OutPaceBack to Dashboard

Privacy Policy

Effective Date: February 13, 2026 · Last Updated: March 17, 2026

1. Introduction

Welcome to OutPace ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our fitness challenge platform at outpace.fit (the "Service").

By using OutPace, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

  • Email address
  • Password (encrypted)
  • Display name and profile information

2.2 Fitness Platform Integrations

Garmin Connect Integration

When you connect your Garmin account, we collect the following data from the Garmin Connect Developer Program APIs:

  • Activity data (runs, walks, cycles, and other workout types)
  • Daily summary data (steps, calories, active minutes)
  • Distance and duration
  • Heart rate and training metrics
  • Activity timestamps and dates

How we use Garmin data: We use your Garmin data solely to:

  • Update your challenge leaderboards automatically
  • Track your progress in fitness challenges you voluntarily join
  • Display your personal statistics and achievements

Storage and processing: Garmin data is stored in our database (Supabase) and processed only by OutPace’s own systems. Our infrastructure providers (Vercel for application hosting, Supabase for database storage) act solely as data processors for OutPace and have no independent right to access, use, or share Garmin data. Garmin data is not included in error-monitoring or analytics payloads sent to any third-party provider.

Third parties and AI: We do not share, sell, license, or otherwise transfer Garmin data to any third party. We do not pass Garmin data to any third-party AI or machine-learning service, and we do not use Garmin data to train, fine-tune, or evaluate any AI/ML model. Garmin data is not used for advertising or marketing.

GPS / location data: OutPace does not store the starting latitude or longitude of Garmin activities. Location coordinates are intentionally excluded from our database.

Disconnect and deletion: You can disconnect your Garmin account at any time from your account settings. On disconnect (or when you revoke OutPace’s authorization in Garmin Connect), we delete all stored Garmin data associated with your account — access tokens, activity records, and challenge contributions sourced from Garmin — and recompute affected challenge totals. We also process Garmin’s user-deregistration and user-permissions-change webhooks to honor revocations originating on Garmin’s side.

Other Supported Platforms:

Strava

Activities (runs, rides, walks, swims), distance, duration, pace, timestamps

Fitbit

Activities, daily steps, distance, duration, heart rate, calories

Apple Health (iOS)

Step counts, workouts, distance, active energy, heart rate

Apple HealthKit data is read from your device only when the app is active and you have granted permission. HealthKit data is used exclusively to update your challenge leaderboards and display your personal activity statistics. We do not store raw HealthKit data on our servers beyond what is needed for challenge tracking. HealthKit data is never used for advertising, marketing, or sold to third parties. You can revoke HealthKit access at any time in your iPhone Settings > Privacy & Security > Health.

2.3 Challenge Data

  • Challenges you create or join
  • Your participation and progress
  • Leaderboard rankings
  • Manual activity entries

3. How We Use Your Information

  • Provide the Service: Enable fitness challenges, sync activities, maintain leaderboards
  • Personalization: Customize your experience and display relevant statistics
  • Communication: Send challenge notifications and important service updates
  • Improvements: Analyze usage patterns to improve features
  • Security: Detect and prevent fraud, abuse, and security incidents

4. Data Sharing

Within Challenges

When you join a challenge, your display name, profile photo, activity data (such as distance, duration, and activity type), and leaderboard ranking are visible to other challenge participants.

Public Challenges

Some challenges may be publicly accessible via a share link. If you join a public challenge, your display name, profile photo, activity data, and leaderboard ranking within that challenge may be viewable by anyone with the challenge link — including non-registered visitors. By joining a public challenge, you acknowledge and consent to this visibility. If you prefer to keep your participation private, you may join only private challenges or adjust your profile settings accordingly.

Service Providers

We use trusted third-party services for:

  • Hosting and infrastructure (Vercel)
  • Database management (Supabase)
  • Email communications

What We Don't Do

  • Never sell your personal information to third parties
  • Never share your fitness data with advertisers
  • Never use your data for purposes beyond providing the Service
  • Never share data across your different fitness platform integrations

Third-Party Platform Policies

Our use of data from connected fitness platforms is governed by their respective API terms and privacy policies:

Government & Law Enforcement Requests

We may be required to disclose user data to government agencies, law enforcement, or courts in response to valid legal process (such as a subpoena, search warrant, or court order). We maintain an internal Government Data Request Policy that governs how we respond to these requests. Under that policy:

  • Every request is reviewed for legal validity, jurisdictional authority, and proper scope before any data is disclosed.
  • We challenge requests that are overbroad, vague, lacking in specificity, improperly served, or inconsistent with applicable law.
  • We apply data minimization — we disclose only the specific data identified in the request, for the specific user named, and never in bulk.
  • We log every request we receive, including issuing authority, data scope, internal review notes, actions taken, and data disclosed.
  • Where permitted by law, we notify affected users before disclosure so they may seek to challenge or narrow the request themselves.

In emergencies involving an imminent threat to life, we may voluntarily disclose limited data to law enforcement in good faith as permitted by 18 U.S.C. § 2702(b)(8) and similar provisions. All such disclosures are logged and reviewed after the fact.

5. Data Security

We implement industry-standard security measures:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Secure password hashing
  • Regular security audits
  • Strict access controls

6. Your Rights

Access and Update

You can access and update your information anytime through your dashboard.

Disconnect Integrations

You can disconnect any fitness platform from your account settings. This will stop future data collection while maintaining your historical challenge data.

Data Deletion

You can delete your account at any time. All your personal data will be permanently removed within 30 days.

Data Portability

Request a copy of your data by emailing contact@outpace.fit

GDPR & CCPA Rights

If you are a resident of the European Economic Area (EEA) or California, you have additional rights including the right to access, correct, delete, or port your personal data, the right to restrict or object to processing, and the right to withdraw consent. California residents may also request disclosure of data collected and shared. To exercise these rights, contact us at contact@outpace.fit. We will respond within 30 days.

7. Data Retention

  • Active challenges: Data retained for duration of challenge
  • Completed challenges: Retained for 90 days after completion
  • Apple Health / HealthKit data: Fitness data synced from Apple Health is processed to update challenge leaderboards and is not stored beyond what is needed for active challenge tracking. When a challenge ends or you disconnect Apple Health, synced data is removed within 90 days.
  • Third-party fitness data: Data from Strava, Fitbit, and Garmin follows the same retention schedule as challenge data above.
  • Account deletion: 30-day grace period, then permanent deletion of all data including fitness records

8. Children's Privacy

OutPace is not intended for users under 13 years of age. We do not knowingly collect information from children under 13.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

10. Contact Us

If you have questions about this Privacy Policy or your data, please contact us:

Email: contact@outpace.fit

Website: outpace.fit

StravaGarminFitbitApple Health

All trademarks and logos are property of their respective owners.

© 2026 OutPace. All rights reserved.