Privacy Policy
Loper — AI Running Coach
Last updated: March 2026
1. Who we are
Loper is a service of Greylag AI, a sole proprietorship (eenmanszaak) registered with the Dutch Chamber of Commerce (KvK) under number 99995964, based in the Netherlands.
For questions about this privacy policy or how we handle your data, contact us at privacy@loper.run.
2. What data we collect
We collect and process the following categories of personal data:
Account data: Your name, email address, and password (hashed). If you sign in via Google or Apple, we receive your name and email address from those providers.
Profile and preferences: Your running experience level, goal race and target time, available training days, injury history, and training preferences.
Training plan data: The training plans generated for you, individual workout details, and your plan history.
Conversation data: Messages you exchange with the AI coaching interface.
Activity data from Strava: If you connect your Strava account, we receive completed activity data including distance, duration, pace, and heart rate. We do not access your social data.
Payment data: We do not store your credit card or bank details. Payments are processed by Stripe. We receive only a transaction reference, subscription status, and billing email.
Technical data: IP address, browser type, device type, and basic usage logs. We use this for service operation and security, not for tracking or profiling.
3. Why we process your data
| Purpose | Legal basis (GDPR) |
|---|---|
| Providing the training plan service and AI coaching | Performance of contract (Art. 6(1)(b)) |
| Processing payments and managing subscriptions | Performance of contract (Art. 6(1)(b)) |
| Importing activity data from Strava | Your consent (Art. 6(1)(a)) |
| Sending transactional emails | Performance of contract (Art. 6(1)(b)) |
| Maintaining security and preventing abuse | Legitimate interest (Art. 6(1)(f)) |
| Improving the service (aggregated, anonymized) | Legitimate interest (Art. 6(1)(f)) |
We do not use your data for advertising, sell it to third parties, or build profiles for unrelated purposes.
4. Who has access to your data
Anthropic (USA): Training context and conversations are sent to Claude API. Anthropic does not use this data to train models. EU-US Data Privacy Framework applies.
Stripe (USA): Processes payments as an independent controller. See stripe.com/privacy.
Strava (USA): Activity data transferred via API when you connect your account.
Resend (USA): Delivers transactional emails.
Hetzner (Germany): Server infrastructure. All data stored within the EU.
5. International data transfers
Data is stored on servers in the EU (Germany). For US-based processors, we rely on the EU-US Data Privacy Framework or Standard Contractual Clauses.
6. How long we keep your data
Account and training data: Retained while your account is active, plus 30 days after deletion.
Payment records: 7 years (Dutch tax law).
Technical logs: Maximum 90 days.
7. Your rights
Under the GDPR: access, rectification, erasure, restriction, data portability, withdrawal of consent, and objection. Contact privacy@loper.run. We respond within 30 days.
You may also lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
8. Security
We use TLS encryption, encryption at rest, hashed passwords, and access controls.
9. Cookies
Loper uses only essential cookies required for session management and authentication. No tracking, analytics, or advertising cookies.
10. Children
Loper is not intended for anyone under 16. Contact privacy@loper.run if you believe a child has provided personal data.
11. Changes to this policy
We will notify you by email before material changes take effect. The latest version is always available at loper.run/privacy.