Data Controller
The data controller for StrivPath is Titouan Auclair, private individual. Contact: contact@titouanauclair.com
Data Collected
StrivPath collects only the data strictly necessary to provide its service. Data is sourced exclusively from your Strava account, through your explicit consent via the Strava OAuth flow.
Strava profile data
When you connect your Strava account, StrivPath stores the following profile fields: first name, last name, username, sex, city, country, and profile picture URL.
The following data received from Strava is deliberately not stored: email address, biography, weight, equipment (bikes, shoes), social statistics (followers, friends), Strava subscription status, and measurement preferences.
Activity data
For each activity imported from Strava (limited to your selected sports), StrivPath stores: activity name, sport type, distance, duration, elevation gain, average and maximum speed, average and maximum heart rate, power output (average, weighted average, peak), average cadence, calories, activity description, split data, and start date/timezone.
Heart rate data constitutes health data within the meaning of Article 9 of the GDPR. It is processed on the basis of your explicit consent expressed when authorising StrivPath via Strava OAuth.
GPS coordinates and route data are explicitly removed before storage. StrivPath does not store your routes, start/end locations, or any geographic trace of your activities.
Data you create in StrivPath
Goals you set in StrivPath (title, description, target values, sport, time period) are stored to provide the goal tracking feature. Sport preferences selected during onboarding are also stored.
Technical authentication data
StrivPath stores your Strava OAuth tokens (to maintain the connection and refresh it automatically) and sets two HttpOnly session cookies inaccessible to JavaScript: an access token (15-minute expiry) and a refresh token (7-day expiry).
Purpose of Processing
- Authenticate you via your Strava account and maintain your session
- Import and display your sports activities with detailed statistics
- Calculate performance metrics, trends, and personal records
- Track your goals and measure progress over time
- Provide personalised motivational insights based on your activity history
Legal Basis
All processing is based on your explicit consent, expressed by authorising StrivPath access to your Strava account via the OAuth flow. For health data (heart rate), this constitutes explicit consent under Article 9(2)(a) of the GDPR. You may withdraw your consent at any time by revoking StrivPath's access from your Strava account settings at strava.com/settings/apps.
Data Retention
Your data is retained for the lifetime of your StrivPath account. Strava OAuth tokens expire automatically (access tokens after ~6 hours, refresh tokens after 7 days) and are renewed transparently.
You can delete all your activity data, goals, and sync history while keeping your account active, directly from the settings page at strivpath.titouanauclair.com/settings. Your profile and Strava connection are preserved, and sport preferences are reset. You can re-import your activities at any time after this.
You can permanently delete your account from the same settings page. This removes all data (profile, activities, goals, preferences, tokens, and sync history) and immediately ends your session. You can create a new account by reconnecting your Strava account.
Important: neither action revokes StrivPath's access on Strava's side. To fully disconnect StrivPath from Strava, you must also revoke access manually at strava.com/settings/apps.
Your Rights
Under the GDPR (Regulation (EU) 2016/679) and the French Data Protection Act, you have the right to: access your personal data, rectify inaccurate data, request erasure, restrict or object to processing, and data portability. To exercise these rights, contact contact@titouanauclair.com. You also have the right to lodge a complaint with the CNIL at www.cnil.fr.
Data Transfers and Third Parties
Your data is stored exclusively on Oracle Cloud Infrastructure in France (eu-marseille-1 region) and remains within the European Union. No personal data is shared with third parties.
The only external data exchange is with the Strava API, which receives your OAuth token to fetch your activities at your request. Strava's own processing of your data is governed by the Strava Privacy Policy (strava.com/legal/privacy).
Strava Attribution
StrivPath uses the Strava API and is bound by the Strava API Agreement. Activity data sourced from Strava is attributed to Strava in accordance with Strava's brand guidelines. StrivPath is not affiliated with, endorsed by, or sponsored by Strava.
Contact
For any questions regarding your personal data or to exercise your rights: contact@titouanauclair.com