Privacy Policy

Last updated: 7 May 2026

Who we are

This privacy policy explains how Stride ("we", "us", "our") collects, uses, and protects your personal data when you use our running training plan service at https://www.stride-training.com.

For the purposes of UK and EU data protection law, Graham Pattle trading as Stride is the data controller of your personal data. You can contact us at support@stride-training.com for any privacy-related questions.

What data we collect

Account information. When you create an account, we collect your name, email address, and a hashed version of your password. You may also choose to provide additional profile details to help us generate your training plan, such as your age, weight, recent race times, target race, and current weekly mileage.

Strava-derived data. If you connect your Strava account, we access your Strava data via the Strava API. This includes:

  • Your Strava athlete ID and basic profile information (name, profile picture)
  • Your activities, including pace, distance, time, elevation, route data, and the device used to record each activity
  • Activity metadata you have made visible to authorised applications under the scopes you grant

The specific Strava data we access depends on the OAuth scopes you authorise. We currently request the following scopes: activity:read_all. You can review and revoke these permissions at any time, either through our in-app disconnect feature or by visiting strava.com/settings/apps.

Usage data. We collect basic information about how you use our service, including pages viewed, features used, and timestamps. This is used to operate and improve the service.

Why we collect this data and our lawful basis

We process your personal data for the following purposes, with the following lawful bases under UK GDPR:

  • To provide the service: generating training plans, tracking your progress, and matching synced Strava activities to prescribed sessions. Lawful basis: performance of a contract with you.
  • Strava integration: accessing and storing data from Strava on your behalf. Lawful basis: your consent, granted when you authorise the Strava connection. You can withdraw this consent at any time by disconnecting.
  • Service improvement: understanding usage patterns and improving the service. Lawful basis: our legitimate interest in operating and developing the service. You can object to this processing.
  • Legal compliance: where we are required to retain or process data for legal reasons. Lawful basis: legal obligation.

How we use Strava data specifically

We use Strava activity data primarily to automatically log completed runs against your prescribed training plan sessions. We extract details such as pace, distance, duration, and the recording device, and match each activity to a session in your plan. Synced data is stored on your training plan record so you can review your progress over time.

If you disconnect from Strava, all previously synced activity data is automatically deleted from your training plans and no further activities will sync.

Strava's own data practices

Strava may collect data about how our application uses the Strava API, including the volume and nature of API calls we make on your behalf. This collection is governed by Strava's own privacy policy, which you can review at strava.com/legal/privacy.

Garmin-sourced data

If you record activities using a Garmin device and these activities reach our service via Strava, the resulting activity data originated on Garmin hardware. We display attribution to Garmin where this is the case. Use of Garmin-sourced data is also subject to Garmin's own terms.

Who we share your data with

We do not sell your personal data. We share data only with:

  • Service providers: we use third-party service providers to host our infrastructure. These providers process data only on our instructions and under contract.
  • Strava: when you connect your Strava account, the OAuth flow involves Strava and is governed by Strava's privacy policy.
  • Legal requirements: we may disclose data where required by law, court order, or to protect the rights, property, or safety of users or others.

International transfers

Strava is based in the United States, and Strava data may be processed there. Where personal data is transferred outside the UK or EEA, appropriate safeguards are in place, including the use of Standard Contractual Clauses where required.

How long we keep your data

  • Account data: for as long as your account is active. If you delete your account, we delete your account data within 30 days, except where we are required to retain it for legal reasons.
  • Strava tokens: stored only while your Strava connection is active. On disconnect (initiated by you, or by you revoking access via Strava), tokens are immediately removed from our database.
  • Synced activity data: retained on your training plan while your Strava connection is active. When you disconnect Strava, all synced activity data is automatically deleted from your plans.
  • Backups: routine backups may retain deleted data for up to 90 days before being purged.

Your rights

Under UK and EU data protection law, you have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you
  • Rectification: ask us to correct inaccurate data
  • Erasure: ask us to delete your data
  • Restriction: ask us to limit how we use your data
  • Portability: request your data in a portable format
  • Objection: object to processing based on legitimate interests
  • Withdraw consent: withdraw consent for processing based on consent (e.g. by disconnecting Strava)

To exercise any of these rights, contact us at support@stride-training.com. We will respond within one month.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe we have not handled your data appropriately.

Disconnecting Strava

You can disconnect your Strava account at any time:

  • In our app: visit your profile page and click "Disconnect from Strava".
  • From Strava's side: visit strava.com/settings/apps and revoke access to Stride.

When you disconnect, we immediately delete your Strava tokens and all Strava-sourced activity data from your training plans. This includes synced pace, distance, duration, heart rate, device information, and workout structure data. No Strava data is retained after disconnection.

Automated decision-making

We use algorithms to generate personalised training plan recommendations based on your goals, fitness level, and activity history. These recommendations are advisory — you remain in control of all training decisions. We do not make automated decisions that produce legal or similarly significant effects on you within the meaning of Article 22 of the UK GDPR.

Security

We protect your data using industry-standard practices, including encrypted connections (HTTPS), secure password hashing, and access controls on our systems. No system is perfectly secure, and we cannot guarantee absolute security.

Cookies

We use essential cookies to operate the service (for example, to keep you logged in). You can manage cookies via your browser settings.

Children

Our service is not directed at children under 16, and we do not knowingly collect personal data from anyone under 16. If you believe a child has provided personal data to us, please contact us and we will delete it.

Changes to this policy

We may update this privacy policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be communicated to you in advance, where possible.

Contact us

Questions about this policy or your data?

Graham Pattle
Email: support@stride-training.com
Postal Address: 82 Langthorne Street, London, SW6 6JX