Privacy Policy

Last updated: May 2025

Sub20 ("we", "us", or "our") operates the Sub20 training app available at sub20.app. This policy explains what data we collect, how we use it, and your rights.

1. Information We Collect

We collect the following information when you use Sub20:

• Account information — your email address when you register
• Training data — run logs including distance, duration, pace, and GPS route coordinates
• Progress data — your current level, week, and training history within the app
• Payment information — processed securely by Stripe; we do not store card details
• Strava connection — if you connect Strava, we store an access token to enable activity export

2. How We Use Your Information

• To provide and personalise your training plan
• To track your progress and benchmarks across sessions
• To process your subscription payment via Stripe
• To export your runs to Strava when you request it
• To send transactional emails (welcome, subscription confirmation)
• To improve the app based on usage patterns

3. Data Storage

Your data is stored securely using Supabase (a GDPR-compliant database provider). Payment processing is handled by Stripe. We do not sell your data to third parties.

4. GPS and Location Data

If you enable GPS tracking during a run, we store the route coordinates alongside your session data. This data is used solely to display your route map within the app and to export your activity to Strava if requested. Location data is never shared with third parties without your consent.

5. Strava Integration

If you connect your Strava account, we store a Strava access token in our database. This token is used only to export your Sub20 training sessions to Strava when you explicitly request it. You can disconnect Strava at any time from your Profile settings, which removes the stored token.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, all personal data and training history is permanently deleted within 30 days.

7. Your Rights

Under GDPR and UK data protection law, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and all associated data
• Export your data in a portable format
• Withdraw consent for data processing at any time

To exercise any of these rights, contact us at hello@sub20.app.

8. Cookies

Sub20 uses minimal cookies and local storage necessary for authentication and storing your training preferences on your device. We do not use advertising cookies or third-party tracking.

9. Children's Privacy

Sub20 is not intended for users under the age of 13. We do not knowingly collect data from children under 13.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or in-app notification. Continued use of Sub20 after changes constitutes acceptance of the updated policy.

11. Contact

If you have any questions about this privacy policy, contact us at:

hello@sub20.app
Sub20, United Kingdom

© 2025 Sub20. All rights reserved.