Privacy Policy
Effective date: April 8, 2026. This policy describes what PATHSTORY collects, why it is collected, and how it is used when you connect your Strava account and create route prints.
What PATHSTORY does
PATHSTORY connects to your Strava account so you can browse your activities, select routes, and generate printable map artwork based on those activities.
Data we collect
When you sign in with Strava, PATHSTORY receives your Strava athlete ID, first name, last name, profile image, OAuth access token, OAuth refresh token, token expiry, and lightweight activity metadata such as activity title, type, distance, moving time, elapsed time, elevation, speed, and date.
How we use your data
We use this data only to authenticate you, show your activity list, let you choose activities, and generate map previews and exports you request. We do not use your data for advertising and we do not sell it to third parties.
Where data is stored
Your account details, Strava tokens, and lightweight activity metadata are stored in the application database. Your login session token may also be stored in your browser local storage so you can stay signed in between visits.
What is not stored long-term
Detailed route geometry such as decoded coordinates, full polyline data, and export-time elevation stream data is loaded from Strava only when needed for the current preview or export flow and is not intended to be kept as long-term application data.
Third-party services
PATHSTORY relies on Strava for authentication and activity import. Map previews and exports may also use third-party map tile providers depending on the selected map style. Those services may receive technical request data such as your IP address when tiles are loaded in your browser or on the server.
Legal basis and purpose
If you are in a jurisdiction that requires a legal basis for processing, the data is processed to provide the service you request when you sign in and generate route prints, and where applicable based on your consent through the Strava authorization flow.
Data retention
Data is kept for as long as your account remains active or as long as it is needed to provide the service. OAuth tokens may be refreshed and replaced as required by Strava. If deletion is requested, the stored account record and lightweight synced activity metadata should be removed unless retention is required for legal reasons.
Your choices
You can stop using the service at any time. You can also revoke PATHSTORY access from your Strava account settings. Removing the browser token signs you out locally, but it does not delete server-side data by itself.
Deleting your data
You can request deletion of your PATHSTORY account data. When account data is deleted, the stored account record, Strava tokens, and synced lightweight activity metadata should be removed from the service database. Revoking access in Strava is still recommended as a separate step.
Security
Reasonable technical measures are used to protect stored data, but no service can guarantee absolute security. You should keep your own device and browser secure as well.
Children
PATHSTORY is not intended for children under the age required to use Strava in your region.
Changes to this policy
This Privacy Policy may be updated from time to time. The latest version will be published on this page with an updated effective date.
Contact and controller details
PATHSTORY is the operator of this service and the point of contact for privacy-related matters.
This page is a practical product-facing privacy notice based on the current behavior of the application. It is not legal advice.
See also Terms & Conditions.