PRIVACY

Privacy Policy

Last updated: June 19, 2026

This policy explains what personal data Ultra Planner collects, why, who processes it, and the rights you have over it. It is written to be read — not to bury the details. We only describe data we actually collect.

Who is responsible (data controller)

The data controller is Bartosz Chojnicki, operating Ultra Planner as an individual. For any privacy question or to exercise your rights, contact hello@ultra-planner.app.

What we collect

  • Your email address — used to sign you in. Ultra Planner uses passwordless sign-in: you receive a one-time code by email, so we never store a password.
  • Plan data you enter — race parameters, aid stations, and gear you add to build a plan. This is the content of the service and is tied to your account.
  • Session cookies — strictly-necessary cookies that keep you signed in as you move between pages. See Cookies below.

We do not collect analytics, advertising, or tracking data, and we do not build profiles about you or sell your data to anyone.

Why we process it (legal basis)

  • To provide the service — creating your account and storing and displaying your plans is performance of our agreement with you (GDPR Art. 6(1)(b)).
  • To keep the service secure and working — basic operational and abuse-prevention measures rest on our legitimate interest in running a safe service (GDPR Art. 6(1)(f)).

Who processes it for us (sub-processors)

We rely on a few trusted providers to run the service. They process data on our behalf, under their own terms and security:

  • Supabase — authentication and the database that stores your account and plans.
  • Resend — sends the confirmation email when you request account deletion.
  • Cloudflare — hosting and content delivery for the application.

How long we keep it

We keep your account and plan data for as long as your account exists. When you delete your account, your email, plans, aid stations, and gear are permanently removed.

For security and abuse prevention, we keep a minimal record that a deletion happened: a one-way hash of your email (not the email itself), the time of deletion, and the request's IP address. This record cannot be used to recover your data.

Your rights

Under the GDPR you can:

  • access the personal data we hold about you;
  • correct inaccurate data — you can edit your plans directly in the app;
  • erase your data — delete your account and everything in it at any time from Settings → Remove account;
  • receive a copy of your data, or restrict or object to processing;
  • lodge a complaint with your supervisory authority — in Poland, the President of the Personal Data Protection Office (UODO).

To exercise any right that isn't self-service, email hello@ultra-planner.app.

Cookies

Ultra Planner uses only strictly-necessary cookies — the session cookies that keep you signed in. We do not use analytics, advertising, or tracking cookies, so there is no cookie-consent banner: the cookies we set are required for the service to work. You can clear them any time through your browser, which signs you out.

Changes to this policy

If we change how we handle data, we'll update this page and the "Last updated" date above. Material changes will be reflected here before they take effect.

Contact

Questions about your data or this policy? Email hello@ultra-planner.app.