Privacy Policy

Run & Resist Track Club (“Run & Resist,” “we,” “us,” or “our”) respects your privacy. This Policy explains what we collect, how we use it, and the choices you have. It applies to our website and related services (the “Services”).

Summary

• We collect only what’s needed to run the site (e.g., account profile, optional campaign/race membership, and logs you add).
• Donations are made directly to third-party nonprofits; we do not process or store payment card data.
• If you connect Strava, we import only basic activity metrics: distance, duration, and date. We do not store raw GPS routes.
• You can disconnect Strava anytime and request deletion of your data.
• Contact: info@runandresist.com.

Information We Collect

Information you provide

• Account & profile: name, email, optional display name and location; optional campaign/race memberships.
• Donations (self-reported): amount, date, cause, optional associations (runner/campaign), optional receipt reference or link.
• Contact / newsletter: email address and message contents if you opt in.

Information collected automatically

• Server logs: IP address, user-agent, pages visited, timestamps (for security/abuse prevention).
• Cookies: a minimal first-party session cookie for sign-in and CSRF protection. No third-party ad trackers.

Third-party sources (optional)

• Strava (only if you connect): with your permission, we import limited activity data to power miles and leaderboards:
  • What we read: distance, duration (moving time), and activity date/time; Strava activity ID; sport type for filtering (e.g., run vs. walk).
  • What we don’t store: raw GPS route/streams or location traces.
  • Visibility: we respect activity visibility; private activities are not published.
  Details live at our API Data Handling page.

How We Use Information

• Operate and improve the Services (e.g., mileage logs, leaderboards, campaign totals).
• Show aggregate statistics without exposing sensitive details.
• Provide support and send transactional notices you request.
• Prevent abuse and secure the Services.
• Comply with legal requirements.

When We Share Information

We do not sell your personal information. We share only with:

• Service providers: hosting, email, error logging—under contracts and appropriate safeguards.
• Legal/safety: if required by law or to protect rights and safety.
• At your direction: for features you choose to publish or share.

Data Security

We use reasonable administrative, technical, and physical safeguards (e.g., HTTPS, CSRF, role-based access). OAuth tokens are encrypted at rest. No system is 100% secure.

Retention

We keep data only as long as needed for the purposes above, then delete or anonymize it. You can request deletion: info@runandresist.com.

Your Rights & Choices

• Access / correction / deletion: email us to make a request.
• Strava: disconnect in your profile or in Strava; we’ll stop syncing.
• Emails: opt out of non-essential emails anytime.
• Cookies: you can block cookies; core site features may stop working.

International Users

We operate in the United States; your data may be processed in the U.S.

Children

Our Services aren’t directed to children under 13, and we don’t knowingly collect their personal information.

Service Providers We Use

• Hosting: DigitalOcean (infrastructure), nginx/PHP.
• Email: Google Workspace (team inbox), Postmark (transactional).
• Integrations: Strava API (optional; minimal scope).

Changes to This Policy

We may update this Policy. We’ll revise the date above and, when appropriate, provide additional notice.

Contact Us

Questions? Email info@runandresist.com.