Privacy Policy

How Stint collects, uses, and protects your information.

Effective date: 23 February 2026 · Last updated: 23 February 2026

Stint ("we", "our", or "us") operates the Stint mobile application (the "App"). This Privacy Policy explains what information we collect when you use the App, how we use and share that information, and the choices you have regarding your data.

By downloading or using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the App.

1. Information We Collect

1.1 Information You Provide

  • Account information: When you create an account, we collect your name, email address, and the team you choose to join.
  • Profile information: Your profile photo (if you upload one), preferred racing series, and team affiliation.
  • Contact submissions: If you contact us via email, we retain the content of your message and your email address to respond.

1.2 Information Collected Automatically

  • Location data (GPS): When you start a run, the App records your GPS coordinates in real time. This is used to detect which circuit you are running at, track your route, validate lap completion, and calculate distance. Location data is only collected while you are actively recording a run — we do not track your location in the background when the App is idle.
  • Health and fitness data: With your permission, the App may access data from Apple HealthKit, including heart rate, calories burned, cadence, and step count. This data is used solely to display metrics for your run and is never sold or used for advertising.
  • Activity data: Lap times, split times, routes, distances, elevation gain, and other performance metrics from your runs.
  • Device information: Device model, operating system version, and app version for crash reporting and compatibility purposes.

1.3 Information from Third Parties

  • Strava: If you choose to connect your Strava account, we import activity data (times, distances, routes) from Strava to sync your runs. We only access data you explicitly authorise and do not post to your Strava account without your permission.
  • Sign in with Apple: If you sign in with Apple, we receive your name and email address (or a private relay address if you choose to hide your email). We do not receive your Apple ID password.

2. How We Use Your Information

We use the information we collect to:

  • Provide the App: Record your runs, calculate lap times, detect circuits, validate lap completion, and display your performance data.
  • Leaderboards and championships: Rank your times against other runners, calculate championship points, and display team standings. Your first name, last name, team, and lap times are visible to other users on leaderboards.
  • Improve the App: Analyse aggregated, anonymised usage patterns to fix bugs, improve performance, and develop new features.
  • Communicate with you: Send you important service updates, respond to your enquiries, and notify you of championship results if you have opted in.
  • Ensure fair play: Validate run data using GPS routes and confidence scoring to maintain the integrity of leaderboards and championship standings.

We do not use your data for targeted advertising. We do not sell your personal information to third parties.

3. How We Share Your Information

3.1 With Other Users

Certain information is visible to other Stint users by design:

  • Your name, team, and lap times appear on leaderboards.
  • Your team affiliation is visible in team standings.
  • Your championship points and rankings are visible in standings.

Your email address, GPS route data, health data, and profile photo are never shared with other users.

3.2 With Service Providers

We use trusted third-party services to operate the App:

  • Firebase (Google): Authentication, database, cloud functions, and crash reporting. Data is stored on Google Cloud infrastructure. See Firebase Privacy Policy.
  • Apple HealthKit: Health data accessed via HealthKit is governed by Apple's HealthKit guidelines and is never stored on our servers — it is processed locally on your device and only the derived metrics (e.g., average heart rate for a run) are stored.
  • Strava API: If you connect Strava, activity data is synced via the Strava API. See Strava Privacy Policy.

3.3 For Legal Reasons

We may disclose your information if required to do so by law, or if we believe in good faith that such action is necessary to comply with legal obligations, protect our rights, investigate fraud, or respond to a government request.

4. Data Storage and Security

Your data is stored using Firebase (Google Cloud Platform) infrastructure, which employs industry-standard security measures including encryption in transit (TLS) and at rest.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

GPS route data and health metrics are associated with your account. Aggregated, anonymised data may be retained indefinitely for statistical purposes.

5. Data Retention

  • Account data: Retained for as long as your account is active. If you request account deletion, your data will be permanently deleted within 30 days.
  • Activity data: Your run history, lap times, and associated metrics are retained for as long as your account exists to maintain accurate leaderboard and championship records.
  • Health data: Derived health metrics (e.g., average heart rate per run) are stored with your activity records. Raw HealthKit data is never transferred off your device.
  • Crash reports: Device and crash information is retained for up to 90 days for debugging purposes.

6. Your Rights and Choices

6.1 Access and Portability

You have the right to request a copy of the personal data we hold about you. Contact us at [email protected] and we will provide your data in a portable format within 30 days.

6.2 Correction

You can update your name, team, and profile information directly within the App. For other corrections, contact us.

6.3 Deletion

You can request account deletion from within the App's settings. Upon request, your account enters a 30-day grace period during which you can cancel the deletion. After 30 days, your account and all associated personal data are permanently and irreversibly deleted.

Certain anonymised or aggregated data (e.g., historical leaderboard positions) may be retained after deletion as they cannot be linked back to you.

6.4 Location Permissions

You can revoke location permissions at any time through your device settings. Note that the App requires location access to record runs and detect circuits — without it, core functionality will be unavailable.

6.5 HealthKit Permissions

You can revoke HealthKit access at any time through your device's Health app settings. Your runs will still be recorded without health data.

6.6 Strava Connection

You can disconnect your Strava account at any time from within the App. Previously synced activities will remain in your Stint history, but no new data will be imported.

7. Children's Privacy

The App is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected] and we will promptly delete it.

8. International Data Transfers

Stint is operated from the United Kingdom. Your data may be transferred to and stored on servers located outside of your country of residence, including in the United States (via Google Cloud / Firebase). Where data is transferred internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection laws, including the UK GDPR and the EU GDPR where applicable.

9. UK and EU Data Protection Rights

If you are located in the United Kingdom or European Economic Area, you have additional rights under the UK GDPR and EU GDPR:

  • Right of access: Request a copy of your personal data.
  • Right to rectification: Request correction of inaccurate data.
  • Right to erasure: Request deletion of your data (see Section 6.3).
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to data portability: Request your data in a machine-readable format.
  • Right to object: Object to our processing of your data in certain circumstances.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within one month. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK or the relevant supervisory authority in your jurisdiction.

10. Third-Party Links

The App may contain links to third-party websites or services (e.g., Strava, Apple). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. If we make material changes, we will notify you through the App or by email. Your continued use of the App after changes take effect constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your data protection rights, please contact us: