# Privacy Policy for Strava HR Zones Display **Effective Date:** May 29, 2025. Thank you for using Strava HR Zones Display (the "Extension") and its associated web services (the "Service") located at `https://strava-zones.com`. This Privacy Policy outlines how your information is collected, used, and protected when you use our Extension and Service. ## 1. Information We Collect To provide you with the functionality of Strava HR Zones Display, we collect and process the following types of information: * **Strava Account Information (via OAuth2):** * When you connect your Strava account, we securely receive an access token from Strava. We do **not** receive or store your Strava password. * With your authorization, we access your Strava profile information (such as your Strava user ID, name, and profile picture) for identification purposes. * We access your Strava activity data, including activity type, date, time, distance, and heart rate streams, to calculate your time spent in various heart rate zones. * **User-Defined Heart Rate Zones:** * Through the Service at `https://strava-zones.com`, you can define custom heart rate zones (e.g., zone names, minimum and maximum heart rate values) for different activity types. This information is stored by our Service. * **Processed Activity Summaries:** * Our Service processes your Strava activity data against your custom heart rate zones to calculate aggregated summaries, such as the total time spent in each zone for specific periods (e.g., weekly, monthly). These summaries are stored to be displayed by the Extension. * **Cookies (for `https://strava-zones.com`):** * **Session Cookies:** Used to maintain your login state when you use the Service. * **CSRF (Cross-Site Request Forgery) Cookies:** Used to protect against security vulnerabilities. * **Extension Storage (`chrome.storage`):** * The Extension may store your Strava access and refresh tokens locally on your browser using `chrome.storage.local` to maintain your connection with Strava and our Service. * The Extension may store user preferences or settings locally if such features are implemented. * **Technical Log Data (for `https://strava-zones.com`):** * Our web servers may automatically log standard technical information, such as your IP address, browser type, operating system, and access times when you interact with the Service. This information is used for system administration, security monitoring, and to improve the Service. We do not use this data to personally identify you beyond what is necessary for security and operational purposes. ## 2. How We Use Your Information We use the information we collect for the following purposes: * **To Provide and Personalize the Service:** To display your customized heart rate zone summaries within the Strava interface via the Extension. * **Authentication:** To securely authenticate you with your Strava account and manage your session on our Service. * **Customization:** To allow you to define, store, and manage your personal heart rate zone configurations. * **Data Processing and Analysis:** To synchronize your Strava activities, process them against your defined zones, and generate the time-in-zone summaries. * **Service Operation and Improvement:** To operate, maintain, secure, and improve the Extension and Service. * **Communication (If Applicable):** If you contact us for support, we will use your contact information to respond to your inquiries. We do not currently send promotional emails. ## 3. How We Share Your Information We are committed to protecting your privacy and do not sell, rent, or trade your personal information with third parties for their marketing purposes. We may share information under the following limited circumstances: * **Service Providers:** We may use third-party companies and individuals to host our Service (e.g., cloud hosting providers like Amazon Web Services) and perform Service-related tasks. These third parties will only have access to your information to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. * **Legal Requirements:** We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent fraud, act in urgent circumstances to protect the personal safety of users of the Service, or protect against legal liability. * **Aggregated or Anonymized Data:** We may share aggregated or anonymized data that does not directly identify you for analytical or research purposes. ## 4. Data Security We implement reasonable technical and organizational measures to protect your information from unauthorized access, use, alteration, or destruction. These measures include: * Using HTTPS (SSL/TLS) to encrypt data transmitted between your browser, the Extension, and our Service. * Encrypting sensitive information, such as Strava access tokens, when stored by our backend (using technologies like Fernet encryption). * Implementing CSRF protection on our web services. However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security. ## 5. Data Retention * **Strava Activity Data & Summaries:** We store processed heart rate zone summaries to provide you with historical data displays. Raw activity data fetched from Strava is processed, and the resulting summaries are stored. You can trigger a re-sync of your activities. * **Custom Heart Rate Zones:** Your zone configurations are retained as long as your account with our Service is active or until you choose to delete them. * **Account Information:** Your account information on our Service is retained until you request account deletion. ## 6. Your Rights and Choices * **Accessing and Modifying Your Information:** You can access and modify your custom heart rate zone configurations through the Service at `https://strava-zones.com`. * **Revoking Strava Authorization:** You can revoke the Extension's access to your Strava data at any time through your Strava account settings (usually under "My Apps" or "Authorized Applications"). Revoking access will prevent the Extension from fetching new activity data. * **Data Deletion:** You can request the deletion of your account and associated data from our Service by contacting us at strava.zones@gmail.com. * **Cookies:** Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Service at `https://strava-zones.com`. ## 7. Children's Privacy Our Extension and Service are not directed to individuals under the age of 16 (or the relevant age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information. ## 8. Changes to This Privacy Policy We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. We encourage you to review this Privacy Policy periodically for any changes. ## 9. Contact Us If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: strava.zones@gmail.com. ---