Segment Pacer

Privacy policy

Effective: 2 June 2026

The short version. Segment Pacer runs entirely on your iPhone. We don't have servers that store your data, we don't track you, we don't sell anything to anyone. Strava data is fetched on demand and cached on the device for up to seven days. Location is used only during a Live Ride and never leaves the phone.

Who we are

Segment Pacer is an independent iOS app developed by Jason Williams. Contact: j.d.williams@mac.com.

What data the app accesses

Strava account data — your athlete profile (name, FTP, weight), starred and recently-viewed segments, segment efforts (times, splits), and the power and heart-rate streams associated with those efforts. Accessed only after you grant access via Strava's official OAuth flow.
Location — read from the device GPS during a Live Ride only. Used to detect segment start, track progress block-by-block, and trigger audio pacing cues.
Rider profile inputs — values you enter yourself: Indoor FTP, Outdoor FTP, body weight, bike weight, riding position, CdA, W'.

Where that data goes

Strava data is cached locally on the device only. Cached entries expire after seven days, in line with the Strava API Agreement. After expiry the app re-fetches from Strava on next use. Nothing is uploaded to any other server.
Location data is never stored or transmitted. It is consumed in memory by the Live Ride feature and discarded as the ride proceeds. It is not written to disk, not sent to any server, and not shared with any third party.
Rider profile is stored locally in the app's encrypted on-device storage (iOS Keychain for Strava tokens; standard app storage for profile values). It never leaves your phone.
The OAuth token exchange with Strava is proxied through a Cloudflare Worker we operate. The Worker forwards your authorisation code to Strava and returns the resulting tokens. It does not log, store, or otherwise retain the codes or tokens. This proxy exists only because Strava's OAuth flow requires a client secret that cannot safely be shipped in the app binary.

What we don't do

No analytics or tracking. The app contains no analytics SDKs, no crash reporters with personal data, no advertising IDs, and no third-party trackers.
No account creation. The only sign-in is your existing Strava account via OAuth. We don't ask for an email, password, or any other credentials.
No data sharing. We do not sell, rent, share, or otherwise disclose your data to any third party.
No social or leaderboard features. Your data is shown only to you.

Your rights and choices

You can disconnect Strava from inside the app at any time (Profile tab → Disconnect Strava). This deletes the locally-stored Strava tokens and cached Strava data.
You can revoke the app's access from Strava's own settings page at strava.com/settings/apps.
Deleting the app from your iPhone removes all data the app stores, including cached Strava responses and your locally-saved rider profile.

Children

The app is not directed at children under 13 and does not knowingly collect data from them.

Changes to this policy

If we make material changes to how the app handles data, we will update this page and update the "Effective" date above. Because the app contains no analytics, we cannot push a notification — please check this page before granting any new permissions if you are concerned.

Contact

Questions about this policy: j.d.williams@mac.com.