Privacy Policy

Nemesis Race Club (“we,” “us,” “the app”) is a running app that matches runners with rivals of similar pace and lets them race head-to-head over a fixed time window. The app is operated by Jeff DeGeorgia. You can reach us at jeff.degeorgia@gmail.com.

You connect a running data source — Strava, or Apple Health (on iOS) — and we receive, only with your authorization:

• Your running activities: distance, moving time, elevation gain, average pace, start date and time, and activity type.
• From Strava: your name, profile photo, city/country, athlete ID, best efforts, and OAuth tokens used to access the above.
• From Sign in with Apple: a unique Apple identifier and, if you share it, an email address.
• An email address, where available, used only for challenge notifications.

We do not collect data from sources other than the ones you connect and the information you provide directly in the app.

If you use the iOS app and grant Apple Health access, we read your running workouts from HealthKit — distance, duration, pace, start time, and energy burned — solely to power matching and to score your head-to-head challenges. We request read-only access; we never write to Apple Health. HealthKit data is used only to provide the app’s features and is never used for advertising, never sold, and never shared beyond the limited challenge-related visibility described in Section 4. You can revoke Health access at any time in iOS Settings → Privacy & Security → Health.

We use your data only to operate the app’s core features:

• Computing your runner profile (average pace, frequency, consistency) to match you with similar runners.
• Determining the outcome of challenges you enter (fastest qualifying time wins).
• Displaying your own dashboard: recent runs, personal bests, trophies, and rivalry history.
• Sending you challenge notifications (invites, acceptances, results) by email.

We never sell your data. We never advertise to you. Your activity data is visible to:

• You, on your own dashboard.
• A runner you are in an active or completed challenge with — they see your name, the relevant challenge metrics, and your recent runs for the challenge, the same way you see theirs.

We use the following service providers strictly to run the app: Vercel (hosting), Supabase (database), and Resend (email delivery). They process data only on our behalf.

This app uses the Strava API but is not endorsed or certified by Strava. Your use of Strava data is also governed by Strava’s Privacy Policy. We access Strava data on a read-only basis — we never post, comment on, edit, or delete your Strava activities.

We keep your data while your account is active. You can disconnect the app at any time from your Strava settings. To have your account and all associated data permanently deleted, email jeff.degeorgia@gmail.com and we will delete it within 30 days.

We store data with industry-standard providers and transmit it over encrypted (HTTPS) connections. No system is perfectly secure, but we take reasonable measures to protect your information.

The app is not directed at children under 13, and we do not knowingly collect their data.

We may update this policy. Material changes will be reflected by the “Last updated” date above.

Questions about this policy or your data: jeff.degeorgia@gmail.com.