DatavataBACK TO HOME
LEGAL

PRIVACY POLICY

LAST UPDATED: MARCH 2026

1. INTRODUCTION

Datavata ("we", "our", "us") is a fitness intelligence platform operated by Digital Frontera. We connect to your Strava account to visualise and analyse your activity data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use Datavata.

2. DATA WE COLLECT

When you connect your Strava account, we access and store the following:

  • Strava OAuth tokens (access token, refresh token) for API authentication
  • Your Strava profile information (athlete ID, name, profile picture)
  • Activity data (type, distance, duration, elevation, date, kudos count)
  • Activity route data (GPS polylines for map visualisation)
  • Activity location metadata (start coordinates, city, country)

If you join our waitlist, we collect your email address solely for the purpose of notifying you when Datavata opens to new athletes.

WE DO NOT STORE IP ADDRESSES.

3. HOW WE USE YOUR DATA

Your Strava data is used exclusively to power your personal Datavata dashboard:

  • Display your activities on interactive maps
  • Calculate statistics, personal records, and year-over-year progress
  • Generate activity breakdowns, heatmaps, and route rankings
  • Forecast year-end fitness goals
  • Create shareable achievement cards

YOUR DATA IS NEVER SOLD, SHARED WITH, OR TRANSFERRED TO ANY THIRD PARTIES.

4. DATA STORAGE

Your data is stored securely using Google Firebase (Firestore) and hosted on Vercel. All data transmission is encrypted via HTTPS. Strava authentication tokens are stored server-side and are never exposed to your browser. Waitlist email addresses are stored in Firestore and are not shared with any third party.

5. COOKIES

Datavata uses functional cookies only. We use a session cookie to keep you logged in after connecting your Strava account. We do not use advertising cookies, tracking cookies, or any third-party marketing cookies. Vercel Analytics collects anonymous, aggregated page view data with no personally identifiable information.

6. THIRD-PARTY SERVICES

  • STRAVAWe use the Strava API to access your activity data. Strava's own privacy policy applies to data stored on their platform.
  • GOOGLE FIREBASEUsed for secure data storage (Firestore). Data is encrypted at rest and in transit.
  • VERCELUsed for application hosting and serverless functions.
  • MAPBOXUsed to render interactive activity maps. Mapbox may collect anonymous usage data per their privacy policy.

7. YOUR RIGHTS

You have the right to:

  • Access all data we store about you
  • Request correction of inaccurate personal data
  • Request deletion of your account and all associated data
  • Disconnect Datavata from your Strava account at any time
  • Withdraw consent for data processing at any time

To exercise any of these rights, please contact us at privacy@datavata.app. Data deletion requests are processed within 30 days.

8. GDPR COMPLIANCE

If you are located in the European Union or European Economic Area, you are entitled to additional rights under the General Data Protection Regulation (GDPR). We process your data on the legal basis of your explicit consent (provided when you connect your Strava account). You may withdraw this consent at any time by disconnecting your account. We act as the data controller for personal data collected through Datavata. For any GDPR-related enquiries, please contact us at privacy@datavata.app.

9. DATA RETENTION

We retain your data for as long as your account is active. When you delete your account or request data deletion, all personal data is permanently removed from our systems within 30 days.

10. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated date. Continued use of Datavata after changes constitutes acceptance of the updated policy.

11. CONTACT

If you have questions about this Privacy Policy, please contact us at privacy@datavata.app or through Digital Frontera.