Privacy

Stride Atlas is a personal dashboard for your Strava runs. It’s built to keep your data close to you. There’s no database of activities on our side, no email list, no third-party sharing beyond what’s strictly required to make the app work. This page spells out exactly what that means.

Last updated: April 2026

What we collect

When you click Connect with Strava, Strava redirects you back to us with a short-lived access token and a long-lived refresh token. We also receive your Strava athlete profile (your name, city, and athlete ID) and your run activities (date, distance, pace, duration, heart rate, elevation, route name): the same data Strava shows you on its own dashboard.

We do not collect:

Your email address (Strava doesn’t share it with us, and we don’t ask).
GPS traces (we read summaries only; individual lat/lng points are never requested).
Any activity type other than runs.
Anything from you while you’re using the site beyond the setting choices you make in the View panel.

Where it’s stored

Your Strava access and refresh tokens live in an encrypted session cookie (iron-session) that the browser sends back to our server on each request. The cookie is HTTP-only, SameSite=Lax, and Secure in production. It expires after 30 days of inactivity. We don’t have a database of users. If the cookie is cleared, there’s nothing on our side to reconstruct.

Your run activities are fetched from Strava on demand and held in a per-athlete in-memory cachefor up to one hour, so the dashboard loads quickly without re-hitting Strava’s API on every navigation. This cache lives in the server process. When the process restarts (which Vercel does regularly on serverless functions), the cache is gone.

Your preferences (theme, km/mi, time range, custom date range, HR max override) live in your browser’s localStorage. They never leave your device.

Third parties

Strava.The whole point. Your Strava account is authenticated via OAuth 2.0; the app reads activities using the permissions you grant. You can revoke Stride Atlas’s access at any time from your Strava account settings.
Vercel Analytics.We track anonymous page views (route visited, country, referrer) to see roughly how the site is being used. No IP addresses or fingerprints are associated with individual users. Vercel’s privacy policy covers what they do with that data.
Vercel hosting.The site runs on Vercel’s edge/serverless infrastructure. Standard request logs (IP, timestamp, URL, response time) are retained by Vercel per their policy; we don’t read or store them ourselves.

That’s the entire third-party list. No ad networks, no marketing pixels, no session-replay tools.

Cookies

One session cookie: stride_session, used only for authentication. No tracking cookies. Vercel Analytics is cookieless by default.

Your rights

Disconnect. Use the Disconnect button in the authed dashboard, or revoke Stride Atlas from your Strava app settings. Either one clears our ability to reach your data.
Access / export.You already have all of this. It’s your data on Strava. Strava itself provides a bulk export of your activities under Account → Download or Delete Your Account.
Delete.There’s nothing persistent to delete on our side. Disconnecting and clearing your browser’s cookies/localStorage for this site removes every trace locally.

Changes

If this policy changes in a way that affects what we collect or how we use it, the Last updateddate above will change, and the home page will surface a small note for at least a week. If you’re disconnected at that point, you won’t be affected anyway. There’s nothing to change retroactively.

Contact

Questions, or something here that doesn’t match what you’re seeing? Email na@letizia.tech.