Privacy Policy

Last updated: 28 May 2026

This is a template provided for transparency and must be reviewed by a qualified professional before relying on it. Items in brackets must be completed by the operator.

1. Who we are

Stricca (“we”, “us”) is operated by [legal entity name], [registered address]. For any privacy question, contact us at [privacy contact email]. We are the data controller for the personal data described below.

2. What we collect

• Account data — your email address, and (if you sign in with Google or GitHub) your name and avatar.
• Profile & preferences — units, an optional home location, and default route preferences you set.
• Route & location data — the start points, destinations, and routes you generate or save. This can reveal places you visit, so we treat it as personal data.
• Messages — the text you send to the route assistant.
• Technical data — a strictly-necessary session cookie to keep you signed in. We do not use advertising or tracking cookies.

3. How we use it

• To authenticate you and keep you signed in.
• To generate, display, and let you save and revisit running routes.
• To apply your saved preferences.
• To secure the service and prevent abuse.

4. Legal bases

We process your data to perform our contract with you (providing the service you request), on the basis of your consent where required, and for our legitimate interest in keeping the service secure.

5. Third parties we share data with

To deliver features, limited data is processed by:

• Microsoft Azure — hosting, database, and the AI model (Azure AI Foundry) that interprets your route requests. Your request text is sent to this model.
• OpenStreetMap services (Nominatim for address/place search, Overpass for nearby points of interest) — your search terms and the area around your route are queried.
• Google / GitHub — only if you choose to sign in with them.
• Our email provider — to send sign-in links.

The routing engine (GraphHopper) is self-hosted by us; route generation is not sent to a third-party routing API.

6. International transfers

Data is hosted in [Azure region, e.g. North Europe]. Where a provider processes data outside your region, appropriate safeguards (such as Standard Contractual Clauses) apply.

7. Retention

We keep your account, profile, and saved routes until you delete them or delete your account. Deleting your account erases this data.

8. Your rights

You have the right to access, rectify, erase, restrict, object to, and port your data, and to complain to a supervisory authority. You can exercise the main rights directly:

• Access & portability — export everything we hold on you as JSON from your profile page.
• Erasure — delete your account (and all associated data) from your profile page.
• Rectification — edit your preferences any time, or contact us.

9. Cookies

We use a single strictly-necessary cookie to maintain your signed-in session. No analytics, advertising, or cross-site tracking cookies are used.

10. Changes

We may update this policy; the “last updated” date will change accordingly.

11. Contact

Questions or requests: [privacy contact email].