Privacy Policy

Coastal Runners is a recreational running community based in Chennai, India. This application (“the App”) is operated by Coastal Runners and is used by club members to track activities, manage events, and engage with the community. Questions or requests may be sent to cr.coastalrunners@gmail.com.

Account & profile data — When you register, we collect your name, email address, phone number, date of birth, blood group, area / locality, and emergency contact details. This is used to manage club membership and event registration.

Strava activity data — If you choose to connect your Strava account, we access your personal activity data (runs, distances, pace, elevation) via the Strava API. This data is displayed only to you on your personal dashboard. We do not share your personal Strava data with other users.

Club activity data — Aggregated running statistics for the club leaderboard are fetched via the Strava Club API, which reflects data that members have made available to the club on Strava.

Usage data — Strava may collect and use data related to your access to the Strava API through our App, as described in the Strava Privacy Policy.

We use the data we collect to:

• Verify and manage club membership
• Display your personal Strava activities on your private dashboard
• Manage event registrations and emergency contact information
• Operate club forms, polls, and contests
• Show the club leaderboard to registered members

We do not sell, rent, or share your personal data with third parties for advertising or commercial purposes.

Our App uses the Strava API and is subject to the Strava API Agreement and Strava Privacy Policy, which controls in the event of any conflict with this policy.

When you connect Strava, we store your Strava OAuth tokens securely in our database. These tokens are visible only to you and are used solely to fetch your own activity data for your personal dashboard. Your Strava access token is never shared with other users or third parties.

You can disconnect Strava at any time from the Connections page. Disconnecting removes your tokens and clears all mirrored Strava profile fields from our database.

You have the right to:

• Access — request a copy of the data we hold about you
• Correction — update your profile at any time from the Profile page
• Deletion — request deletion of all your data; we will complete this within 30 days and confirm by email
• Withdraw Strava consent — disconnect Strava from the Connections page at any time

To exercise any of these rights, email us at cr.coastalrunners@gmail.com.

We retain your account data for as long as you are a registered member. Strava activity data fetched for the leaderboard is cached in our systems; we do not retain individual Strava activity records beyond what is needed for the current challenge period. Upon a deletion request or account closure, all personal data will be permanently deleted within 30 days.

We use commercially reasonable measures to protect your data, including encrypted storage of Strava OAuth tokens and access controls via AWS Cognito and AppSync authorization policies. Your Strava tokens are owner-only — no other user or administrator can read them.

The App is built on AWS (Cognito, AppSync, DynamoDB, Amplify) and uses the Strava API. Each of these services operates under its own privacy policy. We are not responsible for the privacy practices of these third-party providers.

For any privacy-related questions, data access requests, or deletion requests, contact us at: cr.coastalrunners@gmail.com