Privacy Policy

1. Who We Are

Podiums ("Podiums," "we," "us," or "our") operates the website at podiums.run and the Podiums mobile application. Our contact email is contact@podiums.run.

2. Data We Collect

We collect data in three ways: data you give us directly, data we import from timing sources on your behalf, and data generated automatically by your use of the platform.

Account data — When you register, you provide an email address and create a password. Optionally, you may add a display name, bio, location, running club, and profile photo. We store this to identify you and build your public profile.

Race results and timing data — When you connect a timing source (such as RunSignup or ChronoTrack), you authorize Podiums to retrieve your race results from that source using the email address you raced with. The data we import includes finish times (chip and gun), distance, placement, age group, bib number, and race metadata. This data is associated with your Podiums account and displayed on your profile.

Manual entries — You may manually add race results that are not available from a connected timing source. Manually entered results are marked as unverified until a timing source confirms them.

Usage data — We collect standard server logs (IP address, browser/device type, pages visited, timestamps) to operate the service, diagnose errors, and understand how people use Podiums. We use error tracking software (Sentry) that captures stack traces when something breaks. We do not use this data to build advertising profiles.

Communications — If you contact us by email, we retain that correspondence to help resolve your issue.

3. How We Use Your Data

• To create and maintain your account and public athlete profile
• To import and display your verified race results from connected timing sources
• To detect personal records (PRs) across distances and notify you of them
• To power leaderboards, social features (follows, feed), and race discovery
• To send transactional emails: account verification, password reset, race reminders, and PR notifications (you control notification preferences in Settings)
• To diagnose and fix bugs, improve reliability, and understand feature usage
• To comply with legal obligations

We do not sell your personal data. We do not use your data for targeted advertising.

4. Third-Party Timing Sources

When you connect a timing source, Podiums sends your registered email address to that platform's API to locate and retrieve your race history. By connecting a source, you authorize this lookup. The timing sources we currently support or plan to support include:

• RunSignup runsignup.com — their privacy policy governs data on their platform
• ChronoTrack chronotrack.com — their privacy policy governs data on their platform
• Athlinks athlinks.com — their privacy policy governs data on their platform

Podiums does not receive your passwords for these platforms. We retrieve only publicly available or permissioned race result data. You may disconnect a timing source at any time in Settings, which stops future syncs (it does not delete results already imported).

5. Public Profile and Sharing

Your Podiums profile at podiums.run/@yourhandle is public by default. Anyone with the link — including search engines — can view your verified race results, PR history, and any bio or club information you have added. If you do not want your results to be publicly visible, do not create a Podiums account.

Profile-sharing features (QR codes, poster downloads, social overlays) are provided for your own use. Podiums does not independently distribute your profile to third parties beyond making it accessible at your public URL.

6. Data Sharing

We share your data only in the following circumstances:

• With timing sources — as described in Section 4, to retrieve your results
• With infrastructure providers — hosting (Railway), database (Supabase/Neon), object storage (Cloudflare R2), email delivery (Postmark), and error tracking (Sentry). These providers process data only as necessary to provide their services and are contractually bound to protect it
• If required by law — we will disclose data if compelled by a valid legal process, and we will attempt to notify you in advance unless legally prohibited from doing so
• In a business transfer — if Podiums is acquired, your data may transfer to the acquiring entity. We will notify you before that happens and you will have the option to delete your account

We do not share data with advertisers, data brokers, or analytics companies that build behavioral profiles.

7. Data Retention

We retain your account data and imported race results for as long as your account is active. If you delete your account, we delete your personal data within 30 days, except where we are required to retain it longer for legal or compliance reasons. Anonymized or aggregated data (e.g., aggregate race completion counts) may be retained indefinitely.

8. Your Rights and Controls

Regardless of where you are located, you have the following rights with respect to your data:

• Access — request a copy of the data we hold about you
• Correction — update inaccurate data (most profile data is editable directly in the app)
• Deletion — delete your account and all associated personal data from within the app (Settings → Delete Account) or by emailing us
• Export — request an export of your race results data in a portable format
• Objection — object to any processing of your data that you believe is unlawful

To exercise any of these rights, email contact@podiums.run. We will respond within 30 days.

If you are in the European Economic Area or United Kingdom, you have additional rights under GDPR/UK GDPR and the right to lodge a complaint with your local supervisory authority.

9. Cookies and Tracking

The Podiums web app uses session cookies to keep you logged in. We do not use third-party advertising cookies or cross-site tracking pixels. If we add analytics tools in the future, we will update this policy.

10. Children's Privacy

Podiums is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has created an account, contact us and we will delete it promptly.

11. Security

We use industry-standard security practices: HTTPS everywhere, hashed passwords (bcrypt), encrypted connections to our database, and access controls that limit which systems can read your data. No system is perfectly secure. If you discover a security vulnerability, please report it to contact@podiums.run before disclosing it publicly.

12. Changes to This Policy

If we make material changes to this policy, we will notify registered users by email at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of Podiums after the effective date constitutes acceptance of the updated policy.

13. Contact