Privacy Policy

Last updated: April 6, 2025

1. Who we are

Lean Race Plan ("we", "us", "our") operates the website www.leanraceplan.com. This policy explains how we collect, use, and protect your personal data when you use our service.

2. Data we collect

We collect the following information:

  • Account data — username, email address, and a hashed password when you create an account.
  • Training profile — fitness data you enter such as FTP, weight, training hours, goals, and event dates. This is used to generate your training plan.
  • Daily logs — workout completion, calorie intake, bodyweight, and subjective feeling ratings you choose to log.
  • Food entries — food labels and calorie amounts you log.
  • Strava data — if you connect your Strava account, we receive activity data (type, duration, distance) via the Strava API to auto-log workouts.
  • Payment data — payments are processed by PayPal and Stripe. We do not store your credit card or PayPal account details. We receive a subscription ID and payment status from these providers.
  • Usage analytics — we use Umami, a privacy-focused analytics tool, to collect anonymous page-view statistics. No cookies are used for analytics and no personal data is collected.
  • reCAPTCHA — we use Google reCAPTCHA v3 to prevent spam. This may collect IP addresses and browser data as described in Google's Privacy Policy.

3. How we use your data

  • To create and manage your account.
  • To generate and store your personalized training plan.
  • To track your training progress and nutrition.
  • To process payments and manage your subscription.
  • To send transactional emails (verification, password reset).
  • To improve the service based on anonymous usage patterns.

4. Data storage and security

Your data is stored in a PostgreSQL database hosted by Neon. Passwords are hashed using scrypt and are never stored in plain text. All data is transmitted over HTTPS. We take reasonable technical and organizational measures to protect your data, but no system is 100% secure.

5. Third-party services

We share data with the following third parties only as needed to operate the service:

  • Neon — database hosting.
  • Vercel — website hosting.
  • Resend — transactional email delivery.
  • PayPal & Stripe — payment processing.
  • Strava — workout sync (only if you connect your account).
  • Google reCAPTCHA — spam prevention.
  • Umami — anonymous, cookie-free analytics.

We do not sell your data to anyone.

6. Cookies

We use a single session cookie to keep you logged in. This cookie contains your username and is essential for the service to function. We do not use advertising or tracking cookies.

7. Your rights

You have the right to:

  • Access your personal data via your account settings and dashboard.
  • Correct your data by updating your profile.
  • Delete your account and all associated data from the settings page. This action is immediate and irreversible.
  • Disconnect third-party integrations (e.g., Strava) at any time from your settings.

If you are in the EU/EEA, you may also have additional rights under the GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority.

8. Data retention

We retain your data for as long as your account is active. When you delete your account, all your data (profile, plans, logs, food entries) is permanently removed from our database.

9. Children

Our service is not directed at children under the age of 16. We do not knowingly collect personal data from children.

10. Changes to this policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you by email or by posting a notice on the website. Your continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this privacy policy or your personal data, please contact us.