Privacy Policy

Last updated: April 22, 2026

1. Introduction

StartLane (“we,” “our,” or “us”) operates the StartLane web application and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

By using StartLane, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our services.

2. Information We Collect

Account Information

  • Name and display name
  • Email address
  • Password (stored securely hashed, never in plaintext)
  • Account role (runner or coach)

Training & Fitness Data

  • Age, current running pace, heart rate data
  • Training plans and workout logs (type, distance, duration, pace, effort)
  • Heart rate zones and VO2max estimates
  • Daily check-in data: readiness, sleep hours/quality, muscle soreness, HRV, resting heart rate, hydration
  • Form analysis videos and resulting metrics (cadence, knee angle, overstride, vertical oscillation)

Team & Competition Data (Coaches)

  • Team name, school name, invite codes
  • Roster information (athlete names, squad, level, status)
  • Meet schedules, race results, times, places
  • Season configuration
  • Workout overrides and coach notes

Third-Party Integrations

  • Strava: When you connect Strava, we access your activity data (runs, rides, heart rate, pace, distance). We store OAuth tokens to maintain the connection.
  • WHOOP: When you connect WHOOP, we access recovery scores, HRV, sleep data, strain, and resting heart rate. We store OAuth tokens to maintain the connection.
  • Apple Health: When you upload an Apple Health export, we parse workout data, resting heart rate, and VO2max records from the file. The file is processed and not permanently stored.

Automatically Collected Information

  • Browser type and version
  • Pages visited and features used
  • Date and time of access
  • IP address (for security purposes)

3. How We Use Your Information

  • Generate personalized training plans based on your fitness data
  • Track workout completion and training progress
  • Provide recovery recommendations based on check-in data
  • Enable coaches to manage team rosters, meet schedules, and race results
  • Analyze running form from uploaded videos
  • Sync workout data from connected services (Strava, WHOOP)
  • Send service-related communications (password resets, critical updates)
  • Improve and maintain the platform

4. Data Sharing

We do not sell your personal information. We share data only in the following circumstances:

  • Coach-Athlete Relationship: When an athlete joins a team, their coach can view the athlete's check-in data, workout logs, form analysis results, and race results. Athletes are informed of this when joining a team.
  • Service Providers: We use Supabase (database hosting), Vercel (web hosting), and Fly.io (API hosting) to operate the platform. These providers process data on our behalf under their respective privacy policies.
  • Legal Requirements: We may disclose information if required by law, court order, or governmental authority.

5. Data Security

We implement security measures including:

  • Encryption in transit (HTTPS/TLS) for all data
  • Row-Level Security (RLS) policies on all database tables
  • Secure password hashing via Supabase Auth
  • JWT-based authentication with short-lived tokens
  • Non-root container execution for API services
  • Input validation and sanitization on all endpoints

While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account is active. You may request deletion of your account and associated data at any time by contacting us at hello@startlane.app. Upon account deletion:

  • Your profile and personal information are permanently deleted
  • Workout logs, check-ins, and training plans are deleted
  • Connected third-party tokens (Strava, WHOOP) are revoked and deleted
  • Form analysis videos and results are deleted
  • Team data remains for the team if other members exist

7. Data Breach Notification

In the event of a data breach that poses a high risk to your rights and freedoms, we will:

  • Notify affected users by email within 72 hours of becoming aware of the breach
  • Notify relevant supervisory authorities as required by applicable law
  • Provide details of the nature of the breach, the data affected, and the steps being taken to address it
  • Provide recommendations for steps you can take to protect yourself

8. Anonymized Data and Service Improvement

We may use anonymized, aggregated data (data that cannot be linked back to any individual) to:

  • Improve our training plan algorithms and recovery recommendations
  • Analyze form analysis data to improve our metrics accuracy
  • Conduct research on training patterns and effectiveness
  • Generate benchmarks and insights for the running community

This anonymized data cannot be used to identify you. We will never sell identifiable personal data.

9. Account Access by Staff

In limited circumstances, authorized StartLane staff may access your account data for the purpose of:

  • Responding to your support requests
  • Investigating reported bugs or technical issues
  • Ensuring compliance with our terms of service

Staff access is logged, limited to the minimum data necessary, and does not include viewing your health data (HRV, sleep, soreness) unless you explicitly share it in a support request. We will never access your account for marketing or sales purposes.

10. Children's Privacy

StartLane may be used by student athletes under the age of 18 as part of a school team program. In such cases:

  • Accounts for athletes under 13 require parental consent, managed by the coach or school administrator
  • We do not knowingly collect personal information from children under 13 without parental consent
  • Coaches and schools are responsible for obtaining necessary parental consents under COPPA and FERPA
  • If you believe a child under 13 has provided us personal information without consent, contact us at hello@startlane.app

11. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for data processing
  • Opt out of non-essential communications

To exercise these rights, contact us at hello@startlane.app.

12. Third-Party Services

StartLane integrates with third-party services. Their use of your data is governed by their own privacy policies:

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of StartLane after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: hello@startlane.app