Peloton Manager
Get early access

Privacy Policy

Last updated: 17 April 2026

1. Who we are

Peloton Manager ("we", "our", "us") is a cycling club management platform that integrates with the Strava API. We are not affiliated with, endorsed by, or sponsored by Strava, Inc. Our contact address is contact@pelotonmanager.com.

2. Data we collect

When you connect your Strava account, we receive and store:

  • Your Strava athlete ID, name, profile photo and gender (if public)
  • Your access token and refresh token (encrypted at rest)
  • Activity summaries for events you are enrolled in within your club
  • Club membership data: your role, assigned peloton and event participation

We do not collect payment information. We do not collect location data beyond what Strava provides in activity summaries. We do not read private notes or messages.

3. How we use your data

  • To display your profile within your cycling club on Peloton Manager
  • To calculate participation scores and event assignments for your club
  • To send you transactional emails you request (e.g. invite notifications)
  • To maintain your session securely while you are signed in

We do not sell your data. We do not use your data to train AI models. We do not share your data with third parties except as required by law or to operate the platform (e.g. our hosting provider, Vercel, and our database provider).

4. Strava data and the Strava API Agreement

Peloton Manager is a Community Application under the Strava API Agreement. This means Strava data may be displayed to other members of the same club in aggregated or summary form for the purpose of club management and event coordination.

Strava activity data is cached for no longer than 7 days in accordance with the API Agreement. We do not store Strava data longer than necessary for club management.

5. Data retention and deletion

You can request deletion of your account and all associated data at any time. When you revoke Peloton Manager's access in your Strava account settings, or when you request deletion by emailing contact@pelotonmanager.com, we will permanently delete your personal data within 48 hours, in line with the Strava API Agreement requirements.

Club-level aggregate data (e.g. event attendance counts) that does not identify you personally may be retained for the lifetime of the club.

6. Security

Your Strava access tokens are encrypted at rest. We use HTTPS for all connections. We notify Strava of any security breach within 24 hours as required by the API Agreement. If you become aware of a security issue, please contact us immediately at contact@pelotonmanager.com.

7. Cookies and sessions

We use a single session cookie to keep you signed in. No advertising or tracking cookies are used. We do not use third-party analytics scripts.

8. Your rights (GDPR / UK GDPR)

If you are in the UK or European Economic Area, you have the right to access, correct, port or erase your personal data, and to object to or restrict its processing. To exercise any of these rights, email contact@pelotonmanager.com. We will respond within 30 days.

9. Changes to this policy

We may update this policy as the platform evolves. Material changes will be communicated via the platform or by email. Continued use of Peloton Manager after changes constitutes acceptance of the revised policy.

10. Contact

Questions about this policy? Email contact@pelotonmanager.com.

← Back to Peloton Manager