MyRaceHub

How we protect your data
Home
Contact Us Feature Requests Privacy Policy

Privacy Policy

Last updated: 13 December 2025

Contents

  1. Introduction
  2. Information We Collect
  3. How We Use Your Information
  4. Information Sharing
  5. Data Security
  6. Your Rights
  7. Cookies
  8. Data Retention
  9. Children's Privacy
  10. International Data Transfers
  11. Changes to This Policy
  12. Contact Us

1. Introduction

MyRaceHub (ABN 95 653 112 135) ("we", "us", or "our") operates the MyRaceHub website and services at myracehub.com.au. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using MyRaceHub, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not use our service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address - Required for account identification and communication
  • Display name - How you appear to other users
  • Username - For password-based authentication (optional)
  • Password - Stored securely using Argon2 hashing (only for password authentication)
  • Avatar/profile picture - From OAuth provider or uploaded

2.2 Profile Information

You may optionally provide:

  • Date of birth
  • Gender
  • Location
  • Nationality
  • Bio/description
  • Home parkrun location

2.3 OAuth Provider Data

If you sign in using a third-party service, we receive:

Provider Data Received
Google Google ID, email, name, profile picture
Facebook Facebook ID, email, name, profile picture
Strava Athlete ID, profile URL, access/refresh tokens (for API access)

2.4 Race Results Data

When you add race results, we store:

  • Event name, date, and distance
  • Race location
  • Finish time and positions (overall, gender, category)
  • Category/age group
  • Split times
  • Strava activity URL (if imported)
  • Official results URL
  • Personal notes and race reports

2.5 Calendar Data

Your race calendar includes:

  • Saved races from our database
  • Custom events you create
  • Parkrun entries
  • Registration status and confirmation numbers
  • Registration fees paid

2.6 Contact Form Submissions

When you contact us, we collect:

  • Your name
  • Email address
  • Message content
  • Submission type (feedback, bug report, race suggestion, privacy inquiry)

2.7 Technical Data

We automatically collect:

  • Session cookies - HttpOnly, Secure cookies for authentication (30-day expiry)
  • Application logs - Error logs for debugging (PII is redacted)

We use Google Analytics to understand aggregate site usage and Google AdSense to display advertisements. These services may set their own cookies. See Section 7 (Cookies) for details.

3. How We Use Your Information

We use your information to:

  • Provide the service - Display races, manage your calendar, track your results
  • Authenticate you - Verify your identity when you sign in
  • Communicate with you - Send verification emails, password reset links, and respond to inquiries
  • Display your profile - Show your public athlete profile (if enabled)
  • Import activities - Fetch race activities from Strava when you connect your account
  • Improve the service - Fix bugs, analyse usage patterns (in aggregate)

We do not:

  • Sell your personal data to third parties
  • Use your personal data for our own targeted advertising (third-party ad services like Google AdSense may use cookies to personalise ads)
  • Share your email with marketing lists

4. Information Sharing

4.1 Third-Party Services

We share data with the following services as necessary to operate MyRaceHub:

Service Purpose Data Shared
Google OAuth Authentication Redirect for login only
Facebook OAuth Authentication Redirect for login only
Strava API Import race activities OAuth tokens, activity requests
Railway (hosting) Infrastructure All data (database hosting)
Resend Email delivery Email addresses for verification/reset

4.2 Strava Integration

When you connect your Strava account to MyRaceHub:

  • What we access: We request read-only access to your activities (activity:read scope). We only fetch activities you manually select for import.
  • What we store: Activity ID, activity URL, event name, date, distance, and finish time from activities you choose to import as race results.
  • What we don't do: We never post to your Strava account, modify your activities, or access private activities without your explicit consent.
  • Data retention: When you disconnect Strava from your account, we immediately delete your OAuth tokens and all race results that were imported via Strava.
  • Deauthorization: If you revoke access via Strava's settings, we automatically receive notification via webhook and delete your Strava tokens along with all Strava-imported race results from our system.

Activity data displayed on MyRaceHub is powered by Strava.

4.3 Public Information

If you enable a public athlete profile, the following may be visible to others:

  • Display name
  • Avatar
  • Location (if provided)
  • Bio
  • Race results (based on your privacy settings)

4.4 Legal Requirements

We may disclose your information if required by law, court order, or government request.

5. Data Security

We implement appropriate security measures to protect your data:

  • Password hashing - Passwords are hashed using Argon2, a modern and secure algorithm
  • HTTPS encryption - All data in transit is encrypted
  • Secure cookies - Session cookies are HttpOnly, Secure, and SameSite=Lax
  • CSRF protection - Forms are protected against cross-site request forgery
  • Rate limiting - API endpoints are rate-limited to prevent abuse
  • Token encryption - OAuth tokens are stored securely

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Your Rights

You have the right to:

  • Access your data - View all information we hold about you via your account settings
  • Correct your data - Update your profile and results at any time
  • Delete your account - Permanently delete your account and all associated data via Settings
  • Disconnect services - Revoke OAuth connections (Google, Facebook, Strava) at any time
  • Export your data - Download your race calendar as an ICS file

To exercise these rights or if you have questions, please contact us.

7. Cookies

MyRaceHub uses the following cookies:

Cookie Purpose Duration
session Maintains your login state 30 days
csrf_token Security protection for forms Session

Third-party cookies

We use the following third-party services that may set their own cookies:

  • Google Analytics - Helps us understand how visitors use the site (aggregate usage data). Google's cookie policy
  • Google AdSense - Displays advertisements on our site. Google may use cookies to serve ads based on your prior visits to this or other websites. You can opt out of personalised advertising at Google Ads Settings.

8. Data Retention

We retain your data as follows:

  • Account data - Retained while your account is active
  • Race results - Retained until you delete them or your account
  • Calendar entries - Retained until you remove them or delete your account
  • Contact submissions - Retained for 2 years for support purposes
  • Application logs - Retained for 30 days

When you delete your account, all your personal data is permanently removed from our systems.

9. Children's Privacy

MyRaceHub is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete it.

10. International Data Transfers

Our service is hosted on Railway, which may process data in various regions. By using MyRaceHub, you consent to the transfer of your data to servers outside your country of residence, which may have different data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date at the top

For significant changes, we may also send an email notification. Your continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

  • Via our contact form: Contact Us (select "Privacy Inquiry")
  • Entity: MyRaceHub (ABN 95 653 112 135)

We aim to respond to all privacy inquiries within 14 days.