Trailrace logo

Privacy Policy

Last updated April 20, 2026

This Privacy Policy describes how Rad Alpine Co, LLC ("Trailrace," "we," "our," or "us") collects, uses, discloses, and protects information in connection with the website trailrace.co and any related online services, applications, and features (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Service.

1. Who We Are

Trailrace.co is a directory and web application for discovering and managing trail running races, routes, and related information. The data controller responsible for your personal information is:

  • Entity: Rad Alpine Co, LLC
  • Address: 2995 55th St #18073, Boulder, CO 80308, USA
  • Email: [email protected]

2. Information We Collect

We collect the following categories of personal information:

2.1 Information You Provide Directly

  • Account information: name, email address, password (stored as a salted hash), and optional profile details (e.g., display name, avatar, bio, preferred race distances).
  • Listings and content: any race, route, event, review, comment, or other content you submit to the directory.
  • Communications: messages you send us via email, support forms, or other channels.

2.2 Information Collected Automatically

  • Device and log data: IP address, browser type and version, operating system, referring/exit pages, timestamps, and pages viewed.
  • Cookies and similar technologies: see Section 6 below.
  • Analytics data: aggregate usage patterns collected through our analytics provider (PostHog) and error-monitoring provider (Sentry).

2.3 Location and GPS Data

  • Approximate location: derived from your IP address to provide regionally relevant content.
  • Precise location / GPS data: only when you explicitly grant permission (e.g., to find nearby trails or races, to log a run, or to upload a GPX/route file). You can disable location access at any time in your browser or device settings.

2.4 Payment Information

We do not collect or store payment card information ourselves. If and when paid features are introduced, payments will be processed by a third-party payment processor (e.g., Stripe), and that processor's privacy policy will govern the handling of your payment data. We may receive limited transaction metadata (such as confirmation status and the last four digits of your card) from the processor.

2.5 Information from Third Parties

If you sign in through a third-party service (e.g., Google, Apple, Strava) in the future, we may receive profile information permitted by that service and your privacy settings there.

3. How We Use Your Information

We use personal information for the following purposes:

  • To create and maintain your account and authenticate you.
  • To operate, maintain, and improve the Service, including the directory, search, and mapping features.
  • To personalize your experience (e.g., surfacing nearby races).
  • To communicate with you about your account, updates, security alerts, and support requests.
  • To send marketing or promotional messages where permitted (you can opt out at any time).
  • To prevent, detect, and investigate fraud, abuse, or security incidents.
  • To comply with legal obligations and enforce our Terms of Service.
  • To conduct analytics and research to understand how the Service is used.

Legal Bases (EEA / UK Users)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

  • Performance of a contract — to provide the Service you request.
  • Legitimate interests — to secure and improve the Service, prevent fraud, and conduct analytics, balanced against your rights.
  • Consent — for optional cookies, precise location data, and marketing communications (you may withdraw consent at any time).
  • Legal obligation — to comply with applicable laws.

4. How We Share Information

We do not sell your personal information. We share information only as described below:

  • Service providers: hosting (Vercel), database and authentication (Supabase), analytics (PostHog), error monitoring (Sentry), mapping (Mapbox), email delivery, customer support, and (in the future) payment processing. These providers act as processors on our behalf under written agreements.
  • Other users: content you submit publicly (e.g., race listings, reviews, profile) will be visible to other users and visitors.
  • Legal and safety: where required by law, subpoena, court order, or to protect the rights, property, or safety of Trailrace, our users, or the public.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality obligations.
  • With your consent: for any other purpose disclosed to you.

5. International Data Transfers

Trailrace is operated from the United States of America. If you access the Service from outside that country, your information may be transferred to, stored, and processed there or in other countries where our service providers operate.

For transfers from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or adequacy decisions, where applicable.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Service. Categories include:

  • Strictly necessary cookies: required for authentication, security, and core functionality.
  • Preference cookies: remember your settings (e.g., language, units).
  • Analytics cookies: help us understand usage patterns (PostHog). Only loaded after you accept via the cookie banner or preferences link, and never when a Global Privacy Control signal is present.

We do not currently use advertising or cross-site tracking cookies.

You can control cookies through your browser settings and through the "Cookie preferences" link in the site footer. Disabling certain cookies may affect functionality.

7. Data Retention

We retain personal information for as long as necessary to provide the Service and for legitimate business or legal purposes. Typical retention periods:

  • Account data: while your account is active, and up to 24 months after closure (for backups, fraud prevention, and legal holds).
  • Log and analytics data: typically 12–24 months.
  • User-generated content: may remain publicly visible after account closure if it is integral to content others have relied on (e.g., a popular race listing), though identifying details can be anonymized upon request.

8. Your Privacy Rights

Depending on where you live, you may have some or all of the following rights:

8.1 EEA / UK (GDPR)

  • Access, rectification, erasure, restriction, and portability of your personal data.
  • Objection to processing based on legitimate interests or direct marketing.
  • Withdrawal of consent at any time (without affecting prior lawful processing).
  • Lodging a complaint with your local data protection authority.

8.2 United States (State Privacy Laws)

If you are a resident of California, Colorado, Connecticut, Oregon, Texas, Utah, Virginia, or another US state with a comprehensive consumer privacy law, you may have the following rights, subject to the specifics and exceptions of your state's law:

  • Right to know what personal information we collect, use, disclose, and "share" (as that term is defined under applicable law).
  • Right to delete personal information.
  • Right to correct inaccurate information.
  • Right to opt out of the "sale" or "sharing" of personal information and targeted advertising (we do not sell personal information as commonly understood).
  • Right to limit use of sensitive personal information (California).
  • Right to non-discrimination for exercising your rights.
  • Right to appeal a denial of a rights request (in states that provide one).

You may exercise your opt-out right by sending a Global Privacy Control signal (see §12) or by emailing us at the address in §8.4.

8.3 Canada (PIPEDA)

  • Right to access and correct your personal information.
  • Right to withdraw consent, subject to legal or contractual restrictions.
  • Right to file a complaint with the Office of the Privacy Commissioner of Canada.

8.4 How to Exercise Your Rights

Email [email protected] from the address associated with your account. We will respond within the timeframes required by applicable law (typically 30–45 days). We may need to verify your identity before acting on your request.

You may also use an authorized agent to submit a request, where permitted.

9. Children's Privacy

The Service is not directed to children under 13 (or under 16 in the EEA/UK), and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Security

We implement reasonable technical and organizational measures designed to protect personal information, including encryption in transit (TLS), hashed passwords, access controls, and regular monitoring. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. Third-Party Links and Services

The Service may contain links to third-party websites (e.g., race organizer sites, mapping providers). We are not responsible for their privacy practices. Review their policies before providing personal information.

12. Global Privacy Control (GPC)

We recognize the Global Privacy Control signal as a valid request to opt out of the sale or sharing of personal information and targeted advertising, as required under the California Consumer Privacy Act, Colorado Privacy Act, Connecticut Data Privacy Act, Texas Data Privacy and Security Act, and other applicable US state privacy laws. When your browser sends a GPC signal, we will not load analytics or advertising cookies, regardless of any prior consent choice.

13. Do Not Track

Some browsers offer a "Do Not Track" signal. Because there is no industry standard for how to respond to these signals, we do not currently respond to them. Use the Global Privacy Control instead (see §12).

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by posting the updated policy on the Service and updating the "Last Updated" date above. Where required by law, we will obtain your consent.

15. Contact Us

Questions, concerns, or requests regarding this Privacy Policy:

  • Email: [email protected]
  • Mail: Rad Alpine Co, LLC, 2995 55th St #18073, Boulder, CO 80303