Privacy Policy
Last Updated: November 16, 2025
1. Introduction
VHG Runners Club ("we", "our", or "us") respects your privacy and is committed to protecting your personal data.
This privacy policy explains how we collect, use, and share information when you use our running club platform.
2. Information We Collect
2.1 Account Information
When you register for an account, we collect:
- Email address
- Name (first and last name)
- Password (encrypted)
- Profile photo (optional)
2.2 Activity Data from Third-Party Platforms
When you connect your fitness tracking account (such as Strava, Garmin Connect, Polar Flow, COROS, or other supported platforms), we access and store:
- Activity data (runs, rides, swims, and other workouts)
- Activity metrics (distance, pace, speed, time, duration, elevation)
- Performance data (heart rate, cadence, power, VO2 max, training load)
- GPS route data, tracks, and polylines
- Activity photos, descriptions, and notes
- Athlete profile information and settings
2.3 Social Login (Google and Facebook)
You may sign in to VHG Runners Club using your Google or Facebook account. When you do, we
receive from the provider only:
- Your email address
- Your name
- Your profile picture (if available)
- A provider account identifier (used to recognize your social account)
We use this information solely to authenticate you and create or access your VHG Runners
Club account. We do
not post to your social accounts, access your friends
list, or read any other data. Social login is separate from fitness provider connections
(Strava, Garmin, etc.), which are used only to sync activity data. You can unlink a social
account at any time from
Profile → Linked accounts, or request data
deletion at
vhgrunners.club/data-deletion.
2.4 Usage Information
We automatically collect:
- Device information and browser type
- IP address and location data
- Usage patterns and interactions with our platform
3. How We Use Your Information
We use your information to:
- Provide and maintain the VHG Runners Club platform
- Display your activities and performance statistics
- Enable club event participation and tracking
- Generate leaderboards and performance analytics
- Facilitate community features and social interactions
- Send important notifications about events and platform updates
- Improve and personalize your experience
- Ensure platform security and prevent fraud
4. How We Share Your Information
4.1 Within VHG Runners Club
Your activity data and profile information are visible to other club members as part of our community features.
This includes:
- Activity summaries and statistics
- Leaderboard rankings
- Event participation
- Profile information (name, photo)
4.2 Third-Party Services
We integrate with the following third-party services:
- Fitness Tracking Platforms - Such as Strava, Garmin Connect, Polar Flow, COROS, and other supported services to access your activity data with your explicit authorization
- Social Login Providers - Google and Facebook, used only to authenticate you and create/access your account (email, name, profile picture). See section 2.3.
- Mapping Services - Including Google Maps, Leaflet, and OpenStreetMap to display activity routes and locations
- Cloud Infrastructure - For hosting, storage, and application delivery
4.3 Legal Requirements
We may disclose your information if required by law or in response to valid legal requests by public authorities.
5. Data Retention
We retain your personal information and activity data for as long as your account is active or as needed to provide services.
You may request deletion of your account and associated data at any time.
6. Your Rights and Choices
You have full control over your data and the following rights:
6.1 Access Your Data
You can download a complete copy of your personal data at any time:
- Go to Profile → "Data Management" section
- Click "Download My Data"
- Receive a JSON file containing all your profile information, activities, event subscriptions, and connected providers
This complies with your GDPR right to data portability.
6.2 Correct Your Information
Update or correct your information at any time via your Profile page. You can modify your name, email, and other profile details.
6.3 Disconnect Providers
Revoke authorization for any connected fitness tracking platform at any time:
- Go to Profile → "Manage Provider Connections"
- Click "Disconnect" on any connected provider
- Review the warning modal explaining what data will be deleted and what will be retained
- Confirm disconnection
OAuth tokens and raw activity data are deleted within 48 hours. Event performance records are retained for competitive fairness.
6.4 Delete Your Account
Permanently delete your entire account and all associated data:
- Go to Profile → "Danger Zone" section
- Click "Delete Account"
- Review the deletion confirmation modal
- Type "DELETE MY ACCOUNT" to confirm
Warning: This action is irreversible. All your data including activities, event subscriptions, leaderboard positions,
and awards will be permanently deleted. Your account will be immediately terminated and you will be logged out.
6.5 Unlink Social Accounts
If you signed in with Google or Facebook, you can unlink that social account at any time:
- Go to Profile → Linked accounts
- Click Unlink next to Google or Facebook
Unlinking deletes the email, name, profile picture, and provider identifier we received
from that social account. You can also request deletion at
vhgrunners.club/data-deletion. Note: you cannot unlink your
only remaining sign-in method — set a password first if it is your only login.
6.6 Object to Data Processing
You may object to certain data processing activities by contacting our support team at
support@vhgrunners.club. We will respond to your request within 30 days.
7. Third-Party Platform API Compliance
7.1 General Compliance
We comply with the terms of service and API agreements of all integrated fitness tracking platforms, including:
We only access data that you explicitly authorize through each platform's OAuth consent process.
Note: Fitness provider connections (Strava, Garmin, Polar, COROS) are ONLY for syncing your activity data — you do NOT log in to VHG Runners Club with these fitness providers. Authentication is done with your email and password, or by social login with Google or Facebook (see section 2.3). You can revoke access at any time through your account settings on the respective platform or by
disconnecting from our platform via Profile → Manage Provider Connections.
7.2 Strava-Specific Data Usage
VHG Runners Club is registered as a Community Application with Strava, designed specifically for organizing and
collaborating in group running club activities. For data obtained from Strava:
- Community Visibility: Your Strava activity data is displayed to other VHG Runners Club members
within our community feed, event leaderboards, and club statistics. This sharing is limited to registered club members only.
- No Commercial Use: We never sell, license, lease, or otherwise monetize your Strava data. We do not
share your data with advertisers, data brokers, or any third parties.
- No AI/ML Training: Your Strava data is never used for artificial intelligence, machine learning,
or any model training purposes.
- No Analytics or Aggregation: We do not process or disclose Strava data in an aggregated or
de-identified manner for analytics, customer insights, or product improvements beyond what is necessary for the
functioning of the club platform.
- Limited Caching: Strava data is cached for a maximum of 7 days for performance purposes. When you
delete an activity from Strava, it is removed from VHG Runners Club within 48 hours.
- Secure Transmission: All Strava data is encrypted and transmitted over secure HTTPS connections.
- Data Deletion: When you disconnect Strava or delete your VHG Runners Club account, all your Strava
data is permanently deleted from our systems within 48 hours.
- Strava Monitoring: Strava may monitor our use of their API and collect usage data related to API
access for compliance and improvement purposes.
7.3 Garmin Data Attribution
Activity data obtained through Strava may include data sourced from Garmin devices. When displaying such data,
we provide appropriate attribution to Garmin in accordance with Garmin's brand guidelines.
7.4 What Happens When You Disconnect a Provider
When you disconnect a fitness tracking provider (Strava, Garmin, Polar, COROS, etc.) from your VHG Runners Club account,
here's exactly what happens to your data:
Deleted Immediately:
- OAuth Tokens: All authentication tokens and access credentials are revoked and deleted immediately
- Raw Activity Data: Detailed activity metrics, GPS routes, heart rate data, and other performance data are removed from our systems within 48 hours
- Provider Profile Connection: The link between your VHG Runners Club account and the provider account is permanently removed
Retained for Event Fairness:
- Event Performance Records: Your approved event performances and achievements are retained in a minimal, anonymized form
- Leaderboard Positions: Historical leaderboard rankings for completed events are preserved to maintain the integrity of past competitions
- Award Eligibility: Records of awards earned and eligibility status are kept for club governance purposes
Why We Retain Event Data:
Event participation creates commitments to other participants and the club community. Removing all records would
unfairly impact leaderboards, award distributions, and the historical record of club events. We retain only the
minimum data necessary to maintain fair competition and proper club governance.
Complete Account Deletion:
If you want to completely remove all your data including event records, use the "Delete Account" option from your
Profile page. This will permanently delete your entire account, all activities, and all event participation records.
This action cannot be undone and will result in forfeiture of all awards, achievements, and leaderboard positions.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- Encrypted data transmission (HTTPS/SSL)
- Secure password storage with industry-standard hashing
- JWT-based authentication
- Regular security updates and monitoring
- Access controls and authentication requirements
9. Children's Privacy
Our platform is not intended for users under the age of 13. We do not knowingly collect personal information
from children under 13. If you believe we have collected information from a child under 13, please contact us.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence.
We ensure appropriate safeguards are in place to protect your data in accordance with this privacy policy.
11. Changes to This Privacy Policy
We may update this privacy policy from time to time. We will notify you of any material changes by posting
the new policy on this page and updating the "Last Updated" date. Continued use of our platform after changes
constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this privacy policy or wish to exercise your rights, please contact us:
13. Cookie Policy
We use essential cookies to maintain your session and authentication. We do not use tracking or advertising cookies.
You can control cookies through your browser settings, but disabling cookies may affect platform functionality.