Skip to content
RunAtlas
Back to Run Atlas

Last updated: 14 May 2026

Privacy Policy

1. Who we are

RunAtlas (“Run Atlas”, “we”, “us”) provides a discovery platform for endurance and running events worldwide. The service is operated by the legal entity identified in our Legal notice (for English visitors) or Impressum (for German visitors), depending on the language version you use.

This Privacy Policy explains how we collect, use, store, and protect personal data when you use our website, applications, and related services (together, the “Services”).

Where we reference the EU General Data Protection Regulation (“GDPR”), we mean Regulation (EU) 2016/679. If you are located outside the European Economic Area (“EEA”), local laws may also apply; we describe your choices and rights in a way that meets or exceeds common GDPR expectations.

2. Roles and relationships

Event organisers are third parties who publish or promote races. Run Atlas primarily helps you discover events and may link to external registration or ticketing sites. Unless we explicitly state otherwise for a specific product, the organiser (not Run Atlas) decides how your registration data is processed when you sign up for a race on their systems.

When you create a Run Atlas account, sign up for RaceAlert, or contact support, we typically act as a data controller for that information. Where we process data strictly on documented instructions from an organiser (for example, a future integrated registration flow), we may act as a processor; in that case the organiser’s privacy information will be provided alongside the feature.

3. Personal data we collect

3.1 Information you provide

  • Account data: email address, display name (if collected), authentication identifiers, and preferences.
  • Newsletter and alerts: email address and subscription choices.
  • Support and forms: message content and any contact details you include.
  • Reviews or contributions: text, ratings, and optional media you submit about events.

3.2 Information collected automatically

When you use the Services, we may collect technical and usage data such as IP address, approximate location derived from IP, browser type, device type, referring URLs, pages viewed, timestamps, and diagnostic logs. We use this information to secure the Services, understand performance, and improve relevance.

3.3 Cookies and similar technologies

We use cookies, local storage, and similar technologies for essential functionality (for example, session and security), analytics, and (where permitted) preferences. You can control non-essential cookies through your browser settings and any cookie banner or preference centre we provide.

4. Purposes and legal bases (GDPR)

We process personal data only where a valid legal basis exists, for example:

  • Contract (Art. 6(1)(b) GDPR): providing the Services you request, including accounts and transactional emails.
  • Legitimate interests (Art. 6(1)(f) GDPR): securing the platform, preventing abuse, measuring aggregate usage, improving features, and direct support correspondence—balanced against your rights.
  • Consent (Art. 6(1)(a) GDPR): optional marketing communications and non-essential cookies, where required.
  • Legal obligation (Art. 6(1)(c) GDPR): compliance with applicable law, tax, or regulatory requests.

We do not sell your personal data. We do not use automated decision-making that produces legal or similarly significant effects solely by automated means.

5. Sharing and recipients

We share personal data only as needed to operate the Services:

  • Service providers (processors) such as hosting, email delivery, analytics, error monitoring, customer support tooling, and payment providers (if you purchase through us in the future). We choose vendors with appropriate safeguards and agreements.
  • Professional advisers where legally required or reasonably necessary (for example, auditors or lawyers).
  • Authorities when required by law or to protect rights, safety, and security.

Public-facing parts of the Services (for example, an event page or a review you publish) may be visible to other visitors.

6. International transfers

We may use providers established outside the EEA. Where required, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission and supplementary measures where appropriate.

7. Retention

We retain personal data only as long as necessary for the purposes described in this policy, including:

  • Account data for the life of the account and a short grace period after deletion requests.
  • Newsletter data until you unsubscribe, plus limited suppression records to honour your choice.
  • Logs and security records for a limited period consistent with operational and legal needs.

8. Security

We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. No method of transmission over the Internet is completely secure; we encourage strong passwords and careful handling of magic-link emails.

9. Your rights

Depending on your location, you may have rights to access, rectify, erase, restrict processing, object to certain processing, and data portability. Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

You may lodge a complaint with a supervisory authority. If you are in the EEA, you may contact your local authority; in Sweden, for example, the IMY (imy.se). German residents may contact a state data-protection authority.

To exercise your rights, contact us at hello@run-atlas.app. We may need to verify your identity before responding.

10. Children

The Services are not directed at children under 16 (or the minimum age required in your jurisdiction). If you believe we have collected data from a child without appropriate authority, please contact us and we will take prompt steps to delete it where required by law.

11. Third-party sites

The Services may link to external organisers, ticketing platforms, or maps. Their privacy practices are governed by their own policies. We encourage you to read them before submitting personal data.

12. Changes

We may update this Privacy Policy from time to time. We will post the revised version on this page and adjust the “Last updated” date. Where changes are material, we will provide additional notice (for example, by email to registered users or a prominent banner).

13. Contact

Privacy questions: hello@run-atlas.app

This document is provided for transparency and operational clarity. It is not legal advice; please have qualified counsel review it before high-risk or regulated launches.