Privacy Policy

Last updated: 17 June 2026

RaceNERD.se ("RaceNERD", "we", "us") collects and presents results from Swedish endurance races (running, cycling, skiing, swimming, triathlon, swimrun) so athletes can find and follow their results across events and years. This policy explains what personal data we process, why, and your rights.

Data controller: RaceNERD.se. General enquiries: info@racenerd.se. Privacy requests: privacy@racenerd.se.

1. What data we process

a) Publicly published race results. We aggregate results that race organizers and official timing providers have already published — typically name, club/city, start number, finish time, placement and split times — and present them the same way they appear on the timing providers' own sites. If a result concerns you and you want it hidden or removed, contact us (see §7).

b) Account data (only if you choose to log in). Logging in is optional. We offer sign-in through Google and Strava. When you log in we store: your display name; your email address if the provider supplies one (Google does; Strava does not); a provider account identifier used to recognise you on return; the athlete profiles you claim as yours and any results you choose to hide; and a login session.

c) Strava data specifically. When you connect with Strava we request only the read scope. We receive your Strava athlete ID and name, which we use solely to identify your account on RaceNERD. We do not access, request, store or display your Strava activities, location, heart-rate or other health data, and we never write anything to your Strava account. You can disconnect at any time (§7) and revoke access from your Strava settings under Settings → My Apps.

d) Usage analytics & operational data. We keep privacy-preserving, aggregate statistics (e.g. page views, timestamps, browser type, and a coarse country/region). We process your IP address to operate the service (rate-limiting and security) and to derive that coarse region. We do not use cross-site tracking, advertising cookies or profiling, and we do not sell any data.

2. Why we process it (legal bases)

To provide the results archive — our legitimate interest (Art. 6(1)(f) GDPR) in offering a public race-results service.
To operate your optional account, authenticate logins and link your results — to perform the service you request (Art. 6(1)(b)) and based on your consent when you connect a provider (Art. 6(1)(a)).
To keep the site secure and reliable and understand aggregate usage — legitimate interest (Art. 6(1)(f)).

3. Cookies

If you log in, we set a single first-party session cookie (HTTP-only, Secure) that keeps you signed in. We use no advertising or third-party tracking cookies. If you never log in, no login cookie is set.

4. Who we share data with

Identity providers (Google, Strava) — only when you choose to log in with them; governed by their own privacy policies.
Hosting provider (Fly.io) — operates the servers that run RaceNERD.

We do not sell your personal data and do not share it for advertising.

5. Retention

Account data is kept until you delete your account or disconnect, then removed.
Login sessions expire automatically (within 90 days) and on logout.
Analytics are stored only in aggregate, privacy-preserving form.
Public race results are retained as part of the historical archive; individual entries can be hidden or removed on request (§7).

6. Security & international transfers

Traffic is served over HTTPS; sessions are server-side and revocable. Servers are hosted in the EU (Stockholm region). Where any provider processes data outside the EU/EEA, it is done under appropriate safeguards (e.g. EU Standard Contractual Clauses).

7. Your rights

You have the right to access, correct, or delete your personal data, to withdraw consent, to object to processing, and to data portability. Specifically you can:

disconnect a login provider or delete your account;
request that a public race result about you be hidden or removed;
lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

To exercise any of these, email privacy@racenerd.se.

8. Children

RaceNERD is not directed at children, and accounts are intended for adults. Note that publicly published race results may include participants of any age, exactly as released by the race organizer.

9. Changes to this policy

We may update this policy; material changes will be reflected by the "Last updated" date above.

10. Contact

RaceNERD.se — info@racenerd.se (general) · privacy@racenerd.se (privacy).