HSTL PRIVACY POLICY
Last updated: 22 July 2025

HSTL ("HSTL," "we," "our," "us") provides a mobile application and related services that help running‑club organisers manage events and let runners track their participation and Hustle (HSTL) scores. We value your privacy and want you to understand how we process personal data. This Policy applies to the HSTL iOS/Android apps, the hstl.run website, and any features or content we control (collectively, the "Services").

––––––––––––––––––––––––––––––
1. INFORMATION WE COLLECT

We collect the minimum data needed to run HSTL:

• Account details – name, email, emoji / nickname, login tokens (Google, Apple).
• Club participation – club(s) you follow, event RSVPs, QR check‑ins, attendance history.
• Derived run metrics – Hustle Score, streaks, head‑wind factor and other analytics we compute.
• Connected services
  – Strava: after you grant permission, we fetch your run activities via the Strava API. We cache the raw Strava activity file (including distance, GPS, heart‑rate and other sensor data) for no more than 7 days, after which we delete or refresh it.
  – Garmin (optional): if you connect a Garmin account, we receive workout FIT files directly from Garmin Health. Raw FIT data is treated the same way as Strava raw data.
  – We do not collect activities from other sports unless you authorise them, and we never write data back to Strava or Garmin without asking you first.
• Device & usage data – app version, device model, crash logs (via Sentry) and anonymous analytic events.

––––––––––––––––––––––––––––––
2. HOW WE USE THE INFORMATION

• Operate and improve the Services.
• Calculate and display Hustle Scores and club leaderboards.
• Auto‑link your run to an event you checked into (time + location match).
• Send push notifications (e.g., streak reminders, new events).
• Maintain safety, security and integrity of our platform.
• Comply with legal obligations and Strava / Garmin developer terms.

––––––––––––––––––––––––––––––
3. SHARING OF INFORMATION

We never sell your data. We share only:
• With the club organiser(s) you follow – your attendance, Hustle Scores and profile emoji/nickname.
• With service providers who host, process or analyse data for us (Firebase, Google Cloud, Expo, Sentry). All are under strict confidentiality agreements.
• As required by law or to protect rights, property or safety.

––––––––––––––––––––––––––––––
4. DATA RETENTION

• Raw Strava or Garmin workout files → deleted or refreshed after 7 days.
• Derived metrics (Hustle Score, insights) → kept until you delete your account.
• Account and attendance records → kept while you maintain an account and for up to 30 days after deletion before permanent purge from backups.

––––––––––––––––––––––––––––––
5. YOUR CHOICES & RIGHTS

• View or edit your profile in the app.
• Disconnect Strava or Garmin at any time (we stop fetching data immediately).
• Request a copy or deletion of your personal data via email (see contact below).
• Opt out of marketing emails and certain push notifications in settings.

––––––––––––––––––––––––––––––
6. SECURITY

We use ISO‑27001–certified cloud providers, encrypted connections (TLS 1.2+), and restrict employee access to production systems. No system is 100 % secure; please keep your login credentials safe.

––––––––––––––––––––––––––––––
7. CHILDREN

HSTL is not directed to children under 16. If you learn a child has provided us data without parental consent, contact us and we will delete it.

––––––––––––––––––––––––––––––
8. CHANGES TO THIS POLICY

We may update this Policy and will post the new version on hstl.run with a "Last updated" date. Material changes will be announced in‑app or via email.

––––––––––––––––––––––––––––––
9. CONTACT

Questions or requests? Email us at admin@hstl.run.