Tier One Run Club

Privacy Policy

Last updated: February 14, 2026

Tier One Run Club ("TORC", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

Information You Provide

  • Account Information: Email address, name, and password when you create an account
  • Profile Information: Optional details such as age, weight, height, and fitness goals
  • Payment Information: Billing details processed securely through Stripe (we do not store your full payment card details)
  • Communications: Information you provide when contacting support or providing feedback

Fitness and Activity Data

  • Activity Data: Running activities, workouts, distance, pace, duration, heart rate, cadence, and other metrics
  • GPS Data: Location data from your activities (routes, elevation)
  • Device Data: Information from connected fitness devices and wearables
  • Uploaded Files: FIT files and other activity files you upload

Automatically Collected Information

  • Device Information: Browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent on the service
  • Log Data: IP address, access times, referring URLs

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Analyze your fitness data to generate insights, metrics, and personalized recommendations
  • Power AI-driven features including training analysis and coaching suggestions
  • Process transactions and send related information
  • Send technical notices, updates, security alerts, and support messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze trends, usage, and activities to improve user experience
  • Detect, investigate, and prevent fraudulent or unauthorized activity
  • Comply with legal obligations

3. AI and Data Processing

TORC uses artificial intelligence to analyze your fitness data and provide personalized insights. This includes:

  • Processing your activity data through AI models to generate training recommendations
  • Analyzing patterns in your performance to identify trends and areas for improvement
  • Using third-party AI services (such as language models) to power certain features

Your personal data is not used to train AI models. We may use anonymized, aggregated data to improve our AI features, but this data cannot be used to identify individual users.

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

We share data with third-party vendors who perform services on our behalf:

  • Convex: Database and backend infrastructure
  • Stripe: Payment processing
  • AI Providers: Language model services for AI features (data is processed but not retained for training)
  • Email Services: Transactional email delivery
  • OpenStreetMap: Map tiles and reverse geocoding for activity location display

Third-Party Integrations

When you connect third-party accounts (such as Intervals.icu), we use OAuth 2.0 authorization to request specific permissions (such as read access to your activities). You choose which permissions to grant, and you can revoke access at any time through the third-party service or by disconnecting in your TORC account settings. We receive data from those services only within the scope of permissions you granted. We do not share your TORC data back to these services unless you explicitly request it.

Legal Requirements

We may disclose your information if required by law, legal process, or government request, or to protect the rights, property, or safety of TORC, our users, or the public.

Business Transfers

If TORC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. You can request deletion of your data at any time. After account deletion, we may retain certain information as required by law or for legitimate business purposes (such as resolving disputes or enforcing agreements).

Activity data and analytics may be retained in anonymized, aggregated form indefinitely for service improvement purposes.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Secure authentication mechanisms
  • Regular security assessments and monitoring
  • Access controls limiting employee access to personal data

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Rights and Choices

Access and Portability

You can access your personal data through your account settings. You may export your activity data at any time.

Correction

You can update your account information through your profile settings.

Deletion

You can delete your account and associated data through your account settings. Some information may be retained as described in the Data Retention section.

Marketing Communications

You can opt out of marketing emails by clicking the unsubscribe link in any marketing email or updating your notification preferences.

Third-Party Connections

You can disconnect third-party integrations (like Intervals.icu) at any time through your account settings.

8. Cookies and Similar Technologies

We only use strictly necessary cookies and local storage. We do not use any tracking, analytics, or advertising cookies.

What We Use

  • Authentication tokens: To keep you securely logged in to your account (stored in local storage)
  • Theme preference: To remember your light or dark mode setting (stored in local storage)
  • UI preferences: To remember display settings such as table column visibility (stored in local storage)
  • Cookie consent: To remember that you have been informed about our cookie usage (stored in local storage)

Third-Party Services

We use Cloudflare Turnstile on our login page to prevent automated abuse. This service may set its own cookies as part of the verification process. Please refer to Cloudflare's Privacy Policy for details.

Legal Basis (GDPR)

All cookies and local storage we use are strictly necessary for the operation of our service. Under Article 6(1)(f) of the GDPR, we rely on our legitimate interest to provide a functional and secure service. No consent is required for strictly necessary cookies, but we inform you of their use for transparency.

You can clear cookies and local storage through your browser settings at any time. Please note that doing so will log you out and reset your preferences.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We take appropriate safeguards to ensure your information remains protected in accordance with this Privacy Policy.

10. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete such information.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you
  • Right to Delete: You can request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information, so this right does not apply
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at tieronerunclub@gmail.com.

12. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR).

Data Controller

Tier One Run Club is the data controller responsible for your personal data. You can contact us at tieronerunclub@gmail.com for any data protection inquiries.

Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract (Art. 6(1)(b)): Processing necessary to provide our service to you, including account management, activity tracking, and AI coaching features
  • Legitimate Interest (Art. 6(1)(f)): Processing necessary for service security, fraud prevention, and essential cookies/local storage required for the service to function
  • Consent (Art. 6(1)(a)): Where you have given explicit consent, such as for optional profile information or connecting third-party integrations. You may withdraw consent at any time
  • Legal Obligation (Art. 6(1)(c)): Where we are required to process data to comply with applicable law

Your Rights

  • Right to Access (Art. 15): Request a copy of your personal data
  • Right to Rectification (Art. 16): Request correction of inaccurate data
  • Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing (Art. 18): Request limitation of processing in certain circumstances
  • Right to Data Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format
  • Right to Object (Art. 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing

How to Exercise Your Rights

You can exercise many of these rights directly through your account settings (e.g., editing your profile, deleting your account). For any other requests, contact us at tieronerunclub@gmail.com. We will respond within 30 days as required by the GDPR.

You also have the right to lodge a complaint with your local supervisory authority (data protection authority) if you believe your data protection rights have been violated.

International Transfers

Your data may be transferred to and processed in countries outside the EEA, including the United States where our service providers operate. We ensure appropriate safeguards are in place for such transfers in accordance with GDPR requirements.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website or sending you an email. Your continued use of the service after changes take effect constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: tieronerunclub@gmail.com

By using Tier One Run Club, you acknowledge that you have read and understood this Privacy Policy.