pwrdby ← Back to Home

Privacy Policy

Last updated: April 2026

1. Introduction

pwrdby ("we," "us," "our") is an integration layer that connects Spotify and Strava, automatically syncing the music you listened to during your workouts into your Strava activity descriptions. This Privacy Policy describes how we collect, use, and protect your personal information when you use our website and services at pwrdby.run.

pwrdby serves users worldwide. This policy is designed to comply with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Brazil's Lei Geral de Proteção de Dados (LGPD), and other international privacy frameworks.

2. Information We Collect

Information You Provide

  • Name and email address (via Google sign-in)
  • Spotify account details (display name, email) when you connect your account
  • Strava account details (name, athlete profile) when you connect your account

Information Collected Automatically

  • Analytics data (page visits, clicks, referrer sources)
  • IP address (hashed for anonymisation) and browser information
  • Cookies and session data
  • Device type and operating system

3. Legal Bases for Processing

We process your personal data under the following legal bases:

  • Consent: When you connect your Spotify, Strava, or Google accounts
  • Contract: To provide the music sync service you signed up for
  • Legitimate interest: Analytics and service improvement, fraud prevention
  • Legal obligation: Compliance with applicable laws and regulations

4. Third-Party Data Integration

We integrate data from third-party platforms to provide our services:

  • Strava: Activity data (distance, duration, heart rate, elevation) — used to match workout windows for music sync
  • Spotify: Recently-played tracks and episodes — used to populate your Strava activity descriptions
  • Google: Basic profile information (name, email) — used for account creation and authentication

Your use of these integrations is governed by each platform's own Privacy Policy and Terms of Service.

5. How We Use Your Information

  • Syncing your Spotify listening history to your Strava workout activities
  • Displaying community stats (anonymised aggregate data only)
  • Generating personalised activity music summaries
  • Maintaining your account and connected service integrations
  • Analytics and service improvement
  • Compliance with legal obligations
  • Fraud prevention and account security

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encrypted data transmission (HTTPS/TLS)
  • OAuth tokens stored with AES-256-GCM encryption at rest
  • Secure hosting on infrastructure with access controls
  • Limited staff access to personal information

No security system is 100% secure. We encourage you to take steps to protect your passwords and account access.

7. Data Retention

  • Active accounts: Data retained while you use our services
  • After account deletion: Personal data deleted within 30 days; anonymised analytics may be retained
  • Cookies: Session cookies expire on browser close; persistent cookies last up to 1 year

8. Sharing Your Data

We do not sell your personal data to third parties.

We may share data only in these circumstances:

  • With your consent: When you explicitly authorise us to share data
  • Service providers: Hosting providers and analytics tools contractually bound to protect your data
  • Legal compliance: When required by law, court order, or regulatory authority
  • Platform APIs: With Strava and Spotify as necessary to deliver the integrations you've authorised

9. International Data Transfers

pwrdby's servers are hosted in the United States. If you are located outside the US, your data will be transferred to and processed in the US. We ensure appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses (SCCs) where required by EU/UK GDPR
  • Data processing agreements with hosting and service providers
  • Technical measures (encryption in transit and at rest)

10. Your Privacy Rights

Depending on your location, you may have the following rights under applicable data protection laws:

EU/UK — GDPR & UK GDPR

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion (right to be forgotten)
  • Portability: Receive your data in a machine-readable format
  • Object/Restrict: Object to or restrict certain processing
  • Withdraw consent: Withdraw consent at any time

You may also lodge a complaint with your local Data Protection Authority (e.g. the UK ICO, the French CNIL, or the Irish DPC).

California — CCPA/CPRA

  • Right to Know: Request what personal information we collect and how it's used
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: We do not sell personal information; no opt-out needed
  • Non-Discrimination: We will not discriminate against you for exercising these rights

California residents may designate an authorised agent to make requests on their behalf.

Canada — PIPEDA

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate data
  • Withdraw consent: Withdraw consent (subject to legal or contractual restrictions)
  • Complaint: File a complaint with the Office of the Privacy Commissioner of Canada

Brazil — LGPD

  • Confirmation & Access: Confirm processing and access your data
  • Correction: Request correction of incomplete or inaccurate data
  • Anonymisation/Deletion: Request anonymisation or deletion of unnecessary data
  • Portability: Request data portability
  • Revocation: Revoke consent at any time

You may file a complaint with the ANPD (Autoridade Nacional de Proteção de Dados).

To exercise any of these rights, contact us at m@pwrdby.run. We will respond within 30 days (or sooner where required by law).

11. Cookies

We use cookies for:

  • Essential: Session management and authentication
  • Functional: Remembering your preferences and connected accounts
  • Analytics: Understanding how users interact with our site (page views, feature usage)

You can disable cookies in your browser settings, though this may affect functionality.

12. Children's Privacy

pwrdby is not intended for users under 16 years of age (or the minimum age required in your jurisdiction). We do not knowingly collect personal data from children. If we become aware we have collected data from someone under the applicable age, we will delete it promptly.

13. Third-Party Links

Our website may contain links to third-party websites (Spotify, Strava, etc.). We are not responsible for their privacy practices. Please review their privacy policies before providing personal information.

14. Policy Changes

We may update this Privacy Policy at any time. Material changes will be posted on this page with an updated "Last updated" date. Where required by law, we will notify you of significant changes. Continued use of our services after changes constitutes acceptance of the updated policy.

15. Contact & Data Protection

For privacy questions or to exercise your rights, contact us at:

m@pwrdby.run

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority — such as the UK ICO, the EU Data Protection Authority in your member state, the California Attorney General, the Office of the Privacy Commissioner of Canada, or the Brazilian ANPD.