Skip to main content
Havik

Privacy Policy

Last updated: March 4, 2026

Havik (“we”, “us”, “our”) operates the website havik.run and provides race weather strategy tools for runners. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and an encrypted password. If you sign in with Google, we receive your name, email, and profile photo from Google. We do not receive or store your Google password.

Fitness & Activity Data

If you connect a third-party fitness service (Strava, Garmin Connect), we access your running activity data including:

  • Activity history (dates, distances, durations, pace)
  • Heart rate and training metrics (VO2max, training load) when available
  • Activity routes (GPS data) when available

We use this data solely to generate personalized race predictions and pacing strategies. We do not sell, rent, or share your fitness data with any third party.

Race Analysis Data

When you upload a GPX file or analyze a race, we process course data (GPS coordinates, elevation) and combine it with weather forecasts to generate your strategy. Uploaded GPX files are processed in memory and not permanently stored unless you save the analysis.

Usage Data

We automatically collect standard usage information such as IP address, browser type, pages visited, and referring URL. We use Google Analytics for aggregate traffic analysis. This data is not linked to your fitness or activity data.

2. How We Use Your Information

  • Generate personalized race pace predictions and weather-adapted strategies
  • Provide and improve our services
  • Communicate with you about your account and service updates
  • Analyze aggregate usage to improve the platform

We do not use your data for advertising, profiling, or any purpose unrelated to providing race strategy services.

3. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share data only in these limited cases:

  • Service providers: We use third-party infrastructure (hosting, database, email delivery) that may process your data on our behalf under strict contractual obligations.
  • Legal requirements: We may disclose information if required by law, regulation, or legal process.
  • With your consent: If you choose to share an analysis publicly, the analysis results (not your fitness data) become accessible via a public link.

4. Third-Party Integrations

Strava

When you connect Strava, we use the Strava API to read your activity data. You can disconnect Strava at any time from your account settings, which revokes our access. We comply with the Strava API Agreement.

Garmin Connect

When you connect Garmin Connect, we access your activity data and training metrics through the Garmin Connect API. You can disconnect Garmin at any time from your account settings. We use your Garmin data solely to generate race predictions and pacing strategies. We do not share your Garmin data with any other platform or service. We comply with the Garmin Connect Developer Program requirements.

Weather Data

We use the Open-Meteo API to fetch weather forecasts and historical weather data. Only race course coordinates and dates are sent to this service — no personal or fitness data.

5. Data Retention & Deletion

We retain your account and analysis data for as long as your account is active. You can delete individual analyses at any time. To delete your entire account and all associated data, contact us at [email protected]. Upon account deletion, we remove all personal data, fitness data, and saved analyses within 30 days. Anonymized, aggregate statistics may be retained.

6. Data Security

We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords (Argon2), encrypted authentication tokens (RS256 JWT), and access-controlled databases. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for data processing
  • Disconnect third-party fitness services at any time

To exercise these rights, contact [email protected].

8. Cookies

We use essential cookies for authentication (session management, refresh tokens). We use Google Analytics for aggregate traffic analysis, which sets its own cookies. We do not use advertising or tracking cookies.

9. Children’s Privacy

Havik is not directed at children under 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised “Last updated” date. Your continued use of Havik after changes constitutes acceptance.

11. Contact

If you have questions about this Privacy Policy or your data, contact us at [email protected].