FormStride
Get started

Privacy Notice

Last updated: 10 May 2026

1. Who we are

FormStride is operated by Saku Linnankoski, a sole trader (the "controller", "we", "us"). We decide why and how your personal data is processed when you use FormStride. You can reach us through the FormStride website.

2. Privacy by design — your video stays on your device

FormStride is built so the most sensitive content — your running video — never leaves your device. Pose detection runs locally in your browser using TensorFlow.js. Only the resulting metrics and a single still frame are uploaded to your account. We never receive, store, or transmit the original video.

3. What data we collect

  • Account data — email address, password hash, sign-in provider (e.g. Google), display name, account creation date.
  • Run data — computed pose metrics (cadence, lean, knee drive, oscillation, symmetry, terrain, etc.), one still frame per run, AI-generated coaching text, training plans, comparison summaries, insights.
  • Usage data — runs uploaded per month, plan tier, feature usage counters, basic device/browser information, IP address, and timestamps for security and abuse prevention.
  • Support data — messages you send us and any information you include with them.
  • Billing data — collected and stored by Paddle (see section 6). We receive limited information (subscription status, country for tax, last 4 digits of card from Paddle's order receipt) but we do not store full payment details.

4. Why we use it (purposes & legal bases)

  • Provide the service — accounts, run analysis, coaching, training plans, history. Legal basis: contract performance.
  • Security and fraud prevention — protect your account and the service. Legal basis: legitimate interests.
  • Improve the product — aggregated, non-identifying analysis of usage. Legal basis: legitimate interests.
  • Customer support — respond to your messages. Legal basis: contract performance / legitimate interests.
  • Legal and tax compliance — record-keeping required by law. Legal basis: legal obligation.
  • Marketing emails (only if you opt in) — product updates and tips. Legal basis: consent — withdraw any time.

5. AI processing

Coaching, training plans, comparison summaries, and insights are generated by large language models accessed through the Lovable AI Gateway. We send the relevant computed metrics (numbers and short text) to the model — never your video. Inputs and outputs may be processed by the underlying AI providers (currently Google Gemini and OpenAI) under their respective privacy terms; they are not used to train their public models when accessed through the gateway.

6. Paddle as Merchant of Record

Our order process is conducted by our online reseller Paddle.com. Paddle is the Merchant of Record for all orders, and acts as an independent data controller for payment, billing, tax, fraud prevention, invoicing, and customer service inquiries related to purchases. When you check out, Paddle collects information directly from you (name, billing address, payment method, country, tax ID where relevant) and processes it under the Paddle Privacy Policy.

Paddle shares limited information back with us so we can recognise your subscription (e.g. order ID, subscription status, plan, country, currency, last 4 of card from your receipt). We do not see or store your full payment card details.

7. Who else we share data with

  • Hosting and backend — Lovable Cloud (managed Supabase) for database, auth, and serverless functions.
  • AI providers — via the Lovable AI Gateway (currently Google and OpenAI), as described above.
  • Merchant of Record — Paddle, for all paid transactions and tax compliance.
  • Email and support tooling — used to send transactional emails and reply to support requests.
  • Professional advisers — accountants and lawyers when reasonably necessary.
  • Authorities — where we are legally required to disclose data.

We do not sell your personal data and we do not share it for cross-context behavioural advertising.

8. International transfers

Some of our service providers (including Paddle and the AI providers) process data outside the EEA/UK. Where this happens, transfers are protected by appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

9. How long we keep it

  • Account data — for as long as your account exists.
  • Run history — Free tier: 30 days, then automatically deleted. Premium tier: kept for the lifetime of the account.
  • Billing records — kept by us and by Paddle for the period required by tax law (typically 6–10 years).
  • Support messages — up to 24 months after the last interaction.
  • Logs and security data — typically 90 days.

When data is no longer needed, we delete or anonymise it.

10. Your rights

Depending on where you live, you have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate data;
  • request erasure of your data ("right to be forgotten");
  • request restriction or object to processing;
  • request a portable copy of your data;
  • withdraw consent at any time (without affecting prior processing);
  • lodge a complaint with your local data protection authority — in Finland, this is the Office of the Data Protection Ombudsman.

We aim to respond within one month.

11. How to delete your account or data

You have two ways to request deletion:

  • In-app — go to Settings → Account and use the delete-account option (when available); this removes your profile, runs, and associated data.
  • By request — contact us through the FormStride website asking for deletion of your account and data. We will verify your identity using your account email and complete the deletion within 30 days.

Note that billing and tax records held by Paddle (and by us for compliance) may be retained for the period required by law even after your account is deleted; everything else is removed.

12. Security

We use encryption in transit (HTTPS), encryption at rest for the database, hashed passwords, row-level security, role-based access controls, and least-privilege practices. No system is perfectly secure, but we work to protect your data with appropriate technical and organisational measures.

13. Cookies and similar technologies

FormStride uses only the cookies and local storage strictly necessary to keep you signed in, remember your preferences, and operate the checkout. We do not use marketing or cross-site tracking cookies. Paddle's checkout sets its own cookies under its privacy policy when you make a purchase.

14. Children

FormStride is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has created an account, please contact us so we can delete it.

15. Changes to this notice

We may update this notice from time to time. The "Last updated" date at the top reflects the latest revision. Material changes will be notified through the service or by email.

16. Contact

For privacy questions or to exercise your rights, contact us via the FormStride website. For payment-related data held by Paddle, see paddle.net and the Paddle Privacy Policy.