Legal

Privacy Policy

We believe privacy is a right, not a feature. Here's exactly what we collect, why, and how we protect it.

Last Updated: March 2026
1

Introduction

Welcome to Pacelab ("we," "our," or "us"). We are committed to protecting your privacy and handling personal data responsibly. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our mobile app, website, APIs, and support channels.

For legal and contact details about the operator of Pacelab, please refer to our Imprint. Where this policy refers to "we", it means the operator identified there.

By using Pacelab, you agree to the collection and use of information described in this policy. If you do not agree, please do not use the app.

2

Information We Collect

2.1 Data stored locally on your device

All of the following is stored only on your device and never leaves it unless you explicitly enable cloud sync or share a workout:

  • Custom workouts, exercise library, and workout history
  • Completed sessions: timestamps, duration, rounds, performance metrics
  • Scheduled workouts and reminders
  • App settings and display preferences
  • Notification permission status and reminder settings, used only to deliver workout reminders you schedule. Notifications can be disabled in your device settings at any time.

2.2 Account data (optional)

Creating an account is completely optional. If you sign up, the following is stored on our servers:

  • Email address — used to identify your account and for password recovery
  • Display name — shown in optional "created by" fields on shared workouts
  • Hashed password — never stored in plain text
  • Authentication tokens issued by the server — when you sign in, tokens are stored on your device's secure keystore (iOS Keychain / Android Keystore), not in plain storage
  • Account creation date

2.3 Cloud sync data (optional, account required)

When cloud sync is active, the following is backed up to our servers so your data is available on new devices:

  • Your workout definitions (title, blocks, exercises, settings)
  • Block templates (reusable workout blocks you save for quick re-use)
  • Custom exercises (exercises you create in your personal library)
  • Workout session history (date, duration, rounds, performance metrics, per-block logs)

Sync data is associated with your account and protected by your credentials. It is deleted when you delete your account.

2.4 Shared workouts

When you share a workout, a unique share code is generated and the workout data is stored on our servers to enable the sharing link. Anyone with the share link or share code may be able to view that shared workout. You should avoid including sensitive personal information in workout titles, notes, or descriptions that you choose to share publicly.

You may optionally include your name in the "created by" field. Shared workouts are retained for 2 years of inactivity. If you delete your account, shared and published workouts are anonymised — your name and account association are removed — rather than deleted, so that share links created by or for others remain functional. Private workouts that were never shared are deleted permanently. You can request deletion of a shared workout by contacting us with the share code.

If you choose to publish a workout to the public library, it will be visible to all users. You can change this setting or remove it at any time.

2.5 Website analytics

When you visit pacelabintervals.com, we may collect anonymous analytics data (page views, visit duration) using privacy-respecting analytics tools. This data is aggregated and cannot identify you individually. If you submit a support request, we retain your contact information for 1 year after resolution.

3

How We Use Your Data

We use collected data solely for the following purposes:

  • Providing core app functionality (workouts, sessions, scheduling)
  • Enabling cloud backup and restore across devices for signed-in users
  • Enabling workout sharing between users
  • Authenticating your account securely
  • Maintaining service security, preventing abuse, and troubleshooting bugs
  • Responding to support requests
  • Improving the app using anonymised usage patterns
4

Data Storage and Security

Local storage

Workouts, exercises, sessions, and preferences are stored in a local database on your device. This data never leaves your device unless you enable cloud sync or share a workout.

Secure credential storage

Auth tokens are stored in your device's native secure enclave — iOS Keychain or Android Keystore — not in plain app storage or shared preferences.

Server-side data

Account data and synced workouts are stored on our servers with HTTPS in transit and encryption at rest. Passwords are hashed using industry-standard algorithms and are never stored in plain text.

Retention

Local data persists until you delete the app. Account and sync data are deleted when you delete your account. Shared workouts are retained for 2 years of inactivity. Support request data is retained for 1 year.

We use access controls, logging, rate limits, and other reasonable technical and organisational safeguards to reduce the risk of unauthorised access or abuse.

No method of transmission over the internet or electronic storage is 100% secure. While we implement appropriate safeguards, we cannot guarantee absolute security.

5

Third-Party Services

  • Hosting and infrastructure providers: We may use hosting, database, CDN, email, and monitoring providers that process data on our behalf strictly for operating and securing the service.
  • App Stores (Apple / Google): Our apps are distributed through the Apple App Store and Google Play Store. Please refer to their respective privacy policies for information about data they independently collect.
  • Anonymous analytics: We may use privacy-focused analytics tools to understand aggregate usage patterns. This data is anonymised and cannot identify individual users.
  • Apple Health (iOS, optional): If you enable Apple Health integration, completed workout sessions may be written to Apple Health on your device. This data transfer stays on your device and is governed by Apple's HealthKit terms. We do not read from Apple Health.
  • Google Health Connect (Android, optional): If you enable Health Connect integration, completed workout sessions may be written to Google Health Connect on your device. We do not read from Health Connect.
  • ChatGPT Integration (optional): Pacelab offers a Custom GPT action that allows you to create workouts via ChatGPT. When you use this integration, your workout request is sent from OpenAI's servers to the Pacelab API using integration-specific authentication configured by Pacelab. The content of your ChatGPT conversation is processed by OpenAI under their Privacy Policy. Pacelab only receives and stores the workout data resulting from the request and does not store ChatGPT conversation history on its servers.

Some of our service providers may process data outside your home country. Where required, we rely on appropriate contractual, technical, and organisational safeguards for such transfers.

6

Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have the following data protection rights:

Access — request a copy of your personal data stored on our servers
Rectification — request correction of inaccurate data
Erasure — delete your account in-app to remove all server-side data. Local data is removed when you uninstall the app.
Portability — request your data in a structured, machine-readable format
Restriction of processing — request that we limit how we process your personal data in certain circumstances
Objection — object to processing of your data for certain purposes

Our lawful bases for processing generally include: performing our contract with you (for account, sync, and sharing features), your consent (where required), compliance with legal obligations, and our legitimate interests in operating, securing, and improving the service.

To exercise any of these rights, contact us at support@pacelabintervals.com. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal data violates applicable law.

Data Controller: For data stored on our servers, we are the data controller. For data stored locally on your device, you are the data controller.

7

Children's Privacy

Our app is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@pacelabintervals.com and we will delete that information promptly.

8

Contact

Questions about this policy or your data? Reach out — we're happy to help.

support@pacelabintervals.com
9

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page.

For significant changes, we will provide a more prominent notice (such as an in-app notification). We encourage you to review this page periodically.