Privacy Policy
Last updated: March 28, 2026
SummitScore ("we," "our," or "us") is a hiking performance analytics platform. This Privacy Policy describes
how we collect, use, store, and protect your personal information when you use our website and services
located at summitscore-app.azurewebsites.net (the "Service").
By creating an account or using the Service, you agree to the collection and use of information as described
in this policy.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address
- Password (stored in hashed form; we never store or see your plain-text password)
- Display username
- Bio and profile information you choose to provide
1.2 Data from Connected Services
When you connect third-party services through our Integrations page, we collect data from those services
on your behalf. You must explicitly authorize each connection. We currently support:
Strava:
- Hiking and outdoor activity data (distance, elevation, duration, route coordinates)
- Heart rate data recorded during activities
- Activity names, dates, and location metadata
- OAuth access and refresh tokens (used to maintain your connection)
Oura Ring:
- Daily readiness, sleep, and activity scores
- Heart rate data
- Sleep session details (duration, stages, timing)
- OAuth access and refresh tokens (used to maintain your connection)
1.3 Hike and Performance Data
We store and process:
- Imported hike records including distance, elevation, pace, heart rate, and duration
- Calculated performance scores and analytics
- Trail information associated with your hikes
- Weather data retrieved for the date and location of your hikes
1.4 Automatically Collected Information
When you use the Service, we may automatically collect:
- IP address
- Browser type and version
- Pages visited and time spent on the Service
- Device type and operating system
2. How We Use Your Information
We use your information to:
- Provide, operate, and maintain the Service
- Calculate hike performance scores and analytics
- Generate trail difficulty assessments and predictions
- Display your profile and published hikes to other users (based on your privacy settings)
- Enable social features such as following other users and viewing their public profiles
- Retrieve and display weather data for your hike locations and dates
- Improve and develop new features for the Service
- Communicate with you about your account or changes to the Service
3. How We Store and Protect Your Information
- All data is stored in a secured Azure SQL database hosted on Microsoft Azure infrastructure.
- Passwords are hashed using industry-standard algorithms (ASP.NET Core Identity) and are never stored in plain text.
- OAuth tokens for Strava and Oura are stored in the database and used solely to maintain your authorized connections.
- All connections to the Service are encrypted using HTTPS/TLS.
- API keys and secrets are stored as environment variables on the server and are never exposed in client-side code.
While we implement reasonable security measures, no method of electronic storage or transmission is 100%
secure. We cannot guarantee absolute security of your data.
4. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information to third parties.
We may share information only in the following circumstances:
- Public profile data: Your display username, bio, and hikes marked as public are visible
to other registered users. You can control whether your hikes are public in your profile settings.
- Service providers: We use Microsoft Azure to host the Service and store data. Azure
processes data on our behalf under their own privacy and security commitments.
- Third-party APIs: We send requests to Strava, Oura, Open-Meteo (weather), and
Anthropic (AI narrative generation) APIs using your data to provide Service features. These requests
contain only the minimum data necessary for each feature.
- Legal requirements: We may disclose your information if required to do so by law or in
response to valid legal process.
5. Third-Party Services
The Service integrates with third-party platforms. Each has its own privacy policy that governs
how they handle your data:
You can disconnect Strava or Oura at any time from the Integrations page. Disconnecting from Strava
revokes our access token on Strava's servers and permanently deletes all Strava-sourced hike data
(GPS routes, heart rate streams, activity metrics) from our database. If you revoke access from
Strava directly, we receive a webhook notification and delete your data within 48 hours.
6. Your Rights and Choices
- Access and update: You can view and update your profile information, bio, and
privacy settings at any time through the Service.
- Disconnect integrations: You can disconnect Strava or Oura at any time from
the Integrations page. Disconnecting Strava permanently deletes all Strava-sourced data.
- Control visibility: You can set your hikes to private so they are not visible
on your public profile.
- Delete your account: You may request deletion of your account and all associated
data by contacting us. Upon deletion, all your personal data, hike records, scores, and OAuth
tokens will be permanently removed from our database.
7. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service.
If you delete your account, we will delete your personal data within 30 days, except where we are
required by law to retain certain information.
8. Children's Privacy
The Service is not intended for use by anyone under the age of 13. We do not knowingly collect
personal information from children under 13. If we become aware that we have collected personal
data from a child under 13, we will take steps to delete that information.
9. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify
you by updating the "Last updated" date at the top of this page. Your continued use of the Service
after changes are posted constitutes your acceptance of the revised policy.
10. Contact
If you have questions about this Privacy Policy or your personal data, please contact us at:
Email: johnsonparker098@gmail.com