Privacy Policy

DropPace turns your runs into share-ready artwork. We process the data we need to make that artwork — your workout, your route, your photo — and we hold on to as little as possible. We do not require an account, and we do not collect your name, email, or contact information.

DropPace (“DropPace,” “we,” “us”) operates the DropPace mobile application and the websites at droppace.com and droppace.app. This Privacy Policy explains what data we process, why, and your rights. For questions, contact [email protected].

Workout and route data

With your permission, DropPace reads workout records from Apple HealthKit (iOS) or Google Health Connect (Android), including workout type, start and end time, distance, duration, pace, and the GPS polyline of the route. We use this data to render your share image. We do not run continuous, real-time location tracking — we only read completed workouts you authorize.

Photos you provide

When you choose a photo from your camera roll or take a new one, that photo is uploaded so our servers can compose your share image with the chosen style applied on top. The original photo is processed in memory and is not retained after the share image is generated.

Generated images

The share image we create for you is cached on our infrastructure for up to 30 days so you can re-download or re-share it without re-rendering, then deleted automatically.

Device identifier and subscription state

We generate a random device-scoped identifier so we can attach your subscription tier (Free, Pro Lite, Pro, Pro Plus, VIP credits, or Founder Lifetime) to your installation and enforce per-device usage limits. This identifier is not linked to your name, email, phone number, or Apple/Google account.

Diagnostics and product analytics

We collect crash reports, performance traces, and anonymized product-usage events (e.g. “user generated a render,” “user shared an image”) to find bugs and understand what to build next. These events do not contain your photo, your route, or any personally identifying information.

What we do not collect

We do not require an account. We do not collect your name, email address, phone number, mailing address, social-media handle, advertising identifier, contacts list, or microphone or browsing history.

DropPace uses third-party artificial-intelligence services to generate the artwork applied to your photo and to validate that on-image stats match your workout. Specifically, we send your photo, your route polyline, and a style prompt to OpenAI’s image and vision APIs, which process the data on our behalf to return a generated image and validation result. OpenAI does not use this data to train its models when accessed via the developer API. The generated artwork is then returned to your device.

We do not use any third-party AI service to profile you, target advertising, or make automated decisions about you.

We rely on a small set of vendors to operate the service. Each processes only the data needed for its role:

• Convex — hosts our backend, our database, and the temporary storage for generated images.
• RevenueCat — manages subscription state and entitlements purchased through Apple or Google.
• Apple App Store and Google Play — process your purchase. We do not receive your payment-card details.
• Sentry — receives crash reports and error traces.
• PostHog — receives anonymized product-analytics events.
• Cloudflare and Vercel — host this website and route DNS.

• Original uploaded photos: processed in memory, not retained after rendering.
• Workout / route data: stored only for the duration of the render, then discarded; the polyline is included in the cached generated image.
• Generated share images: cached for up to 30 days, then deleted automatically.
• Diagnostics and analytics: retained per the standard retention windows of Sentry and PostHog.
• Subscription state: retained as long as your subscription is active and for a reasonable period afterward to service refunds and disputes.

Depending on where you live, you may have rights under the California Consumer Privacy Act (CCPA), the EU General Data Protection Regulation (GDPR), or similar laws — including the right to access, correct, or delete your data, and the right to object to processing.

Because DropPace does not require an account or collect identifiers tied to you personally, the practical scope of these rights is narrow. If you would like us to delete your device-scoped identifier and any cached generated images associated with it, email [email protected] from the device or include the device identifier shown in the in-app Settings screen.

We do not sell your personal information and we do not “share” it for cross-context behavioral advertising as those terms are defined under the CCPA.

DropPace is not directed to children under 13 (or under 16 in the European Economic Area). We do not knowingly collect data from children. If you believe a child has used DropPace, contact [email protected] and we will delete associated data.

DropPace is operated from the United States. By using DropPace, you understand that your data may be processed in the United States and other countries where our service providers operate.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Effective” date above and, where appropriate, notify you in-app. Your continued use of DropPace after a change takes effect means you accept the updated policy.

Questions about this Privacy Policy? Email [email protected].