Privacy Policy

Runner Twelve AB (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect personal data when you use our websites and products, including Beatpace.

Scope

This Privacy Policy applies to:

  • The Beatpace web application (beatpace.io)
  • The Beatpace companion app for Garmin watches (Connect IQ)
  • The Runner Twelve website (runnertwelve.com)
  • Related communications, including product updates and transactional emails

Data Controller

Runner Twelve AB Org.nr: 559464-5888 Soderkoeping, Sweden Contact: info@runnertwelve.com

What Data We Collect

Account Data

When you create an account, we collect:

  • Your email address
  • Display name, avatar, bio, and tagline (if provided)
  • Social media links (Creator tier, if provided)

Workout and Content Data

When you use Beatpace, we store:

  • Workout programs you create (structure, blocks, settings, preferences)
  • Comments you post on other users’ programs
  • Your saved/bookmarked programs and followed creators

Usage Data

We collect data about how you use the service:

  • Programs you play, heart (like), or save
  • Follow/unfollow actions
  • Subscription tier and feature usage

Payment Data

  • Payments are processed by Stripe
  • We do not store your credit card details — these are handled entirely by Stripe
  • We store your subscription tier, billing status, and payment history references

AI Generation Data

When you use AI features (workout generation, coaching narration, music generation, cover-image generation), we store:

  • Generation requests and metadata, including the prompts and parameters you provide
  • Generated outputs associated with your account

To produce these outputs, we forward your prompts and the necessary parameters to third-party AI service providers acting as data processors on our behalf. We do not send your name, email address, or other directly identifying account data to these providers.

Watch and Connected Device Data

When you pair a Garmin watch with Beatpace through the Connect IQ companion app, we store:

  • A watch session record containing the device part number (used to display a friendly model name such as “Forerunner 965”) and the timestamp of the most recent sync
  • HMAC-signed access and refresh tokens that are scoped to the Beatpace watch endpoints only and that you can revoke at any time from Settings, under Connected Devices

The Connect IQ app declares the Communications permission only. It is used exclusively for HTTPS calls to the Beatpace backend (listing your mixes, downloading per-block audio, refreshing tokens, fetching cover thumbnails) and for the OAuth handshake through Garmin Connect Mobile. No other Connect IQ permissions are requested.

We do not request, receive, or store:

  • Your Garmin Connect identity, profile, or contacts
  • Any health, fitness, biometric, or activity data from Garmin Connect or the watch
  • GPS, location, or position data
  • Heart rate or any other sensor readings (accelerometer, barometer, compass, etc.)
  • Listening history or playback telemetry from the watch

The Garmin Connect Mobile app is used solely as the transport for the sign-in flow.

Audio files synced to the watch are stored in the watch’s local storage and in the Beatpace backend cache used to serve the same files to that user’s other devices. They are never shared with third parties.

Email Signups (Landing Page)

When you sign up for updates on our landing page:

  • Your email address
  • Timestamp of signup
  • A hashed version of your IP address (for rate limiting and abuse prevention)

Technical Data

  • Hashed IP addresses for rate limiting and abuse prevention
  • Browser and device information necessary for audio playback and service operation

Why We Collect Your Data

PurposeLegal Basis (GDPR)
Provide and operate Beatpace (accounts, playback, content)Performance of contract — Art. 6(1)(b)
Process subscription paymentsPerformance of contract — Art. 6(1)(b)
Send transactional emails (PIN codes, account notifications)Performance of contract — Art. 6(1)(b)
Send product news, tips, and offers to registered users (you can opt out anytime)Legitimate interest — Art. 6(1)(f)
Rate limiting and abuse preventionLegitimate interest — Art. 6(1)(f)

Marketing and Product Emails

If you have a Beatpace account, we may occasionally send you product news, tips, and offers about Beatpace. We rely on our legitimate interest in keeping our own customers informed about the service they signed up for.

You are in control of these emails:

  • Every marketing email contains a one-click unsubscribe link.
  • You can also turn them off anytime in Beatpace under Settings, in the Social section.

Opting out only affects marketing and product emails. Transactional emails that are necessary to operate your account (such as sign-in codes and billing notifications) are always sent.

How We Protect Your Data

  • Data is stored in cloud infrastructure within the EU
  • All traffic between your devices, our backend, and processors is encrypted in transit (HTTPS / TLS)
  • IP addresses are hashed before storage
  • Access to data is restricted to authorized personnel only
  • Industry-standard security measures are used to protect stored data
  • Payment card data is handled entirely by our payment processor and never touches our servers

Data We Do Not Sell or Use for Advertising

  • We do not sell, rent, or trade your personal data to any third party
  • We do not share your personal data with advertising networks
  • We do not build advertising profiles about you and we do not run third-party advertising or tracking analytics on Beatpace
  • Personal data is shared with third-party service providers (listed below) only as needed to operate Beatpace on our behalf

Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion.
  • Payment records: Retained for 7 years as required by Swedish accounting law (bokforingslagen).
  • Landing page signups: Retained for a maximum of 2 years after collection if no further interaction occurs.
  • Technical logs: Retained for up to 90 days for abuse prevention and debugging.
  • Watch session records: Retained until you revoke the watch from your account settings. Refresh tokens automatically expire after 30 days of inactivity, after which the session record is no longer usable for sign-in.

Your Rights Under GDPR

You have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Erase your data (“right to be forgotten”)
  • Withdraw consent at any time for consent-based processing
  • Data portability — receive your data in a portable format (your workout programs can be exported)
  • Object to processing based on legitimate interest
  • Lodge a complaint with a supervisory authority

The relevant supervisory authority in Sweden is the Swedish Authority for Privacy Protection (IMY).

To exercise your rights, contact: info@runnertwelve.com

Third-Party Services

We use third-party service providers to operate Beatpace. These providers process data on our behalf or as independent controllers:

  • Google Cloud / Firebase (EU) — cloud infrastructure, hosting, authentication, database, and file storage
  • Stripe — payment processing. Stripe acts as an independent data controller for payment data. See Stripe’s Privacy Policy for details.
  • AI service providers — we use third-party AI services for workout generation, voice synthesis, music generation, and cover-image generation. Generation prompts and parameters are sent to these providers for processing.
  • Email delivery provider — we use a third-party service to send transactional emails (PIN codes, notifications) and marketing communications
  • Avatar service — we use an email-hash-based avatar lookup service to display profile pictures
  • Geo-location service — on our landing page, we use an IP-based location service to detect your country for currency display purposes. No personal data is stored from this lookup.
  • Garmin Connect Mobile (GCM) — used solely as the OAuth transport when you pair a Garmin watch with Beatpace. We do not exchange user data with Garmin beyond what is required to complete the sign-in flow, and we do not retrieve your Garmin Connect profile or activity data.

We do not use advertising networks or user-tracking analytics services.

Cookies and Local Storage

  • We do not use tracking cookies or third-party analytics cookies
  • Firebase Authentication uses browser local storage to maintain your session
  • No personal data is stored in cookies
  • On a paired Garmin watch, the Connect IQ app stores access and refresh tokens, the paired session ID, and any audio files you have downloaded for offline playback. This data is cleared when you sign out of the watch app, unsync a downloaded program, or revoke the watch from Settings.

Children

Beatpace is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with personal data, please contact us so we can delete it.

International Data Transfers

Our primary infrastructure is hosted in the EU. However, some third-party service providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • The service provider’s compliance with equivalent data protection standards

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Beatpace website or by email to registered users when appropriate. The “Last updated” date at the top of this page reflects the most recent revision.

Contact

For privacy-related questions, GDPR requests, or to exercise any of the rights listed above:

info@runnertwelve.com

For product support, including questions about the Beatpace Connect IQ app for Garmin watches:

support@beatpace.io

Runner Twelve AB Soderkoeping, Sweden