Legal
Privacy Policy
This policy explains how Pace & Push processes account, coding, and distance data. Last updated: July 11, 2026.
Controller
Hawig Ventures UG (haftungsbeschränkt)Herzogin-Juliana-Straße 755469 SimmernGermanyPrivacy contact: hawigxyz@proton.me
Data We Process
GitHub sign-in
- GitHub id, username, display name, and avatar URL.
- OAuth scope information, a hash of the GitHub access token, and an encrypted copy of the token used for server-side refreshes.
- Session cookies used to keep you signed in.
GitHub activity
- Daily GitHub commit counts and restricted/private contribution aggregates visible to your GitHub token and used for scoring.
- Metadata needed to refresh and explain score snapshots.
- Pace & Push does not collect private repository source code for leaderboard scoring.
Distance sync
- Daily aggregate distance totals sent by the iOS or Android app, bucketed by UTC calendar day.
- On iOS, Apple Health sync reads the current UTC calendar year only when preparing daily aggregate totals.
- Device label, platform, sync timestamps, status, and error summaries.
- Pace & Push does not collect raw workouts, GPS routes, or step-by-step HealthKit or Health Connect samples.
- Daily distance totals are health- and fitness-derived data and are treated as sensitive data for product and review purposes.
- The first mobile sync stores these aggregates in your private account. Granting HealthKit or Health Connect access does not make the aggregates public.
Profile and settings
- Versioned public-health-data consent, its timestamp, withdrawal state, dated-history preference, unit preference, and public profile data.
- Score snapshots, ranks, streaks, and profile history.
Website analytics
- Aggregate website analytics from Simple Analytics, including page paths, referrers and UTM sources, country, language, device/browser information, viewport dimensions, scroll depth, and time on page.
- Simple Analytics is not used for advertising or cross-site tracking and does not set analytics cookies for this site.
Purposes and Legal Bases
- Account operation, authentication, settings, and device pairing: performance of the service contract.
- Distance totals from HealthKit or Health Connect: your explicit mobile permission and consent, plus service operation where needed.
- Public leaderboard/profile display: your separate, explicit publication consent. Platform health permission alone is not publication consent.
- Health- and fitness-derived distance totals: your explicit permission in HealthKit or Health Connect and your consent to sync aggregate distance totals to Pace & Push.
- Security, abuse prevention, reliability, and debugging: legitimate interests in operating a safe service.
- Aggregate website analytics: legitimate interests in understanding public website usage and improving the service without advertising or cross-site tracking.
Public Leaderboard Data
Public discovery is off by default. Mobile setup connects GitHub and completes the first daily-distance sync while your account is private. You can then separately choose to publish. Before that choice, Pace & Push names the audience and fields: anyone on the internet can view your GitHub username and display name, profile bio, last-sync time, exact running distance for the selected period, GitHub commit total, combined score, rank, and streak without an account. Other people may copy or share information you publish. Commit totals may include restricted/private contribution aggregates that GitHub makes visible to your signed-in account.
Dated activity history is a separate option and is off by default because changes between daily cumulative points can reveal when you were active. You can publish the summary without publishing that history. You can withdraw public sharing in Settings; anonymous leaderboard, search, profile, and dated-history reads require a current consent record and are not served from a stale public-result cache after withdrawal.
Scoring and Ranking
Pace & Push calculates period scores from daily GitHub commit counts, restricted/private contribution aggregates visible to your GitHub token, and daily aggregate distance totals bucketed by UTC calendar day. The score is used to rank public users on the leaderboard. This ranking is for the product experience only and does not produce legal or similarly significant effects.
Processors and Recipients
- Vercel for hosting, edge delivery, serverless application execution, deployment logs, and operational security.
- Neon for Postgres database hosting, backups, and database operations.
- GitHub for OAuth sign-in and GitHub API data. GitHub also acts independently for your GitHub account and GitHub service data.
- Apple for App Store/TestFlight distribution and HealthKit permission surfaces. Apple HealthKit remains a local platform permission system; the iOS app sends only aggregate distance totals to Pace & Push.
- Google for Google Play distribution and Android Health Connect permission surfaces. Health Connect remains a local platform permission system; the Android app sends only aggregate distance totals to Pace & Push.
- Simple Analytics for privacy-friendly aggregate website analytics on the Next.js web app. Simple Analytics is not used for advertising or cross-site tracking.
Where Vercel or Neon process personal data on our behalf, we rely on their applicable data-processing terms, subprocessor controls, technical and organizational measures, and cross-border transfer mechanisms. For transfers outside the EEA, United Kingdom, or Switzerland, safeguards may include adequacy decisions, Standard Contractual Clauses or equivalent transfer terms, and supplemental security measures such as data minimization, encryption in transit, token hashing, and encrypted credential storage.
Storage and Deletion
- Account, commit, distance, device, score, and sync data are kept while your account is active or while needed to operate the service.
- Sync-run status records and score history are kept while your account is active so the product can show sync state, score history, and troubleshooting context.
- Operational server logs are kept only as long as needed for security, reliability, abuse prevention, and debugging, and are not used for advertising or marketing.
- Signed-in users can export data through
/api/me/privacy-export. - Signed-in users can request deletion through
DELETE /api/me/delete; this removes account, GitHub, device, commit, distance, score, and sync records. Backup copies and provider logs may persist for a limited period under provider retention cycles, but are not restored to active service except for disaster recovery or legal/security needs. - You can withdraw mobile distance sync by revoking HealthKit or Health Connect permissions, disconnecting the device, or deleting your Pace & Push account.
Cookies
Pace & Push uses essential cookies for GitHub OAuth state and the signed-in session. Simple Analytics is enabled without analytics cookies. No marketing or behavioral advertising cookies are currently used.
Your Rights
Depending on the situation, you may have rights to access, correction, deletion, restriction, portability, objection, and withdrawal of consent. You may also lodge a complaint with a data protection supervisory authority.
Security
Pace & Push stores GitHub access tokens encrypted at rest when the product needs to refresh commit counts, keeps token hashes for audit and export metadata, minimizes health-derived uploads to daily totals, and keeps device authentication separate from GitHub sign-in. Production controls include HTTPS, strict transport security headers, database-backed device revocation, hashed mobile bearer tokens, production-only secret checks, and a health endpoint for operational monitoring. Security or privacy concerns can be sent to hawigxyz@proton.me.
Children
Pace & Push is not directed to children. If the service later targets minors or schools, the privacy policy and permission flows must be updated before launch.
Policy Updates
This policy will be updated before Pace & Push enables advertising, error monitoring, paid plans, background sync, raw workout collection, GPS route collection, changes analytics provider or collection mode, or adds any new third-party provider that materially changes how personal data is processed.