← Back to Peregrine

Privacy Policy

Last updated: April 2026

Peregrine is a running analytics dashboard that connects to Strava. This policy describes what data we access, how we use it, and your rights.

What we access from Strava

When you connect your Strava account, we request read access to your activity data. Specifically, we fetch and store:

• Your name and profile photo (as shown on Strava)
• Your running activities only — including distance, time, pace, heart rate, cadence, elevation, and the date of each run
• OAuth tokens that let us read your data on your behalf

We do not access your social network, clubs, segments, routes, private notes, photos, or any non-running activities.

How we store your data

Your activity data and tokens are stored in a Postgres database that we operate. Data is encrypted in transit (HTTPS) and at rest (provider-managed encryption). Only you can see your own data when logged in.

How we use your data

Your data is used exclusively to display analytics on your Peregrine dashboard. We do not:

• Sell, share, or trade your data with any third party
• Use your data for advertising or marketing
• Aggregate your data with other users' for commercial purposes
• Train machine learning models on your data

Webhooks

To keep your dashboard current, we register a webhook with Strava that notifies us when you post, update, or delete an activity. When notified, we fetch only that one activity from Strava and update our cache.

Your rights and control

• Access: You can view all data we store by logging in to your dashboard.
• Re-sync: The footer of the dashboard has a "Re-sync" link that re-fetches your full history from Strava.
• Deletion: The "Delete account" link in the footer permanently removes all your data from our database and deauthorizes our access to your Strava account. This action is immediate and cannot be undone.
• Revoke at Strava: You can also revoke Peregrine's access at any time from your Strava settings. When you do this, your stored data remains until you delete your Peregrine account.

Cookies

We use a single session cookie to keep you logged in. It contains a random session identifier — no personal information. It expires after 30 days.

Third parties

Our database and hosting are provided by infrastructure vendors (currently Railway and its Postgres provider). These providers process data on our behalf under their own terms. We do not use analytics, advertising, or tracking services.

Changes

If we change this policy, we will update the "last updated" date above. Significant changes will be announced on the login page.

Contact

Questions about this policy? Email us at the address shown on the main site.