Herak Sports

Legal

Privacy Policy

Last updated: June 5, 2026

This Privacy Policy explains how personal data is processed when you visit the Herak Sports website, create or use an account, connect Strava, subscribe to a paid plan, receive service emails, or use the training, statistics, and team features of the app.

Controller

Lukas Kien

Einfangweg 49

6370 Kitzbuhel

Austria

support@herak-sports.com

Scope of this Privacy Policy

This Privacy Policy applies to the Herak Sports website and the connected Herak Sports software-as-a-service product.

It covers personal data processed when individuals browse the website, create or use app accounts, participate in team workflows, connect third-party services such as Strava, or communicate with us for support or operational purposes.

If coaches, clubs, or organizations use Herak Sports for team management, some processing may take place in the context of that team relationship. In those cases, Herak Sports still acts as the controller for the data it stores and processes in its own product environment unless a different role is explicitly stated.

Categories of Data We Process

Depending on how you use Herak Sports, we may process the following categories of personal data:

  • account and profile data, such as name, email address, login details, language, and account preferences;
  • team and organization data, such as athlete, coach, group, and role assignments;
  • training and workout data, such as calendar entries, assigned plans, completed sessions, notes, feedback, media references, and sport-specific workflow information;
  • statistics and performance data derived from training activity, app usage, and recorded workout history;
  • Strava-related data where you connect Strava, such as imported activity metadata, duration, distance, elevation, speed, heart-rate data where available, mapped workout type, and synchronization timestamps;
  • subscription and billing data needed to manage paid plans and payments through Stripe, such as plan selection, subscription status, billing interval, payment-related identifiers, and invoicing records;
  • communication data when you contact us or when we send transactional, operational, onboarding, support, or service-related emails;
  • technical and security data, such as IP address, device or browser information, request logs, session identifiers, and authentication data required to operate the service securely.

Purposes of Processing

We process personal data in particular for the following purposes:

  • to provide, operate, maintain, and improve the website and Herak Sports app;
  • to create and manage user accounts, team workspaces, roles, and permissions;
  • to provide training planning, workout assignment, self-training, statistics, and related product features;
  • to import and match Strava activities when users choose to connect their Strava account;
  • to manage subscriptions, payments, and billing through Stripe;
  • to send service-related emails, support messages, onboarding communication, and security notices;
  • to protect the service, detect misuse, prevent fraud, and investigate incidents;
  • to comply with legal obligations, including tax, accounting, and data protection requirements.

Legal Bases Under Article 6 GDPR

Where the GDPR applies, we process personal data on the following legal bases:

  • Article 6(1)(b) GDPR, where processing is necessary to provide the service, manage accounts, enable team workflows, connect Strava, or perform subscription-related obligations;
  • Article 6(1)(c) GDPR, where processing is necessary to comply with legal obligations;
  • Article 6(1)(f) GDPR, where processing is necessary for our legitimate interests, especially maintaining service security, reliable operation, support, abuse prevention, and product administration;
  • Article 6(1)(a) GDPR, where consent is required for a specific processing activity.

Recipients and Processors

Where necessary, personal data may be disclosed to service providers that support the operation of Herak Sports.

  • Stripe, for subscription management, payment processing, and billing-related operations;
  • Strava, where a user chooses to connect a Strava account and synchronize activity data;
  • hosting, infrastructure, storage, and technical service providers that help us operate the website and app securely;
  • email and communication providers that help us send support or operational messages;
  • professional advisers, authorities, or courts where disclosure is legally required or necessary to enforce legal claims.

International Data Transfers

Some of the service providers we use may process personal data outside the European Economic Area.

Where personal data is transferred to a third country without an adequacy decision, we take appropriate steps to ensure that a lawful transfer mechanism is in place, including standard contractual clauses where required.

Retention Periods

We retain personal data only for as long as necessary for the relevant purposes or as long as legal retention obligations require.

  • account, team, training, and statistics data is generally retained for as long as the relevant account or workspace remains active, unless deletion is requested or the data is no longer needed;
  • Strava synchronization data is retained for as long as the Strava connection and related training functionality remain active or as otherwise required for service operation;
  • billing and payment-related records may be retained for the period required by tax, accounting, and legal obligations;
  • support and operational communication may be retained as long as necessary to document requests, maintain service continuity, and protect legal interests;
  • technical logs and security records are retained for the period reasonably required for security, troubleshooting, and abuse prevention.

Cookies, Sessions, and Similar Technologies

Herak Sports may use technically necessary cookies, session identifiers, headers, tokens, or similar technologies to provide secure logins, maintain sessions, remember essential settings, and ensure correct product functionality.

This Privacy Policy does not currently describe separate marketing tracking or advertising cookies. If additional non-essential tracking technologies are introduced later, this Privacy Policy will be updated accordingly.

Security

We implement appropriate technical and organisational measures to protect personal data against unauthorized access, loss, destruction, alteration, or unlawful disclosure.

These measures may include access controls, authenticated session handling, permission controls, secure transport, service monitoring, and other safeguards appropriate to the nature of the product.

Data Subject Rights

Subject to the applicable legal requirements, you have the following rights under the GDPR:

If you want to exercise any of these rights, please contact support@herak-sports.com.

  • right of access under Article 15 GDPR;
  • right to rectification under Article 16 GDPR;
  • right to erasure under Article 17 GDPR;
  • right to restriction of processing under Article 18 GDPR;
  • right to data portability under Article 20 GDPR;
  • right to object under Article 21 GDPR;
  • right to withdraw consent at any time where processing is based on consent;
  • right to lodge a complaint with a competent supervisory authority.

No Automated Decision-Making

We do not carry out automated decision-making or profiling within the meaning of Article 22 GDPR that produces legal effects or similarly significant effects on individuals.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes.

The current version published on this website applies.