Pace-N

Privacy Policy

Last updated: 14 June 2026

1. Who we are

Pace-N is a fitness accountability application operated by Gaatur (contact: support@gaatur.se). We are the data controller responsible for the personal data described in this policy.

If you have questions about your privacy or wish to exercise your rights, contact us at support@gaatur.se.

2. Data we collect and why

Account information (from Google Sign-In)

  • Your Google email address — used to create and identify your account.
  • Your Google display name — used as the default for your Pace-N display name during onboarding.
  • We do not store your Google profile photo or password.

Profile data (provided by you)

  • Display name (first name only, max 30 characters)
  • Avatar colour — a colour you choose to represent yourself
  • Weekly activity goal (2, 3, or 5 sessions per week)
  • Language preference (Norwegian or English)
  • Privacy setting (public or private profile)
  • Account created date and last active date

Workout data (provided by you)

  • Activity type (e.g. running, cycling, strength)
  • Date of session
  • Duration (optional)
  • Distance (optional)
  • Notes / a short message (optional, max 200 characters)
  • Source: whether the session was logged manually or recorded with live tracking

GPS route data (collected with your explicit consent during live tracking)

  • A sequence of GPS coordinate points (latitude and longitude) recorded while you use the Live Tracking feature.
  • GPS data is only collected when you actively start a live tracking session and your browser grants location permission.
  • You can use Pace-N without ever enabling GPS tracking.

Social data

  • Group memberships: which groups you belong to, your role (member or admin), and the status of your membership
  • Cheers you give on other members' posts
  • Comments you write on posts
  • Workout partners you tag in sessions (with their consent)
  • Notifications sent to and received by you

Technical data

  • Timestamps for all records (created, updated)
  • Rate-limiting data for group join attempts (attempt count, lockout periods) — used to prevent abuse
  • Account deletion scheduling date (if you request deletion)

3. Legal basis for processing (GDPR)

  • Performance of contract (Article 6(1)(b)): The majority of data processing is necessary to provide the Pace-N service you signed up for — your profile, workout logs, group membership, feed, badges, and personal bests.
  • Consent (Article 6(1)(a)): GPS location data collected during live tracking. You can withdraw this consent at any time by stopping a live tracking session or denying location permission in your browser.
  • Legitimate interests (Article 6(1)(f)): Rate-limiting and abuse prevention data. Our legitimate interest is protecting the service and its users from automated abuse.

4. How we share your data

We do not sell your personal data. We share data only with:

Supabase Inc. — our infrastructure and database provider. Supabase stores all Pace-N data on our behalf as a data processor. Data is stored in the EU (Frankfurt, Germany). Supabase is SOC 2 Type II certified.

Google LLC — solely for the purpose of authenticating your identity via Google Sign-In (OAuth 2.0). Once authenticated, no further data is shared with Google.

Other Pace-N users in your groups — when you share a workout to a group feed, members of that group can see your display name, avatar, activity type, optional stats (distance, time), and any note you wrote. Your GPS route is never shared in the feed.

We do not share data with advertisers, analytics companies, or any other third parties.

5. Cookies and local storage

Pace-N uses the following:

  • Session cookies (strictly necessary): Set by Supabase to keep you logged in. These are essential for the service to work and do not require your consent under the ePrivacy Directive. They are deleted when you log out.
  • localStorage (strictly necessary): We store your language preference, theme preference, and cookie consent flag in your browser's local storage. No personal data is stored here.

We do not use advertising cookies, third-party tracking cookies, or analytics scripts.

6. Data retention

  • Your data is retained as long as your account is active.
  • When you request account deletion, your account is scheduled for permanent deletion after a 14-day grace period. During this period you can cancel the deletion by logging in again.
  • After the 14-day period, all your personal data — including workout sessions, GPS routes, profile, group memberships, feed posts, comments, cheers, badges, and personal bests — is permanently deleted and cannot be recovered.
  • Rate-limiting records are deleted when your account is deleted (via CASCADE).
  • We do not retain your data for any purpose after deletion.

7. Your rights under GDPR

As a data subject in the European Economic Area, you have the following rights:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You can correct your display name and profile information at any time in Settings.
  • Right to erasure ("right to be forgotten"): You can delete your account at any time in Settings → Account → Delete account.
  • Right to data portability: You can request an export of your personal data in a machine-readable format by contacting us.
  • Right to object: You may object to processing based on legitimate interests (rate-limiting data) by contacting us.
  • Right to withdraw consent: If you have given consent for GPS tracking, you can withdraw it by stopping live tracking or revoking location permission in your browser at any time.
  • Right to lodge a complaint: You have the right to lodge a complaint with your national data protection authority. In Norway: Datatilsynet (datatilsynet.no).

To exercise any of these rights, contact us at support@gaatur.se. We will respond within 30 days.

8. Security

We use Row Level Security (RLS) on all database tables, meaning users can only access data they are authorised to see. Authentication is handled by Supabase and Google. Sensitive operations (such as group join rate-limiting and notification creation) are performed through server-side database functions, not directly from the client.

Despite these measures, no system is 100% secure. If you discover a security vulnerability, please report it to support@gaatur.se.

9. Children

Pace-N is not directed at children under 13 years of age. If you believe a child under 13 has created an account, please contact us at support@gaatur.se and we will delete the account promptly.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. Continued use of Pace-N after changes are posted constitutes your acceptance of the updated policy. For significant changes, we will attempt to notify you through the app.

Terms of Service← Back to login