Privacy Policy
Effective date: June 8, 2026 · Last updated: July 7, 2026
1. Introduction
PaceNova ("PaceNova," "we," "us," or "our") is a brand operated by Quantik Digital LLC, a Tennessee limited liability company. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our website at pacenova.ai and our subscription service (collectively, the "Service").
By using the Service, you agree to the collection and use of information in accordance with this policy.
2. Information we collect
Account information
When you create an account, we collect: your email address, name, age (optional), maximum heart rate (optional), resting heart rate (optional), home ZIP or postal code (optional — see “Weather data” below), and a hashed password. Passwords are hashed using industry-standard PBKDF2 (HMAC-SHA256) and are never stored in recoverable form.
Health and fitness data
The Service depends on collecting and analyzing your training data, including: workout dates, distances, durations, paces, heart rate readings, calories, outside temperature during your runs (from your device's recordings, your uploads, or manual entry), route notes, and race results that you log or import. We use this data to generate your training plans, project race times, detect fatigue patterns, and adapt your plan — including correcting heart-rate-based fitness signals for hot weather.
Weather data (optional)
If you provide a home ZIP or postal code, we request weather conditions (temperature) near that area from Apple Weather(Apple's WeatherKit service) to inform your daily training guidance — for example, suggesting an easier pace on a hot day. Only approximate coordinates derived from your ZIP code and the relevant dates are sent to Apple; your identity, account details, and workout data are not. Your ZIP code is optional, editable, and removable at any time in Settings. Weather data is provided by Apple Weather.
We treat health and fitness data as sensitive personal information under applicable laws (including the California Consumer Privacy Act and the General Data Protection Regulation), even though it is not protected health information under HIPAA. We use it only to provide the Service to you.
Location and GPS run tracking (optional)
PaceNova includes an optional in-app run tracker on iPhone. If you choose to record a run, and only while a recording session is active, the app collects your precise location (GPS)to map your route and calculate distance, pace, and splits. Recording continues while the app is in the background or your screen is locked so a run isn't interrupted; iOS shows a location indicator while this is happening. During a recorded run we may also collect motion and barometric sensor data from your device to estimate elevation and cadence, and heart rate if you have a paired device that provides it (an iPhone by itself has no heart-rate sensor).
We use this data to show your live run, save a map and summary of the completed run, and improve the accuracy of your training analysis (including looking up the weather at your run's actual location and time). A recorded run — including its route — is stored in your account until you delete it, and you can delete an individual run or your whole account at any time. We request location access only when you first use the tracker, you can decline or revoke it in your device settings (the rest of the app still works), and we do not use location for advertising or share it with advertisers. We do not track your location when you are not actively recording a run.
Device and file imports (optional)
You can bring in your existing runs so you do not have to log them manually. On iPhone, PaceNova reads your completed workouts from Apple Health when you grant access; on any device, you can upload activity files you export from your watch or fitness apps (.GPX or .CSV). We import only the workout data in those sources — date, distance, duration, average pace, heart rate, and outside temperature where available. You can revoke Apple Health access at any time in your device settings, and imported workouts remain in your account until you delete them.
On Android, PaceNova reads your completed workouts from Health Connectwhen you grant access — including runs recorded by devices and apps that sync to it (such as Galaxy Watch, Pixel Watch, and Fitbit). With your permission we read exercise sessions, distance, heart rate (including resting heart rate), step cadence, and workout GPS routes. We use this data solely to provide PaceNova's coaching features — analyzing your training, calibrating your fitness score and paces, and generating your plan and projections. We do not use Health Connect data for advertising, and we do not sell it or share it with third parties. You can revoke Health Connect access at any time in your device settings; workouts already imported remain in your account until you delete them, and deleting your account deletes them permanently.
Payment information
Subscription payments are processed by Stripe, Inc.We do not store your full payment card information on our servers. We receive only a Stripe customer identifier, subscription status, and metadata such as last four digits and card expiration. Stripe's use of payment information is governed by Stripe's Privacy Policy.
Usage and technical data
We automatically collect limited technical information when you access the Service: IP address (used for rate limiting and abuse prevention), browser type, referring pages, and timestamps of requests. We do not use third-party advertising or analytics cookies.
Cookies and local storage
We use browser localStorage to store authentication tokens (so you stay logged in between visits). We do not set advertising or tracking cookies. We do not use any third-party analytics that would set cookies.
3. How we use your information
We use your personal information to:
- Provide, maintain, and improve the Service
- Generate personalized training plans, race-time projections, and adaptive workout recommendations
- Process subscription payments and manage your account
- Communicate with you about your account, billing, and changes to the Service
- Detect, investigate, and prevent fraud, abuse, and security incidents
- Comply with our legal obligations
We do not sell your personal information, and we do not use your training data to train third-party AI models. The Service's underlying machine-learning models were trained on publicly available datasets of consenting marathon athletes, not on individual customer data.
Automated decision-making. The Service uses automated processing to generate training plans, race-time projections, fatigue assessments, and pacing recommendations. These outputs are recommendations only — you control whether to follow any of them, and they do not produce legal or similarly significant effects about you. You may contact us at legal@pacenova.ai to request human review of any output that materially affects you.
4. How we share your information
We share personal information only with the following service providers ("sub-processors"), each acting on our behalf to operate the Service:
- Stripe, Inc. — payment processing and subscription management
- Railway Corp. — backend application hosting and managed Postgres database
- Vercel Inc. — frontend application hosting
- Cloudflare, Inc. — domain registration and DNS
We may also disclose information if required by law, subpoena, court order, or other legal process; to protect our rights, safety, or property; or in connection with a merger, acquisition, or sale of assets (in which case we will notify affected users).
5. Your rights and choices
Depending on your jurisdiction, you may have the following rights with respect to your personal information:
- Access: request a copy of the personal data we hold about you
- Correction: ask us to correct inaccurate data (you can edit most profile data directly in Settings)
- Deletion: ask us to delete your account and personal data (subject to the limited legal-defense retention described in Section 6)
- Portability: receive your data in a machine-readable format
- Withdrawal of consent: revoke a connected device or app, or cancel your subscription, at any time
- Objection: object to certain processing of your data
To exercise any of these rights, contact us at legal@pacenova.ai. We will respond within 30 days. If you are in California, you may also have rights under the CCPA / CPRA, including the right to know, delete, correct, and opt out of the sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising). If you are in the EU, EEA, UK, or Switzerland, you have rights under the GDPR and may lodge a complaint with your local data-protection authority.
6. Data retention
We retain your account and training data for as long as your account is active. If you cancel your subscription, your data remains in read-only form so you can resubscribe later without losing your training history. If you request account deletion, we will delete your personal data within 30 days, except (a) where we are required to retain it for legal, tax, or accounting purposes (typically up to 7 years for billing records), or (b) the limited safety-warning record described immediately below.
Retention of safety-warning records for legal defense
If you ignored or declined one or more of our injury-risk or recovery warnings, we retain a limited record of those specific warnings — the warning we showed, your response, the associated training plan, and the identity information needed to link them to you — even after you delete your account. We keep this record solely to establish, exercise, or defend legal claims, as permitted by GDPR Article 17(3)(e) and the CCPA / CPRA (Cal. Civ. Code § 1798.105(d)). It is stored in a separate, access-restricted, encrypted store, is used only for legal-defense purposes, and is automatically deleted after the applicable limitation period — currently six years from your last such warning or your account deletion, whichever is later. We do not retain this record for users who accepted our warnings or who never received one; their data is fully deleted.
7. Security
We use reasonable administrative, technical, and physical safeguards to protect your data, including: encryption of data in transit (HTTPS/TLS), PBKDF2 password hashing, JWT-based authentication with short-lived access tokens, rate limiting on authentication endpoints, and secure secret management for API keys. No system is perfectly secure; if we discover a breach affecting your data, we will notify you in accordance with applicable laws.
8. Children's privacy
The Service is intended for adults aged 18 and older. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a person under 18, we will delete it. If you believe a minor has provided us with personal information, please contact us at legal@pacenova.ai.
9. International users
The Service is operated from the United States. If you access the Service from outside the United States, you consent to the transfer and processing of your information in the United States, where data-protection laws may differ from those in your country.
10. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and post the updated policy with a new effective date. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
11. Contact us
If you have questions about this Privacy Policy or our privacy practices, contact us at:
Quantik Digital LLC
Knoxville, Tennessee, USA
Mailing address available upon request.
Email: legal@pacenova.ai