Back to Home

Privacy Policy

Last updated: December 7, 2024

1. Introduction

1st Marathon (operated by Sicsty Oy, "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use the 1st Marathon mobile application ("App") and related services.

By using our App, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide Directly

When you use 1st Marathon, we collect information you provide to us, including:

  • Account Information: Name and email address (via Sign in with Apple). Note that Apple allows you to hide your email address, in which case we receive a private relay email.
  • Apple User ID: A unique identifier provided by Apple to authenticate your account.
  • Training Profile: Information you provide during onboarding, including your current fitness level, running experience, marathon goal time, race date, and training preferences.
  • Training Data: Workout completions, running metrics (distance, pace, duration), workout reflections, weekly reflections, and training notes you submit.
  • Training Plans: Generated training schedules, weekly workout prescriptions, and phase plans created for you.

2.2 Automatically Collected Information

When you use the App, we automatically collect:

  • Usage Data: How you interact with the App, features you use, and actions you take.
  • Device Information: Device type, operating system version, unique device identifiers.
  • Performance Data: Crash reports and error logs (if you opt-in to diagnostics).

2.3 Information We Do NOT Collect

  • We do not collect precise location data
  • We do not access your contacts
  • We do not collect payment information directly (handled by Apple)
  • We do not track you across other apps or websites

3. How We Use Your Information

We use your information for the following purposes:

  • Provide Training Services: Generate personalized marathon training plans using AI based on your profile and progress.
  • Adapt Your Training: Analyze your workout completions and reflections to adjust future training recommendations.
  • Account Management: Create and maintain your account, authenticate your identity.
  • Communications: Send you transactional emails about your account and training (e.g., welcome emails, important updates). We do not send marketing emails.
  • Improve Services: Analyze aggregated, anonymized data to improve our training algorithms and App features.
  • Security: Detect and prevent fraud, abuse, and security issues.
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes.

4. How We Share Your Information

4.1 Third-Party Service Providers

We share your information with the following third-party services that help us operate:

  • Supabase: Database and authentication infrastructure. Stores your account data, training plans, and workout history. Data is stored in secure, encrypted databases with row-level security policies. Supabase Privacy Policy
  • Anthropic (Claude AI): AI service that generates your personalized training plans and workout recommendations. Your training profile and progress data is sent to Anthropic's API to generate plans. Anthropic Privacy Policy
  • Resend: Email delivery service for transactional emails (welcome emails, account notifications). Resend Privacy Policy
  • Apple: Sign in with Apple for authentication, In-App Purchases for payments. Apple Privacy Policy

4.2 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We will never sell your training data or health information.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities.

5. Data Security

We take data security seriously and implement industry-standard measures to protect your information:

  • Encryption in Transit: All data transmitted between the App and our servers uses HTTPS/TLS encryption.
  • Encryption at Rest: Your data is stored in encrypted databases.
  • Authentication: We use secure JWT (JSON Web Token) authentication verified on every API request.
  • Row-Level Security: Database policies ensure you can only access your own data.
  • Access Controls: Limited employee access to user data, only when necessary for support.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

6. Data Retention and Deletion

6.1 How Long We Keep Your Data

  • Active Accounts: We retain your data for as long as your account is active.
  • Deleted Accounts: When you delete your account, we immediately delete all your personal data from our databases, including:
    • Account information (name, email)
    • Training profile and preferences
    • All training plans and schedules
    • All workout completions and reflections
  • Backup Data: Deleted data may persist in encrypted backups for up to 30 days before permanent deletion.
  • Legal Retention: We may retain certain information if required by law (e.g., financial records).

6.2 How to Delete Your Account

You can delete your account at any time directly in the App:

  1. Open the 1st Marathon app
  2. Go to Profile/Settings
  3. Tap "Delete Account"
  4. Confirm deletion

This action is permanent and cannot be undone. All your data will be immediately deleted from our systems.

7. Your Privacy Rights

7.1 European Users (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights:

  • Right to Access: Request a copy of your personal data.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure: Request deletion of your data (via Delete Account feature).
  • Right to Data Portability: Request your data in a portable format.
  • Right to Object: Object to processing of your data.
  • Right to Restrict Processing: Request restriction of processing.
  • Right to Withdraw Consent: Withdraw consent at any time.

To exercise these rights, contact us at support@1stmarathon.com

7.2 Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract Performance: Processing necessary to provide the training services you requested.
  • Legitimate Interests: Improving our services, preventing fraud, and ensuring security.
  • Consent: Where you have given explicit consent (e.g., email communications).

8. Children's Privacy

The 1st Marathon app is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at support@1stmarathon.com, and we will delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States and European Union. We use Supabase's infrastructure which may store data in various regions. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable law, including GDPR requirements for EU users.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of material changes by:

  • Updating the "Last updated" date at the top of this policy
  • Sending you an email notification (if we have your email)
  • Displaying a notice in the App

Your continued use of the App after changes are posted constitutes your acceptance of the revised policy.

11. Health and Medical Disclaimer

Important: 1st Marathon provides fitness training recommendations and is not a substitute for professional medical advice. Our AI-generated training plans are for informational and educational purposes only.

Always consult your physician before beginning any exercise program, especially if you:

  • Have any pre-existing health conditions
  • Are taking medication
  • Have a history of heart problems
  • Experience chest pain, dizziness, or shortness of breath during exercise
  • Are pregnant or recently gave birth
  • Have not exercised regularly in the past year

If you experience pain, discomfort, or any unusual symptoms during training, stop immediately and seek medical attention.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Sicsty Oy
Operating as: 1st Marathon
Email: support@1stmarathon.com
Address: Koukkuniementie 6 L, 02230 Espoo, Uusimaa, Finland

For privacy-specific inquiries, you can also email: support@1stmarathon.com

13. Supervisory Authority

If you are located in the EEA or UK and have concerns about our data practices, you have the right to lodge a complaint with your local data protection authority:

Finland: Office of the Data Protection Ombudsman (tietosuoja.fi)