we stop fetching your Strava data; existing aggregated summaries are removed from the leaderboard on your next dashboard visit.

Your account data is retained for as long as your account is active. Aggregated Strava summaries are retained as long as you remain connected to Strava. You may request deletion of all your data by emailing connected.steps2106@gmail.com.

Strava access tokens and refresh tokens are stored only in your browser's local storage and are never sent to or stored on our servers. All communication between your browser and our servers is encrypted via HTTPS.

We use the following third-party services:

• Strava API – activity data (see Section 4)
• Supabase – database hosting (data stored in the EU region)
• Vercel – web hosting

You have the right to access, correct, or delete your personal data. To exercise any of these rights, email us at connected.steps2106@gmail.com.

We may update this policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Continued use of Connected Steps after changes constitutes acceptance of the updated policy.

For any privacy-related queries, email us at connected.steps2106@gmail.com.