Privacy Policy

Responsible: CreativeMaker e.U., Rechte Bahnzeile 24, 2486 Landegg, Österreich, E-mail: info@creativemaker.at

Data Protection contact: info@creativemaker.at

Introduction

We attach great importance to the protection of your personal data. This privacy policy informs you about the collection, processing, and use of your data.

Processed data

  • Account data: Email, password (hashed), optional profile data.
  • GPX/TCX uploads: training and race track data, performance values.
  • Strava data: Only with your explicit consent (Art. 6 para. 1 lit. a GDPR). We only import the data necessary for our functions via the Strava API (Scopes: activity:read, activity:read_all). Depending on your permissions, this may include activity and performance data (such as date, duration, distance, speed, GPS/route, elevation) as well as – if you consent – health data (e.g., heart rate, power output). The processing of health data is based on your explicit consent (Art. 9(2)(a) GDPR). The processing of data on Strava is governed solely by the privacy policy of Strava Ireland Ltd.
  • Usage data: Logins, settings, performed simulations.
  • Payment information: Processing is carried out solely by the payment provider.
  • Simulation data: information such as name, team, weight, height, performance values(e.g. watts, air and rolling resistance, speed) and Role designation required to carry out the simulation.

Data Storage

Your data will be processed solely for the purpose of conducting the simulation – no personal data will be stored. Details:

Self-deletion: If available, you can independently delete imported Strava data via your user account. Otherwise, we will delete or anonymize this upon request through our support.

  • Local Storage: Temporary UI settings and simulation data can be stored in the browser, but will remain solely on your device.
  • Server processing: Route and performance data are only processed during the simulation and are not permanently stored.
  • Encryption: All data transfers are encrypted via TLS/SSL.

Strava connection & revocation

You can disconnect from Strava at any time. To do this, go to Strava (Web) settings → My Apps and click Revoke Access for our app. After that, no new data will be synchronized. We will delete or anonymize existing, already imported data in accordance with the Storage Duration section.

Strava: RaceYourTrack®

Note: Depending on the permissions (Scopes) you allow, a third-party read may also include private activities. We only request the scopes necessary for our functions.

2. Purposes & Legal Bases

  • Contract fulfillment (Art. 6 para. 1 lit. b GDPR): Use of the service, evaluation of your data.
  • Consent (Art. 6 Para. 1 lit. a GDPR): Strava integration, optional cookies/analytics.
  • Legitimate interest (Art. 6 para. 1 lit. f GDPR): Security, improvement of the offering, prevention of abuse.
  • Processing of simulation data (Art. 6 para. 1 lit. b GDPR): For Performing the simulation, it is necessary that you have certain Performance data (e.g. power, weight, size, air and rolling resistance)provided. This information is used exclusively for the calculation and Representation of the simulation processed. Without this data, the use of of the service is technically not possible.

Research and development purposes

To provide and continuously improve our simulation modelsand wind calculations, it is necessary that anonymized or aggregated training and simulation data can be evaluated. This processing is technically necessary to ensure accuracy and functionality of the service, and is based on of Art. 6 para. 1 lit. b GDPR (performance of contract).

A further use for research and Development purposes (e.g., model training with advanced data sources)shall only take place with your express consent in accordance with Art. 6 para. 1 lit. a GDPR, which you can revoke at any time.

3. Hosting & Recipients

  • Hosting by DigitalOcean LLC (Server location EU).
  • Domain and email provider: easyname GmbH, Austria.
  • Payment processing / Merchant of Record: Paddle.com Market Ltd. — 70 Wilson Street, London EC2A 2DB, UK. Purpose: Payment processing, invoicing, tax/compliance (own responsible person). Legal basis: Art. 6 para. 1 letter b and letter c GDPR.
  • Strava Ireland Ltd. (only with active connection; for EU/EEA affected): Magennis Court, Pearse Street, Dublin 2, D02 FK76, Ireland; Email: DPO@strava.com.
  • Places of processing: Austria, EU/EEA.

4. Cookies & Tracking

PostHog (Product and Usage Analysis)

We use the analytics service PostHog to understand how our website is used and to continuously improve our offering. The service provider is PostHog, Inc., with data processing carried out exclusively through the EU region (eu.posthog.com).

Purpose of processing:
With PostHog, we analyze visitor behavior, e.g., which pages are accessed, how long a visit lasts, or which features are used. This helps us identify errors, improve user-friendliness, and further develop our product.

Legal basis:
Processing is based on your consent pursuant to Art. 6(1)(a) GDPR. No tracking takes place without your consent.

Which data is processed?
Depending on your consent, the following data may be processed, among others:

  • Page views and navigation
  • Click and usage events
  • Browser and device information
  • Time and duration of use
  • Referrer URL
  • Optional session recordings
  • Optional user ID after login (if available)

Use of cookies:
PostHog only uses cookies if you have consented via the cookie banner. If you decline, PostHog automatically operates in 'cookieless mode', without cookies or persistent identifiers.

Data processing in the EU:
We use PostHog’s EU infrastructure exclusively (eu.posthog.com). No data is transferred to third countries.

Withdrawal of consent:
You may withdraw your consent at any time with effect for the future. To do so, use the “Change cookie settings” link in the footer.

Further information:
PostHog Privacy Policy

Newsletter

If you subscribe to our newsletter, we use your email address to regularly send you information about new features, updates, and offers. Emails are sent only with your explicit consent in accordance with Art. 6(1)(a) GDPR.

We use the double opt-in procedure for registration. After signing up, you will receive an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one can register using someone else's email address.

You can unsubscribe at any time – for example via the unsubscribe link in each newsletter or by emailing info@creativemaker.at.

After unsubscribing, your data will be deleted from the newsletter mailing list, unless legal retention obligations prevent this.

The dispatch may be carried out by an external service provider (e.g., Mailchimp, Brevo, Sendinblue). In this case, a data processing agreement is concluded in accordance with Art. 28 GDPR.

5. Duration of saving data

  • Account data: as long as your account is active; deletion 30 days after account deletion.
  • Uploads & Strava data: as long as your account is active; deletion 30 days after withdrawal or account deletion.
  • Analysis data (GPX/TCX evaluations): as long as you keep them in your account; you can delete them at any time. No later than 30 days after account deletion, we will delete or anonymize this data. Aggregated, anonymized statistics can be stored permanently.
  • Billing and tax data: 7 years (statutory retention period).
  • Log data (e.g. error logs, security logs): up to 90 days.
  • If there is no active subscription (currently more than 6 months), we reserve the right to use the account and all associated personal data Delete data permanently. Prior to such deletion, we inform notify you at least 30 days in advance by e-mail to the last e-mail on fileemail address.

6. Rights of Users

  • Information, correction, deletion, restriction, data portability (Art. 15–20 GDPR).
  • Revocation of consents (Art. 7 para. 3 GDPR).
  • Right to lodge a complaint with the supervisory authority: Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna, Tel: +43 1 52 152-0, E-Mail: dsb@dsb.gv.at, Website: https://dsb.gv.at
  • Ad-Blocker: Block tracking by ad blockers.
  • Browser settings: Block/clear cookies and local storage.
  • Opt-Out: Google Analytics Browser Add-On: Download.
  • Do Not Track: We respect Do-Not-Track signals as much as possible.

7. Data Security

TLS encryption, secure storage, password hashing, access restrictions. Regular security reviews. Please use up-to-date security software and secure browser settings.

8. Children

Our offer is not directed at children under 13 years of age. No personal data from children is collected.

9. Disclaimer

RaceYourTrack® RaceYourTrack is a digital tool for creating, visualizing, and analyzing virtual track layouts. It is intended solely for informational and simulation purposes and does not constitute training, health, or safety advice.

Use is at your own risk. Any interpretations and applications are solely at the discretion of the users. We accept no liability for health or safety-related consequences.

10. Automated Decisions

We do not make decisions based solely on automated processing – including profiling – that produce legal effects for you or similarly significantly affect you (Art. 22 GDPR).

11. Transfers to third countries

Transfers to third countries, in particular the USA, may occur (e.g. Google; possibly Strava as part of global processing). As far as recipients participate in the EU–US Data Privacy Framework, we base transfers on the adequacy decision of the EU Commission (Art. 45 GDPR). Otherwise, we use the EU Standard Contractual Clauses (Art. 46 GDPR) and take additional measures as necessary.

12. Changes

We can modify this privacy policy. You can find the current version on this page.

13. Contact & Status

For data protection inquiries, contact: info@creativemaker.at

Date: 01.10.2025 – Landegg, Österreich

Back to Homepage