Privacy Policy

Runner Twelve AB (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect personal data when you use our websites and products, including Beatpace.

Scope

This Privacy Policy applies to:

  • The Beatpace web application (beatpace.io)
  • The Runner Twelve website (runnertwelve.com)
  • Related communications, including product updates and transactional emails

Data Controller

Runner Twelve AB Org.nr: 559464-5888 Soderkoeping, Sweden Contact: info@runnertwelve.com

What Data We Collect

Account Data

When you create an account, we collect:

  • Your email address
  • Display name, avatar, bio, and tagline (if provided)
  • Social media links (Creator tier, if provided)

Workout and Content Data

When you use Beatpace, we store:

  • Workout programs you create (structure, blocks, settings, preferences)
  • Comments you post on other users’ programs
  • Your saved/bookmarked programs and followed creators

Usage Data

We collect data about how you use the service:

  • Programs you play, heart (like), or save
  • Follow/unfollow actions
  • Subscription tier and feature usage

Payment Data

  • Payments are processed by Stripe
  • We do not store your credit card details — these are handled entirely by Stripe
  • We store your subscription tier, billing status, and payment history references

AI Generation Data

When you use AI features (workout generation, coaching narration), we store:

  • Generation requests and metadata
  • Generated outputs associated with your account

Email Signups (Landing Page)

When you sign up for updates on our landing page:

  • Your email address
  • Timestamp of signup
  • A hashed version of your IP address (for rate limiting and abuse prevention)

Technical Data

  • Hashed IP addresses for rate limiting and abuse prevention
  • Browser and device information necessary for audio playback and service operation

Why We Collect Your Data

PurposeLegal Basis (GDPR)
Provide and operate Beatpace (accounts, playback, content)Performance of contract — Art. 6(1)(b)
Process subscription paymentsPerformance of contract — Art. 6(1)(b)
Send transactional emails (PIN codes, account notifications)Performance of contract — Art. 6(1)(b)
Send marketing emails and product updatesYour consent — Art. 6(1)(a)
Rate limiting and abuse preventionLegitimate interest — Art. 6(1)(f)

How We Protect Your Data

  • Data is stored in cloud infrastructure within the EU
  • IP addresses are hashed before storage
  • Access to data is restricted to authorized personnel only
  • Industry-standard security measures are used to protect stored data
  • Payment card data is handled entirely by our payment processor and never touches our servers

Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion.
  • Payment records: Retained for 7 years as required by Swedish accounting law (bokforingslagen).
  • Landing page signups: Retained for a maximum of 2 years after collection if no further interaction occurs.
  • Technical logs: Retained for up to 90 days for abuse prevention and debugging.

Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Erase your data (“right to be forgotten”)
  • Withdraw consent at any time for consent-based processing
  • Data portability — receive your data in a portable format (your workout programs can be exported)
  • Object to processing based on legitimate interest
  • Lodge a complaint with a supervisory authority

The relevant supervisory authority in Sweden is the Swedish Authority for Privacy Protection (IMY).

To exercise your rights, contact: info@runnertwelve.com

Third-Party Services

We use third-party service providers to operate Beatpace. These providers process data on our behalf or as independent controllers:

  • Google Cloud / Firebase (EU) — cloud infrastructure, hosting, authentication, database, and file storage
  • Stripe — payment processing. Stripe acts as an independent data controller for payment data. See Stripe’s Privacy Policy for details.
  • AI service providers — we use third-party AI services for workout generation and voice synthesis. Generation prompts and metadata may be sent to these providers for processing.
  • Email delivery provider — we use a third-party service to send transactional emails (PIN codes, notifications) and marketing communications
  • Avatar service — we use an email-hash-based avatar lookup service to display profile pictures
  • Geo-location service — on our landing page, we use an IP-based location service to detect your country for currency display purposes. No personal data is stored from this lookup.

We do not use advertising networks or user-tracking analytics services.

Cookies and Local Storage

  • We do not use tracking cookies or third-party analytics cookies
  • Firebase Authentication uses browser local storage to maintain your session
  • No personal data is stored in cookies

Children

Beatpace is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with personal data, please contact us so we can delete it.

International Data Transfers

Our primary infrastructure is hosted in the EU. However, some third-party service providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • The service provider’s compliance with equivalent data protection standards

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Beatpace website or by email to registered users when appropriate. The “Last updated” date at the top of this page reflects the most recent revision.

Contact

For privacy-related questions or requests:

info@runnertwelve.com

Runner Twelve AB Soderkoeping, Sweden