PaceLab ('we', 'us', 'our') is operated by the PaceLab team. We provide blood-based performance intelligence for endurance athletes. For data protection enquiries, contact us at: privacy@getpacelab.com
2. What data we collect
We collect: (a) Account data — your name, email address, and password when you register. (b) Profile data — your age, biological sex, weekly training distance, sport, race name, and race date. (c) Health data — blood marker results you voluntarily enter, including ferritin, vitamin D, B12, testosterone, HbA1c, CRP, TSH, and cholesterol. (d) Training logs — daily energy, sleep, session type, and supplement records you voluntarily submit. (e) Payment data — processed by Stripe; we do not store card details. (f) Technical data — device type, browser, and usage data for app functionality.
3. Special category health data
Blood marker results constitute special category data under UK GDPR Article 9. We process this data solely on the basis of your explicit consent, given when you create an account and enter results. You may withdraw consent and delete your data at any time from your profile settings. We never sell, share, or use your health data for advertising purposes.
4. How we use your data
We use your data to: provide personalised blood marker analysis and athlete-specific reference ranges; generate performance recommendations and protocols; send service emails (account confirmation, reminders, retest nudges); process subscription payments; improve the PaceLab service. We do not use your data for advertising, profiling for third parties, or any purpose beyond providing the PaceLab service.
5. AI and algorithmic processing
PaceLab uses data-driven algorithms and artificial intelligence to personalise blood marker reference ranges, generate protocol recommendations, and provide performance insights. These systems use your age, sex, training load, and health data to tailor outputs to your profile. All AI-generated recommendations are informational only and do not constitute medical advice. You have the right to request human review of any automated decision that significantly affects you by contacting privacy@getpacelab.com.
6. Data sharing
We share data only with: Supabase (database and authentication, hosted in EU); Stripe (payment processing, PCI DSS compliant); Resend (transactional email delivery). All processors are bound by data processing agreements. We do not sell your data. We will disclose data if required by law.
7. Data retention
We retain your data for as long as your account is active. If you delete your account, all personal data is permanently deleted within 30 days, except where retention is required by law (e.g. payment records for 7 years under UK tax law).
8. Your rights (UK GDPR)
You have the right to: access your personal data; correct inaccurate data; delete your data ('right to be forgotten'); restrict processing; data portability; withdraw consent at any time; lodge a complaint with the ICO (ico.org.uk). To exercise any right, contact privacy@getpacelab.com or use the account deletion feature in your profile.
9. Your rights (California — CCPA)
California residents have the right to know what personal information we collect and how it is used; delete personal information; opt out of the sale of personal information (we do not sell personal information); non-discrimination for exercising privacy rights. To exercise these rights, contact privacy@getpacelab.com.
10. Cookies and local storage
PaceLab uses browser local storage to remember your language preference and app installation state. We do not use advertising cookies or third-party tracking. If we introduce analytics in future, we will update this policy and seek consent.
11. Security
We use industry-standard security measures including encrypted data transmission (TLS), encrypted data storage via Supabase, and secure authentication. No method of transmission over the internet is 100% secure. We will notify you promptly in the event of a data breach affecting your personal data.
12. Children
PaceLab is intended for users aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, contact us immediately at privacy@getpacelab.com.
13. Changes to this policy
We may update this policy. We will notify you by email and display a notice in the app for material changes. Continued use after changes constitutes acceptance.