Privacy Policy
Effective Date: January 3, 2026 · Last Updated: January 3, 2026
The Long Game ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This policy explains how we collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.
1. Data Controller
For the purposes of the GDPR, the data controller is:
The Long Game
Contact: privacy@thelonggame.win
2. Information We Collect
Account Information
- Email address and name (via Google OAuth or email signup)
- Age and biological sex (for accurate training calculations)
Training & Health Data
- Current fitness level and running history
- Race times, goals, and target events
- Injury history and pain information
- Training preferences and weekly schedule
- VO2max estimates (if provided or imported)
Connected Services (Optional)
If you connect Garmin or Strava, we may access:
- Activity history (runs, workouts, durations, distances)
- Health metrics (heart rate zones, VO2max estimates)
We only request read-only access. We never post to your accounts or share your data with these platforms.
Technical Data
- Device type and browser information
- IP address (anonymized for analytics)
- Usage patterns within the application
3. Legal Basis for Processing (GDPR)
We process your personal data under the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Account creation & authentication | Contract performance |
| Training plan generation | Contract performance |
| Health & fitness data processing | Explicit consent |
| Service improvement & analytics | Legitimate interest |
| Marketing communications | Consent |
4. How We Use Your Information
- Generate personalized training plans using evidence-based coaching methodologies
- Calculate training paces and zones based on your fitness data
- Adjust plans based on your progress, feedback, and imported activities
- Send training reminders and plan updates (with your consent)
- Analyze usage patterns to improve our algorithms and user experience
- Respond to support inquiries
5. Data Retention
- Account data: Retained while your account is active, deleted within 30 days of account deletion
- Training plans: Retained while your account is active
- Connected service data: Cached temporarily, refreshed on each sync, deleted on account deletion
- Analytics data: Aggregated and anonymized, retained for up to 2 years
6. Data Sharing & Third Parties
We do not sell your personal data. We share data only with:
Supabase (Database & Auth)
Account data, training data · US-based · SOC 2 Type II certified
Vercel (Hosting)
Application hosting · US/EU edge locations · SOC 2 certified
Garmin & Strava APIs
Only when you connect · Read-only access · Disconnectable anytime
7. International Data Transfers
Your data may be transferred to and processed in the United States. For EU/EEA users, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) with our service providers, to protect your data in accordance with GDPR requirements.
8. Your Rights
Under GDPR and other privacy laws, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Export your data in a machine-readable format
- Restriction: Limit how we process your data
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Revoke consent for health data processing at any time
To exercise these rights, email privacy@thelonggame.win. We will respond within 30 days.
9. California Privacy Rights (CCPA)
California residents have additional rights under the CCPA, including the right to know what personal information we collect, the right to delete, and the right to opt-out of the sale of personal information. We do not sell personal information.
10. Cookies & Tracking
We use only essential cookies required for authentication and session management. We do not use advertising cookies, tracking pixels, or sell data to third-party advertisers. You can control cookie settings through your browser preferences.
11. Data Security
- All data transmitted over HTTPS (TLS 1.3)
- Data encrypted at rest in our database
- Access controls and authentication on all systems
- Regular security reviews and dependency updates
12. Children's Privacy
The Long Game is not intended for users under 16 years of age. We do not knowingly collect personal data from children. If we learn we have collected data from a child under 16, we will promptly delete it.
13. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before taking effect. The "Last Updated" date at the top reflects the most recent revision.
14. Contact & Complaints
For privacy-related questions or to exercise your rights:
Email: privacy@thelonggame.win
EU residents: You have the right to lodge a complaint with your local Data Protection Authority if you believe we have not handled your data in accordance with GDPR.