Privacy Policy

1. Introduction

PaddleSnitch ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service, including our website and application (collectively, the "Service").

This policy complies with the European Union's General Data Protection Regulation (GDPR) and applicable United States privacy laws, including the California Consumer Privacy Act (CCPA) and other state privacy laws.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, password (hashed), full name
• Activity Data: GPS coordinates, speed, pace, distance, stroke rate, and other performance metrics from your workouts
• Profile Information: Any additional information you choose to provide in your profile

2.2 Automatically Collected Information

• Usage Data: How you interact with our Service, pages visited, features used
• Device Information: Device type, operating system, browser type, IP address
• Cookies and Tracking Technologies: We use cookies and similar technologies to enhance your experience (see Cookie Policy below)

2.3 Third-Party Data Sources

With your explicit consent, we may collect data from connected services:

• Strava: Activity data, routes, performance metrics
• Concept2 Logbook: Rowing machine data, workout history
• Other fitness platforms you authorize

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, maintain, and improve our Service
• To create and manage your account
• To process and display your activity data and performance metrics
• To generate session analyses and performance visualizations
• To communicate with you about your account, service updates, and support requests
• To analyze usage patterns and improve our Service
• To comply with legal obligations and protect our rights
• To prevent fraud and ensure security

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on:

• Consent: When you provide explicit consent for data processing (e.g., connecting third-party services)
• Contract Performance: To fulfill our contractual obligations to provide the Service
• Legitimate Interests: To improve our Service, ensure security, and prevent fraud
• Legal Obligations: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

• Service Providers: With trusted third-party service providers who assist in operating our Service (e.g., cloud hosting, analytics) under strict confidentiality agreements
• Legal Requirements: When required by law, court order, or government regulation
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to users)
• With Your Consent: When you explicitly authorize us to share information with third parties

6. Data Retention

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this policy, unless a longer retention period is required by law.

• Account Data: Retained while your account is active and for a reasonable period after account deletion for legal and business purposes
• Activity Data: Retained according to your account settings and preferences
• Cookies: As specified in our Cookie Policy (typically up to 365 days)

You may request deletion of your data at any time (see Your Rights section below).

7. Your Rights

7.1 GDPR Rights (EEA Users)

If you are located in the EEA, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Restrict Processing: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

7.2 CCPA and US State Privacy Rights

If you are a California resident or resident of other states with privacy laws, you have the right to:

• Know: Request information about categories and specific pieces of personal information collected
• Delete: Request deletion of your personal information
• Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
• Non-Discrimination: Exercise your privacy rights without discrimination

7.3 Exercising Your Rights

To exercise any of these rights, please contact us at:

Email: privacy@paddlesnitch.com
Subject: Privacy Rights Request

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Secure password hashing (passwords are never stored in plain text)
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Secure hosting infrastructure

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

For EEA users, when we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other legally recognized transfer mechanisms

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information about our use of cookies, please see our Cookie Policy. You can manage your cookie preferences through your browser settings or our cookie consent banner.

Types of cookies we use:

• Essential Cookies: Required for the Service to function (e.g., authentication)
• Analytics Cookies: Help us understand how users interact with our Service
• Preference Cookies: Remember your settings and preferences

11. Children's Privacy

Our Service is not intended for individuals under the age of 16 (or 13 in the United States). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending you an email notification (for significant changes)
• Displaying a notice on our Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days as required by applicable law.

14. Additional State-Specific Information

California Residents

Under the California Consumer Privacy Act (CCPA), you have specific rights regarding your personal information. We do not sell personal information. You can exercise your rights by contacting us at privacy@paddlesnitch.com.

Virginia, Colorado, Connecticut, and Utah Residents

If you are a resident of Virginia, Colorado, Connecticut, or Utah, you have additional privacy rights under state-specific laws. Please contact us to exercise these rights.