Legal

Privacy Policy

Last updated: April 2026

1. Who we are

GJR Solutions is operated by Gary Rowlatt, based in the United Kingdom. For any privacy-related questions, contact: gjrservices@yahoo.com

As a UK-based sole trader, GJR Solutions is subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. What data we collect

When you connect your Strava account to order a Runner Profile Report, we access the following data from your Strava account via Strava's official API:

• Running activity records — date, distance, duration, and moving time
• Heart rate data — average and maximum heart rate per activity (where recorded)
• Your name, as stored in your Strava profile

We do not access:

• GPS routes, maps, or location data
• Photos or media attached to activities
• Social features, followers, or clubs
• Payment information (this is handled by PayPal or your bank directly)

3. How we use your data

Your Strava data is used solely for the following purpose:

• To generate your Runner Profile Report — we analyse your activity history to produce your personalised report, including your runner type, heart rate zone breakdown, pace trends, and race potential estimates.

We do not use your data for marketing, profiling, automated decision-making, or any purpose other than producing the report you ordered.

4. Legal basis for processing

We process your data on the basis of contractual necessity (Article 6(1)(b) UK GDPR) — you have requested a report, and analysing your Strava data is necessary to deliver it.

5. How long we keep your data

Your Strava activity data (the raw data files used to generate your report) is deleted within 30 days of your report being delivered.

We retain your name and email address for up to 12 months for the purpose of handling any queries about your report. After that, it is deleted.

We do not retain ongoing access to your Strava account after your report is delivered. You can revoke GJR Solutions' access to your Strava data at any time via: Strava → Settings → My Apps.

6. Who we share data with

We do not sell, rent, or share your personal data with any third parties, except:

• Strava — as the source of your activity data (governed by Strava's Privacy Policy)
• Railway — we use Railway (railway.app) as a server platform to handle the Strava authorisation step. Railway processes your authorisation token briefly during this step and does not retain your activity data.

No data is transferred outside the UK/EEA in a way that would reduce your protections under UK GDPR.

7. Your rights

Under UK GDPR you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — ask us to correct inaccurate data
• Erasure — ask us to delete your data (the "right to be forgotten")
• Restriction — ask us to limit how we use your data
• Portability — receive your data in a portable format
• Objection — object to our processing of your data

To exercise any of these rights, email gjrservices@yahoo.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been handled unlawfully.

8. Data security

Your Strava authorisation tokens are transmitted over encrypted HTTPS connections and stored only temporarily during report generation. We take reasonable steps to protect your data, including secure deletion of data files after the retention period.

9. Cookies

This website does not use cookies or tracking technologies. No analytics or third-party tracking scripts are loaded on any page of this site.

10. Changes to this policy

If we make material changes to this policy, we will update the "last updated" date at the top of this page. We recommend checking this page periodically.