Privacy Policy

Summit Line is a training almanac for runners. We hold your account, the runs that sync from your watch, the metrics we derive from them, and the notes you write. We use that data to draw your charts, project your races, and feed the AI coach you ask to read your training. We do not sell your data, do not run ads, and do not load third-party trackers. You can export everything you have here and delete it on demand.

Summit Line is operated by Jared Furubotten (“we,” “us”). The product is in private beta. Reach the privacy desk at privacy@runsummitline.com. Postal contact is at the foot of this page.

Summit Line is built around your training data. The categories below are everything we hold — nothing is gathered silently in the background.

• Account.Email address, password (hashed by Supabase — we never see the cleartext), display name, account creation date.
• Profile. Birth year, sex, weight, resting heart rate, max heart rate, timezone. You enter these; you can edit them; you can clear them.
• Watch connection. Your connected account ID and the OAuth access + refresh tokens we need to read your activities. In production, those tokens are encrypted at the column level.
• Activities and streams. Distance, moving time, elevation, pace, GPS path, per-second heart rate, plus the activity name and any notes you wrote on your watch or here.
• Derived metrics.TRIMP per run, CTL/ATL/TSB curves, vertical load, training plans, race goals — everything we compute on top of the raw activity data.
• Operational.Feedback messages you submit, server-captured client errors (route + error digest + user-agent string — no body payload), AI usage counters used to enforce the daily cap.

What we do not collect.No payment data — the beta has no paid tier yet. No location outside the GPS that rides on synced runs. No address book, no social graph, no ad identifiers, no cross-site tracking pixels.

• Account + profile to authenticate you and personalize pace and HR-zone math.
• Watch data + derived metrics to draw your charts, build your plan, and project race outcomes.
• Activity names and your notes to give the AI coach enough texture to write a useful summary when you ask for one. When you generate a Coach Note or race brief, summary fields derived from your synced activities (activity names, notes, distance/elevation/HR aggregates, training-load metrics) are sent to Anthropic for a one-shot AI brief. Anthropic does not train models on this data per their commercial API terms.
• Feedback + client errors to fix the product when it breaks.
• AI usage counters to keep one person from burning through the shared daily quota.

We use a short list of subprocessors to run the product. None of them receive your data for their own marketing. In summary:

• Vercel— hosts the app and runs the edge runtime.
• Supabase— database, authentication, transactional auth email.
• Garmin, Coros, and Suunto— the source of your activity data, via your OAuth grant.
• Anthropic (Claude)— processes activity names, your notes, and aggregate metric summaries (CTL/ATL/TSB, weekly mileage, recent splits) to produce the AI coach’s written observations. Per Anthropic’s Commercial Terms of Service and privacy commitments, API content is NOT used to train their models by default. Data residency: Anthropic’s primary serving region for this account is the United States. We send only already-sanitized data — raw GPS tracks, your email, and device identifiers never leave Summit Line for the AI path.
• Resend— sends operator-only digest emails (feedback, error counts). Not used for marketing to you.

• Account, activities, derived metrics— for as long as your account exists. When you delete your account, we cascade-delete everything tied to your user ID.
• Client error logs— 30 days, then purged on a rolling basis.
• Feedback messages— 12 months from submission.
• AI cache— invalidated automatically when the inputs change; deleted entirely on account deletion.
• Connected account tokens— revoked and dropped immediately when you disconnect your watch account on either side.
• Backups— 30-day rolling. Deletions propagate as old backups age out.
• Audit log— 90 days. Holds your IP + user-agent for security-relevant events (sign-in, sign-out, account locked) so we can investigate any suspicious activity. Purged on a rolling basis.
• Share-link revocations— 37 days (the share-link’s 30-day TTL plus a 7-day buffer). Lets a revoked share-link stay revoked for as long as its underlying token would otherwise still validate.

Summit Line is not a HIPAA-covered entity, but the FTC’s Health Breach Notification Rule (effective July 2024) covers direct-to-consumer health apps that handle individually identifiable health information — which includes the heart-rate, weight, and training data we process. If a breach affecting your information ever occurs, we will:

• Notify affected users by email within 60 days of discovering the breach, with details of what data was involved and the steps you should take.
• Notify the U.S. Federal Trade Commission within the same window if 500 or more individuals are affected, or by year-end for smaller incidents.
• Publish a notice on this page describing what happened and what we’re doing about it.

• Access. Pull a full export of your data from Settings → Export.
• Portability. The export is a machine-readable archive you can take elsewhere.
• Correction. Edit your profile in Settings.
• Erasure. Settings → Account → Delete my account cascades the delete and revokes your connected account grant.
• Restriction, objection, withdrawal of consent. Email privacy@runsummitline.com and we will action it.
• Lodge a complaint with your local data protection authority. We will respond to rights requests within 30 days.

Strictly-necessary, first-party cookies only. We do not use analytics cookies, advertising cookies, or third-party cookies of any kind.

• sb-*— Supabase session cookies. Required to keep you logged in.
• sl_view_as— admin preview cookie. Set only when an admin uses the “view as user” tool; never set on regular accounts.
• oauth_state— 10-minute CSRF token used during the watch-account connect handshake.

The Postgres database is encrypted at rest by Supabase. Every request to Summit Line travels over HTTPS. Every user-data table has row-level security — the database itself enforces that you only see your own rows. Connected account tokens are encrypted at the column level in production. Service-role keys are held only by the server. If a breach occurs, we will notify the relevant supervisory authorities within 72 hours and affected users without undue delay.

Summit Line is not for anyone under 16. We require an age attestation at signup. If we learn we have collected data from someone under 16, we delete it.

The categories of personal information we collect, the purposes, sources, and recipients are listed above. California residents have the right to know what we have collected, to delete it, to correct it, to limit our use of sensitive personal information, and to opt out of sale or sharing. Summit Line does not sell or share your personal information, including for cross-context behavioral advertising. To exercise any of these rights, email privacy@runsummitline.com.

Heart rate, GPS, weight, and the metrics we derive from them are consumer health data under the Washington My Health My Data Act. The specifics of how we handle that category — what counts, who sees it, and how to revoke consent — live in our standalone Consumer Health Data Privacy Policy.

We version this policy. For material changes — new categories of data, new subprocessors, expanded use of existing data — we will email registered users at least 30 days before the change takes effect. Minor edits (typos, link fixes) ship without notice but are reflected in the version line at the top of the page.

privacy@runsummitline.com
10742 Caminito Cascara, San Diego, CA 92108