Back
Privacy Policy for ActivityStat
Last Updated: 2023-08-25
Effective Date: June 2, 2024
Welcome to ActivityStat! This Privacy Policy explains how we collect, use, and protect your personal information when you visit our website https://activitystat.com or use our services.
1. Information We Collect
Personal Data: We collect the following information when you interact with our service:
- Name
- Email address
- Payment information (processed securely via Stripe or other payment processors)
- Fitness activity data accessed through your connected Strava account
Non-Personal Data: We collect cookies and usage data for analytics and to improve your user experience.
2. Legal Basis for Processing (GDPR Article 6)
We process your personal data under the following lawful bases:
- Performance of a contract (Article 6(1)(b)): To deliver our services and fulfill your orders.
- Consent (Article 6(1)(a)): For optional services like email marketing, non-essential cookies, or when linking your Strava account.
- Legal obligation (Article 6(1)(c)): Where required by law.
3. Purpose of Data Collection
We use your data to:
- Process orders and deliver services
- Integrate and display your fitness activity via the Strava API
- Communicate with you regarding your account or transactions
- Improve our website and user experience
- Comply with legal requirements
4. Data Sharing and Subprocessors
We do not sell your data. We only share your data with trusted third-party services that help us operate ActivityStat, including:
- Stripe (payment processing)
- MongoDB (data storage)
- Strava (via API access to your account data)
- Web hosting providers
- GA4 (Google Analytics)
All subprocessors are contractually bound to GDPR-compliant data protection standards.
5. International Data Transfers
If you are located in the European Economic Area (EEA), your personal data may be transferred to countries outside the EEA. Where this occurs, we ensure adequate protection via:
- Standard Contractual Clauses (SCCs) or
- Other legally recognized transfer mechanisms.
6. Data Retention
We retain your personal data only as long as necessary to:
- Fulfill the purposes outlined in this policy
- Comply with legal or regulatory obligations
7. Your Rights Under GDPR
You have the right to:
- Access your data
- Rectify inaccuracies
- Erase your data ("right to be forgotten")
- Restrict or object to processing
- Data portability
- Withdraw consent at any time
To exercise any of these rights, please contact us using the details below.
8. Children's Privacy
We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe we have collected information from a child, please contact us immediately.
9. Cookies and Tracking
We use cookies for functional and analytical purposes. You will be given the option to opt in to non-essential cookies when you first visit the site. For more detail, see our Cookie Policy.
10. Data Security
We implement industry-standard security practices including encryption and secure data storage to protect your personal information. All user data, including Strava data, is stored securely in MongoDB with appropriate access controls.
11. Updates to This Privacy Policy
We may update this policy occasionally. Changes will be posted on this page and communicated via email if significant.
12. Contact Us
If you have questions about this Privacy Policy or your data rights, please contact us at:
Form: https://activitystat.com/contact
By using ActivityStat, you consent to the terms of this Privacy Policy.