Privacy Policy

Last updated: March 2026

rownative.icu is an open-source, community-maintained platform for GPS-defined rowing courses. This policy describes what data we collect, why, and how it is handled.

Who we are

rownative.icu is operated as an open-source project. The source code is publicly available at github.com/rownative.

Authentication

We do not manage user accounts or store passwords. Authentication is handled entirely via intervals.icu OAuth. When you sign in, we receive an access token and your intervals.icu athlete ID from intervals.icu. We never see your intervals.icu password.

What we store

• Session cookie. After you sign in, we store an encrypted HTTP-only cookie (rn_session) in your browser containing your athlete ID and OAuth tokens. This cookie is used to keep you logged in and is never sent to third parties.
• Liked courses. If you like a course, your athlete ID and the list of liked course IDs are stored in Cloudflare KV (key-value storage). This is used to sync your liked courses to CrewNerd.
• Submitted courses. If you submit a course, the course geometry (GPS polygon data) is stored in this repository as a public file. No personal information is included in the course file.

What we do not store

• We do not store your name, email address, or any personal profile information from intervals.icu beyond your athlete ID.
• We do not store your GPS tracks or workout data.
• We do not use advertising or tracking cookies.
• We do not sell or share your data with third parties.

Third-party services

• intervals.icu — identity provider. Their privacy policy applies to your intervals.icu account.
• Cloudflare — Worker compute and KV storage. Cloudflare may log request metadata (IP address, timestamp) as part of normal infrastructure operation.
• GitHub Pages — static site hosting. GitHub may log request metadata per their privacy policy.

Data retention

Your liked-course list is retained until you remove it (by unliking all courses) or request deletion. Session cookies expire when you sign out or after the OAuth token expires. You can request deletion of your liked-course data by opening an issue at github.com/rownative/courses/issues.

Your rights (GDPR)

If you are in the European Economic Area, you have the right to access, correct, or delete your personal data. To exercise these rights, open an issue at github.com/rownative/courses/issues or contact us via the repository.

Changes to this policy

We may update this policy as the platform evolves. Changes will be committed to the rownative/courses repository with a date stamp.

← Back to the course map