|
| 1 | +# Privacy Policy & Terms of Service |
| 2 | + |
| 3 | +**Effective Date:** February 21, 2026 |
| 4 | + |
| 5 | +tracekit is a personal, self-hosted fitness data aggregation tool. This document describes |
| 6 | +how tracekit handles your data when you run it yourself or use a hosted instance operated |
| 7 | +by someone you trust. |
| 8 | + |
| 9 | +--- |
| 10 | + |
| 11 | +## 1. What tracekit Is |
| 12 | + |
| 13 | +tracekit is open-source software you install and operate yourself. It connects to third-party |
| 14 | +fitness platforms (Strava, Garmin, RideWithGPS, etc.) using OAuth tokens that **you** provide |
| 15 | +and stores a local cache of your activity metadata to power features like: |
| 16 | + |
| 17 | +- Viewing your own activity history across providers in one calendar view |
| 18 | +- Matching the same activity across providers (e.g. Garmin upload → Strava record) |
| 19 | +- Updating activity titles and gear assignments on Strava |
| 20 | + |
| 21 | +--- |
| 22 | + |
| 23 | +## 2. Data We Collect and Why |
| 24 | + |
| 25 | +### What is stored |
| 26 | +tracekit stores **activity metadata only** — no GPS tracks, no route geometry, no heart-rate |
| 27 | +time series. The metadata stored includes: |
| 28 | + |
| 29 | +- Activity name, type, date/time, and duration |
| 30 | +- Distance and elevation |
| 31 | +- Equipment / gear name |
| 32 | +- Heart-rate averages and max values |
| 33 | +- Temperature |
| 34 | +- Provider-assigned activity ID |
| 35 | + |
| 36 | +### What is NOT stored |
| 37 | +- GPS coordinates, routes, or map data |
| 38 | +- Granular time-series sensor data (per-second HR, power, cadence streams) |
| 39 | +- Any data from other Strava users — only the authenticated user's own data is ever fetched or stored |
| 40 | + |
| 41 | +### Why it is stored |
| 42 | +Data is cached locally (in a SQLite database you control) to avoid unnecessary API calls and |
| 43 | +to allow offline browsing of your own history. The cache is only ever read by you — the |
| 44 | +person running the software. |
| 45 | + |
| 46 | +--- |
| 47 | + |
| 48 | +## 3. How Data Is Used |
| 49 | + |
| 50 | +- **Matching:** Activity records from different providers are compared by timestamp and |
| 51 | + distance to identify duplicates and link IDs across providers. |
| 52 | +- **Display:** Your own cached activities are shown on the calendar and sync status pages. |
| 53 | +- **Writeback:** You may use tracekit to update activity titles and gear assignments on Strava |
| 54 | + via the Strava API. No other write operations are performed on third-party platforms. |
| 55 | + |
| 56 | +tracekit **never**: |
| 57 | + |
| 58 | +- Shares your data with any third party |
| 59 | +- Aggregates or analyzes data across multiple users |
| 60 | +- Uses your data for advertising or machine learning |
| 61 | +- Sells, licenses, or discloses your data to anyone |
| 62 | + |
| 63 | +--- |
| 64 | + |
| 65 | +## 4. Third-Party Platforms |
| 66 | + |
| 67 | +tracekit integrates with the following platforms. Your use of those platforms is governed by |
| 68 | +their own terms and privacy policies. |
| 69 | + |
| 70 | +### Strava |
| 71 | +tracekit uses the [Strava API](https://www.strava.com/legal/api). Activity data obtained via |
| 72 | +the Strava API is used solely to display your own activities to you and to perform gear/title |
| 73 | +updates on your behalf. tracekit is not affiliated with or endorsed by Strava. |
| 74 | + |
| 75 | +> Powered by Strava — [strava.com](https://www.strava.com) |
| 76 | +
|
| 77 | +### Garmin |
| 78 | +tracekit can ingest activity data that originated on Garmin devices, either via Garmin Connect |
| 79 | +or via Strava (where Garmin-sourced activities may appear). tracekit is not affiliated with or |
| 80 | +endorsed by Garmin. |
| 81 | + |
| 82 | +> Powered by Garmin — [garmin.com](https://www.garmin.com) |
| 83 | +
|
| 84 | +### RideWithGPS |
| 85 | +tracekit can sync activities from RideWithGPS. tracekit is not affiliated with or endorsed by |
| 86 | +RideWithGPS. |
| 87 | + |
| 88 | +--- |
| 89 | + |
| 90 | +## 5. Data Retention |
| 91 | + |
| 92 | +- Cached activity data is retained locally in your SQLite database until you delete it. |
| 93 | +- You can delete all data for a provider at any time using the `reset` command or the settings |
| 94 | + page in the web app. |
| 95 | +- If you request deletion of your data from a hosted instance, the operator must delete all |
| 96 | + stored data related to your account within a reasonable time (we target 24 hours). |
| 97 | +- **Daily sync:** tracekit performs a daily background sync. If an activity has been deleted |
| 98 | + on a connected platform, tracekit will eventually remove it from the local cache. See the |
| 99 | + [TODO list](TODO.md) for planned improvements to deletion propagation. |
| 100 | + |
| 101 | +--- |
| 102 | + |
| 103 | +## 6. Security |
| 104 | + |
| 105 | +- OAuth tokens used to access third-party APIs are stored in your local configuration file. |
| 106 | + You are responsible for securing that file. |
| 107 | +- All communication with third-party APIs uses HTTPS. |
| 108 | +- tracekit does not expose your data to the internet unless you choose to run the web app on |
| 109 | + a public interface. |
| 110 | + |
| 111 | +--- |
| 112 | + |
| 113 | +## 7. Your Rights |
| 114 | + |
| 115 | +You have the right to: |
| 116 | + |
| 117 | +- **Access** all data tracekit has stored about you (it is in your SQLite database file). |
| 118 | +- **Delete** all stored data — use `python -m tracekit reset` or the settings page. |
| 119 | +- **Revoke** tracekit's access to any connected platform at any time by disconnecting the app |
| 120 | + in that platform's settings (e.g. Strava's [Connected Apps](https://www.strava.com/settings/apps) |
| 121 | + page). Upon revocation, no further data will be fetched. |
| 122 | + |
| 123 | +--- |
| 124 | + |
| 125 | +## 8. Changes to This Policy |
| 126 | + |
| 127 | +This policy may be updated as tracekit's features evolve. The effective date at the top of |
| 128 | +this document reflects when it was last changed. Continued use of the software constitutes |
| 129 | +acceptance of the current policy. |
| 130 | + |
| 131 | +--- |
| 132 | + |
| 133 | +## 9. Contact |
| 134 | + |
| 135 | +tracekit is open-source software maintained on GitHub: |
| 136 | +<https://github.com/ckdake/tracekit> |
| 137 | + |
| 138 | +For questions or deletion requests, open an issue or contact the repository maintainer. |
0 commit comments