Privacy policy.

Last updated · 2026-05-06

1. Who we are

Run and Chill is a community sports club based in Munich, Germany. This website (runandchill.de) and the member dashboard (checkin.runandchill.de) are operated by Mirthe van Veen on behalf of the club.

Contact: info@runandchill.de

2. What we collect

When you create an account:

• Name (first and last) so we can recognise you at trainings and on the leaderboard.
• Email address for login, password resets and verification.
• Password, stored only as a bcrypt hash. We never see or store the plain text.

When you check in to a training:

• Check-in timestamp.
• Device fingerprint, a non-identifying hash used only to stop the same device from checking in twice for the same session.
• Friend referrals, the names and emails of friends you bring (with their consent).
• Location verification result. When you check in, your browser may ask for your GPS location to verify you're within 1 km of the session. We do not store your GPS coordinates. Only the result (verified or not) is saved with your check-in. You can deny the prompt and still check in.

When you place a merch order:

• Your name, email, shipping address and the order details, so we can fulfil and contact you about the order.
• Payment is handled by Mollie. We never see or store your full card or bank details.

3. How we use it

• Running the check-in, leaderboard and merch flow.
• Sending account-related emails (verification, password reset, training reminders, order confirmations).
• Showing your name and points on the leaderboard, visible only to logged-in members.
• Detecting fraud (duplicate check-ins, double-redeemed discount codes).

We do not sell, share, or transfer your data to third parties for marketing.

4. Where it's stored

Member and order data lives on Turso (a SQLite cloud database) hosted in the EU. The website itself runs on Vercel (EU regions). Transactional emails are sent through goneo SMTP servers in Germany. Strava activity stats come from the Strava API and are aggregated without storing personal identifiers beyond first name + last initial.

5. Cookies and tracking

We use a single signed session cookie ("rnc") to keep you logged in. We don't use third-party tracking cookies. Google Analytics is only loaded if you accept the optional analytics banner; until you do, no analytics scripts run.

6. Your rights (GDPR)

You're in the EU, so you have the right to:

• Access the personal data we hold about you.
• Correct anything that's wrong.
• Delete your account and all associated data.
• Export your data in a portable format.
• Object to the processing of your data.

To exercise any of these, email info@runandchill.de. We aim to respond within 30 days.

7. Retention

Account data is kept while the account is active. If you delete your account, all personal data is permanently removed within 30 days. Order records may be retained for up to 10 years to satisfy German bookkeeping rules (§ 257 HGB), but with personal identifiers minimised.

8. Updates

We update this page when something changes. The "Last updated" date at the top reflects the most recent revision.

Impressum & legal contact →