Back to LacTrace

Privacy Policy

Last updated: January 2025

Overview

LacTrace is a lactate tracking application for endurance athletes. We are committed to protecting your privacy and ensuring you have control over your personal data. This policy explains what data we collect, how we use it, and your rights under GDPR.

Data Controller: LacTrace operates from the European Union, with all data stored on EU-based servers (Hetzner for hosting, Supabase EU region for database).

Data We Collect

Account Information

  • Email address (for authentication)
  • Name (optional)
  • Profile preferences (units, sport preferences)

Training Data

  • Lactate measurements and associated metrics (RPE, notes)
  • Activities synced from intervals.icu (workouts, power, heart rate, pace)
  • Training thresholds (FTP, LT1, LT2, etc.)
  • Equipment information (lactate meters, treadmills)

Technical Data

  • Browser type and version
  • Device information
  • IP address (anonymized for analytics)
  • Usage patterns (with your consent)

How We Use Your Data

  • Core Functionality: To provide lactate tracking, analysis, and training zone calculations.
  • intervals.icu Integration: To sync your activities and link lactate measurements to workouts.
  • Analytics (with consent): To understand how you use LacTrace and improve the product.
  • Error Monitoring: To identify and fix bugs. Session replay requires your explicit consent.

Third-Party Services

Services We Use

Supabase (EU Region)

Database and authentication. All data stored in EU data centers.

intervals.icu

Activity sync via OAuth. We only access data you explicitly authorize.

PostHog (EU Region)

Analytics and product improvement. Only enabled with your consent.

Sentry (EU Region)

Error tracking (always on for stability). Session replay requires consent.

Cookies and Tracking

We use the following types of cookies:

Essential Cookies (Always Active)

Required for authentication, security, and basic functionality. Cannot be disabled.

Analytics Cookies (Consent Required)

Help us understand how you use LacTrace. Powered by PostHog (EU hosted).

Session Replay (Consent Required)

Records sessions when errors occur to help us fix bugs. Powered by Sentry (EU hosted).

You can manage your cookie preferences at any time in Settings → Data & Privacy.

Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Right of Access: Download all your data in JSON format from Settings → Data & Privacy.
  • Right to Rectification: Update your information in Settings.
  • Right to Erasure: Delete your account and all data from Settings → Data & Privacy.
  • Right to Restrict Processing: Disable analytics and session replay via cookie preferences.
  • Right to Data Portability: Export your data in machine-readable format (JSON).
  • Right to Object: Opt out of analytics tracking at any time.

Data Retention

  • Account data: Retained until you delete your account.
  • Training data: Retained until you delete your account or specific records.
  • Analytics data: Anonymized and aggregated. Individual session data retained for 90 days.
  • Error logs: Retained for 30 days.

Data Security

We protect your data through:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Row-level security policies in our database
  • Regular security audits
  • EU-based infrastructure with GDPR-compliant providers
  • No sharing of personal data with third parties for marketing

Contact Us

For privacy-related questions or to exercise your rights, contact us at: [email protected]

Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be communicated via email or in-app notification. Continued use of LacTrace after changes constitutes acceptance of the updated policy.