Privacy policy

Last updated: February 2026

1. Who we are

avgspeed.com (“we”, “our”) is a web app that connects to your Strava account and adds the average speed (in km/h) to the description of your new runs, rides, and swims. This privacy policy explains what data we collect and how we use it.

2. Data we collect

When you connect your Strava account via “Connect with Strava”, we receive and store the following from Strava:

Profile data: your Strava athlete ID, first name, last name, profile picture URL, and sex (if you have set it on Strava).
OAuth tokens: access token and refresh token so we can read your new activities and update their descriptions on your behalf.
Connection time: when you connected your account.

We do not collect your email, password, or any data you do not authorize through Strava’s OAuth screen.

3. How we use your data

We use the data only to:

Keep your connection to Strava working (refreshing tokens when needed).
Detect new run, ride, and swim activities (via Strava webhooks).
Fetch each new activity’s average speed and update its description with a line such as “12.2 km/h 🏃‍♂️💨 (via https://avgspeed.com)”.

We do not sell, rent, or share your data with third parties for marketing or advertising.

4. Where your data is stored

Your data is stored in Cloudflare KV (a key–value store) in the region where the app is deployed. It is kept on servers operated by Cloudflare. We do not transfer it to other countries except as part of normal cloud operation.

5. How long we keep your data

We keep your stored data for as long as your Strava account is connected to avgspeed.com. If you revoke access in your Strava app settings, we will no longer use your tokens; any data we have already stored may remain in our systems until we purge it (we do not currently offer a self-service delete). You can contact us (see below) to request deletion.

6. Third parties

We rely on:

Strava — for sign-in and to read/update your activities. Their use of your data is governed by Strava’s privacy policy.
Cloudflare — to host the app and store data. Their practices are described in Cloudflare’s privacy policy.

7. Your rights

You can:

Disconnect: Revoke avgspeed.com’s access at any time in Strava → Settings → My Apps. We will then stop updating your activities.
Request deletion: Ask us to delete the data we hold about you by contacting us (see below).

If you are in the European Economic Area or the UK, you may also have rights such as access, rectification, erasure, restriction, and portability under applicable law.

8. Cookies and tracking

We do not set cookies or use tracking technologies. The site uses Strava’s OAuth flow (redirects to Strava and back); we do not track you across other sites.

9. Security

We store OAuth tokens securely in Cloudflare KV and use them only to call Strava’s API. We do not log or store your Strava password.

10. Changes to this policy

We may update this privacy policy from time to time. The “Last updated” date at the top will be revised when we do. Continued use of avgspeed.com after changes means you accept the updated policy.

11. Contact

For any questions or to request deletion of your data, contact us at hello@avgspeed.com.

← Back to avgspeed.com