Privacy Policy

Last updated 2 June 2026

This policy explains what personal information Stint collects, why we collect it, how we use and share it, and the rights you have over it. Stint is a running and fitness app for people working in motorsport, with run tracking, leaderboards and team features.

Who we are

Stint ("we", "us", "our") is operated by Max Barlow, trading as Stint. For the purposes of UK data protection law, we are the "data controller" responsible for your personal information.

If you have any questions about this policy or how we handle your data, contact us at [email protected].

A free, non-commercial project

Stint is an independent, non-commercial project, built and maintained as a hobby for the people of the Formula 1 paddock and the wider motorsport community. The app is provided free of charge. We do not sell, rent or trade your personal information to anyone, we do not display advertising, and we do not monetise the app or your data in any way. We have no commercial incentive to gather more information than the app needs, and we ask only for the data required to make its features work.

The information we collect

We collect the following categories of personal information:

• Account and identity — your first and last name, email address, an optional age, and a password (stored securely by our authentication provider; we never see it in plain text).
• Profile — your display name, optional profile photo, and the team you belong to (derived from your work email domain).
• Health and fitness data — with your permission, heart rate, calories, distance, steps, pace, running power and VO₂ max, and workout and route information imported from Apple Health.
• Location data — precise GPS location, route and altitude recorded while you are tracking a run, including in the background when the screen is locked.
• Run and activity data — your runs, lap and sector times, the circuit you ran at, and photos you capture to verify or share a run.
• Social and competitive data — leaderboard positions, championship points, and vouches you give or receive for other runs.
• Device and technical data — device identifiers used to detect cheating and abuse, app version, diagnostic and crash reports, and analytics events about how you use the app.
• Communications — emails we send you (such as verification, email changes and account-deletion notices) and any feedback you send us.

How we use your information

We use your personal information to:

• Create and manage your account and verify your email address.
• Track your runs, calculate times and metrics, and save runs back to Apple Health if you allow it.
• Place you on leaderboards and calculate championship and team standings.
• Detect and prevent cheating, fraud and abuse, and keep competition fair.
• Send you service messages and, where you have opted in, notifications about records and teammates.
• Diagnose crashes, fix bugs and improve the app.
• Respond to your requests and provide support.

Legal bases for using your information

Under UK GDPR, we rely on the following legal bases:

• Performance of a contract — to provide your account, run tracking, leaderboards and team features.
• Consent — for health and fitness data and precise location, and to send you push notifications. You can withdraw consent at any time (see Your rights).
• Legitimate interests — to keep the app secure, prevent cheating and abuse, diagnose crashes, understand how the app is used, and improve our service, balanced against your rights. You can object to processing based on legitimate interests by contacting us.
• Legal obligation — where we must process data to comply with the law.

Health and fitness data

Health and fitness data is treated as a special category of personal data under UK GDPR and is given extra protection. Because of this, we process it only with your explicit consent (UK GDPR Article 9(2)(a)), in addition to the general legal basis above. We read it from Apple Health after you grant permission through Apple's HealthKit prompt, and you can change or withdraw this permission at any time in the iOS Settings or Health app, or by contacting us.

Health data is used to measure and display your runs and, where you allow it, to write completed workouts back to Apple Health. We do not use your health data for advertising and we never sell it.

Location data

We use precise location to record your route, distance and altitude while you are running. To keep tracking accurate when your screen is locked or you switch apps, we use background location — but only while a run is active. When you are not running, continuous location tracking is switched off. You can disable location access at any time in iOS Settings, though this will prevent runs from being tracked.

How we share your information

We do not sell your personal information. We share it only in the following circumstances:

• Other users — your display name, team, profile photo, run times and leaderboard positions are visible to other Stint users as part of the competitive features.
• Service providers — we use trusted providers who process data on our behalf under contract:

• Google Firebase (Google LLC) — authentication, database, file storage, hosting of our server functions, analytics, crash reporting and push notifications.
• Apple — push notifications and weather data; HealthKit data is handled on your device and your iCloud, under Apple's terms.
• Resend — to send transactional emails such as verification and account-deletion notices.

To show circuit maps and timing reference data, the app also retrieves non-personal motorsport data (such as circuit and session information) from a third-party data source. No personal information about you is sent in these requests.

If you choose to share a run — for example to Instagram or another app — that sharing is started by you and is governed by that app's own terms and privacy policy.

We may also disclose information if required by law, or to protect the rights, safety or property of Stint, our users or others.

International transfers

Some of our service providers — notably Google (Firebase) — may process your data on servers outside the UK, including in the United States. Where we transfer personal data outside the UK, we rely on a safeguard recognised under UK data protection law. For transfers to the United States this is usually the UK Extension to the EU–US Data Privacy Framework (the "UK–US Data Bridge") where the recipient is certified, or otherwise the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses. You can ask us which safeguard applies to a particular transfer by contacting us.

How long we keep your information

We keep your personal information for as long as your account is active. When you request deletion of your account, it is disabled immediately and permanently deleted after a 30-day grace period, during which you can cancel by signing back in. Some records (such as leaderboard snapshots) are kept for a limited period and then removed automatically. We may retain limited information for longer where we have a legal obligation or a legitimate need to do so, for example to prevent repeat abuse.

Your rights

Under UK GDPR you have the right to:

• Access the personal information we hold about you.
• Have inaccurate information corrected.
• Have your information erased (you can delete your account in Settings → Delete Account).
• Restrict or object to our processing of your information.
• Receive a portable copy of the data you provided to us.
• Withdraw consent at any time, where we rely on consent.

To exercise any of these rights, contact us at [email protected]. If you are unhappy with how we have handled your personal information, you can complain to us directly and we will acknowledge your complaint within 30 days. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

Analytics and crash reporting

We use Firebase Analytics and Crashlytics to understand how the app is used and to diagnose crashes and errors. This helps us fix problems and improve the app. Crash reports are linked to your account identifier so we can connect a report to the affected account.

We use usage analytics only to improve the app, and you can turn it off at any time — when you sign up, or later in Settings. Crash reporting helps us keep the app stable and secure and relies on our legitimate interest; if you wish to object to crash reporting, contact us at [email protected]. We do not use this data for advertising, and we do not track you across other companies' apps or websites (our App Privacy details reflect this).

Security

We protect your information using encryption in transit, secure storage of credentials in the device keychain, and access controls on our database and files. No system is perfectly secure, but we take reasonable steps to protect your data and to limit who can access it.

Children

Stint is intended for users aged 16 and over. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. When we make significant changes, we will update the date at the top and, where appropriate, notify you in the app. Your continued use of Stint after an update means you accept the revised policy.

Contact us

For any privacy questions or to exercise your rights, contact Max Barlow, trading as Stint at [email protected].