← Back to Kakeru

Privacy Policy

Last updated: February 2026

Information We Collect

Information from Strava

When you sign in with Strava, we receive and store:

• Your Strava athlete ID
• Your name and profile picture
• Your email address
• Your city and country (as listed on Strava)

We request only "read" scope from Strava. We do not access your activities, GPS data, or workout history.

Information We Generate

• Account data: Your subscription plan (free or pro) and route generation count per month
• Route logs: When you generate a route, we log the shape type, description, size, and timestamp. We do NOT store the actual route coordinates or GPX file contents.
• Session data: A random session identifier stored as an HTTP-only cookie to keep you logged in

Information We Do NOT Collect

• GPS location data or location history
• Route coordinates or GPX file contents (these are generated on-demand and not saved)
• Strava activities, workouts, or performance data
• Payment card details (handled entirely by Stripe)
• Browser fingerprints or advertising identifiers

How We Use Your Information

• To authenticate your identity via Strava
• To manage your account and subscription plan
• To enforce route generation limits
• To improve the application based on usage patterns

Data Storage and Security

Your data is stored in a server-side database. Authentication tokens are stored server-side only and are never exposed to client-side JavaScript. Session cookies are HTTP-only, secure, and use SameSite protections.

Third-Party Services

Kakeru uses the following third-party services:

• Strava: For authentication — Strava Privacy Policy
• Google Maps: For map display and route snapping — Google Privacy Policy
• OpenAI / Anthropic: For AI shape generation. Text prompts describing shapes are sent to the API. No personal data is included in these requests.
• Stripe: For payment processing (coming soon). Card details are handled entirely by Stripe and never touch our servers — Stripe Privacy Policy

Data Retention

• Account data is retained as long as your account exists
• Sessions expire after 30 days of inactivity
• Route logs are retained for usage analytics

Your Rights

You may request deletion of your account and all associated data by contacting us. You can revoke Kakeru's access to your Strava account at any time in your Strava settings under "My Apps".

Contact

For privacy-related questions, contact us at: hello@kakeru.run