Privacy Policy
Last updated: March 7, 2026
Where2Watt uses Strava for authentication and segment linking. This policy explains what data is processed, why it is processed, and how you can revoke access or request deletion.
Data We Read From Strava
When you connect Strava, Where2Watt receives your athlete ID and OAuth tokens required to authorize API calls.
For submitted segment URLs, Where2Watt may read Strava segment metadata such as segment name, distance, average gradient, and polyline data.
Why We Use This Data
To authenticate you and let you submit/rate/report segments.
Where2Watt does not use Strava data for advertising.
Where2Watt uses a deterministic pseudonymous internal ID derived from your Strava athlete ID using a keyed one-way cryptographic function. Your raw Strava athlete ID is not used as your app-facing identifier. While connected, authorization records are associated with this pseudonymous ID so core features keep working.
Retention and Deletion
Data linked to your account is retained while your Strava connection remains active. If you choose "Disconnect Strava" in the app, Where2Watt deauthorizes with Strava and removes account-linked records from the server.
If Strava sends a deauthorization webhook event, the same cleanup is triggered server-side. You can also request deletion by email.
For security, Where2Watt may retain a minimal pseudonymous revocation marker for up to the JWT session lifetime to ensure previously issued sessions are invalidated.
How To Revoke Access
Use the in-app "Disconnect Strava" action, or revoke access from your Strava account settings.
Support and deletion requests: ndrmntn@gmail.com