Privacy Policy

Effective Date: September 1st, 2025

Lupine Running Co. LLC (“Lupine,” “we,” “us,” or “our”) is committed to protecting your privacy. This policy explains what personal information we collect, how we use it, how we protect it, how long we retain it, and how you can access or delete it.

1. Information We Collect

We collect information to provide, improve, and personalize our coaching services. Types of information may include:

  • Contact info: name, email address, postal address (if provided), phone number.

  • Health and fitness data: standardized forms like health history, current fitness level, injury history, medical clearance, and running/ workout metrics.

  • Training data: logs of workouts (from TrainingPeaks or other platforms), progress metrics (distance, pace, load/fatigue data).

  • Payment information: processed through Stripe (we do not store full card data ourselves; Stripe handles secure processing).

  • Usage data: how you use our website or app (pages visited, features used), device/browser info, IP addresses.

  • Communications: messages or emails you send us, consultations, feedback.

2. How We Use Your Information

We use your data to:

  • Deliver personalized coaching services and training plans.

  • Communicate with you about your training, schedule, progress, etc.

  • Verify and process payments and subscriptions.

  • Improve our programs, content, and user experience.

  • Comply with legal requirements.

We only collect or use your health and fitness data when necessary to deliver coaching services tailored to you.

3. Legal Basis & Authorization (Especially Health Data)

Because we collect health‐related information, we ensure:

  • You explicitly agree (via intake forms, health & medical clearance forms) to provide health information.

  • That collection/use is only for purposes necessary for coaching (designing safe training plans, assessing injury risk, accommodating medical constraints).

  • Any optional use beyond necessary coaching (e.g. marketing, testimonial) only occurs with your additional consent.

4. Data Sharing & Third Parties

  • We may share data with third‐party service providers who assist in delivering our services (e.g., TrainingPeaks, payment processors).

  • These partners are contractually required to protect your information and use it only for their agreed purpose.

  • We do not sell your personal or health data.

5. Security

  • We use technical, administrative, and physical measures to protect your information (secure servers, encryption where applicable).

  • Access to personal/health data is limited to necessary personnel or systems.

  • We monitor for data breaches; if one occurs, we will notify affected individuals and authorities as required by law.

6. Data Retention

  • We retain your personal and health/fitness data as long as needed to provide services or as required by law.

  • When data is no longer needed, we will securely delete or anonymize it.

  • If you terminate our services, or request deletion of data, we will remove your data (except what must be kept for legal or tax reasons) within a reasonable time—generally within 30 days, unless longer retention is required by law.

7. Your Rights: Access, Correction, Deletion

You have the right to:

  • Request access to your data (what we hold about you).

  • Correct inaccuracies in your data.

  • Delete or request deletion of your personal and health data.

  • Withdraw consent for processing of health data not required for coaching.

To make such a request, contact us using our Contact us page. We aim to respond within 30 days.

8. Compliance with New York Health Data Privacy Laws (NY HIPA, etc.)

  • We are aware of the New York Health Information Privacy Act (NY HIPA / NY Health Data laws), which expands protection for regulated health information (“RHI”).

  • For New York residents (or people physically in New York), we commit to comply with those laws regarding what health data is collected, how authorization is obtained, how data is protected, and individuals’ rights (access, deletion).

  • We will not process or retain regulated health data beyond what is “strictly necessary” for our services unless additional consent is obtained.

9. Children’s Information

  • Our services are intended for persons 18 years or older.

  • We do not knowingly collect personal data from children under 13. If we learn we have, we will take steps to delete it.

10. Changes to This Privacy Policy

  • We may update this policy occasionally (for example, to reflect changes in law or our practices).

  • Any changes will be posted here with a new “Effective Date.”

  • Your continued use of our services after changes means you accept the updated policy.

11. Contact Us

If you have any questions or concerns about this Privacy Policy, or want to make a request (access, correction, deletion), use our Contact us page.