TEMPO

Privacy Policy

Learn how we collect, use, and protect your personal data on TempoClub.

Last updated: April 24, 2026

1. Introduction

TempoClub ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

This policy applies to all users of our platform, including registrants, event organizers, and visitors.

2. Information We Collect

2.1 Information You Provide

We collect information you directly provide to us, including:

  • Account Information: Name, email address, phone number, and password when you create an account
  • Profile Information: Date of birth, emergency contact, mailing address, and profile photo
  • Registration Information: Athletic category, USAC license number, and responses to registration questions
  • Payment Information: Credit card details and billing address (processed securely by Stripe)
  • Organizer Information: Organization name, contact details, and banking information for payouts
  • Communications: Messages you send to us or other users through the platform

2.2 Information We Collect Automatically

When you use our platform, we automatically collect:

  • Device Information: IP address, browser type, operating system, and device identifiers
  • Usage Information: Pages visited, features used, and time spent on the platform
  • Location Information: General location based on IP address (with your consent, more precise location for finding nearby events)

2.3 Information from Third Parties

We may receive information from:

  • Authentication providers (e.g., Google, Apple) if you sign up using social login
  • Payment processors regarding transaction status
  • Event organizers who share participant lists

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our services
  • Process event registrations and payments
  • Send registration confirmations and event updates
  • Communicate with you about your account and our services
  • Personalize your experience (e.g., showing nearby events)
  • Ensure platform security and prevent fraud or abuse
  • Comply with legal obligations
  • Analyze usage patterns to improve our platform

3.1 Legal Basis for Processing (EEA / UK)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data only where a legal basis applies under Article 6(1) of the GDPR:

  • Performance of a contract (Art. 6(1)(b)) — to provide the services you request, including account creation, event registration, ticketing, payments, and payouts to organizers.
  • Legitimate interests (Art. 6(1)(f)) — to secure the platform, prevent fraud and abuse, debug and improve our services, and analyze aggregate usage. You may object to processing based on legitimate interests at any time.
  • Consent (Art. 6(1)(a)) — for non-essential cookies, marketing emails, precise location, and other activities where we ask for your permission. You may withdraw your consent at any time without affecting the lawfulness of prior processing.
  • Legal obligation (Art. 6(1)(c)) — to meet tax, accounting, anti-fraud, and other legal requirements.

4. How We Share Your Information

4.1 With Event Organizers

When you register for an event, we share your registration information with the event organizer so they can manage their event and contact participants.

4.2 With Service Providers (Subprocessors)

We share information with third-party service providers who assist us in operating the platform. Each subprocessor is bound by contractual data-protection obligations and only processes data on our instructions. Current subprocessors include:

  • Stripe (USA) — payment processing, payouts to organizers, and related fraud prevention.
  • Google Firebase (USA) — user authentication, multi-factor authentication, and push notifications.
  • Amazon Web Services (AWS) (USA) — object storage for images, documents, and user uploads (S3).
  • Resend (USA) — transactional email delivery (confirmations, receipts, password resets, event updates).
  • Google Maps Platform (USA) — geocoding, maps, and location search for event discovery.
  • Sanity (USA / EU) — content management for editorial and help-center content.
  • Managed Redis provider — ephemeral session data, caching, and rate limiting.

We update this list as subprocessors change. For the most current list, contact us using the details in Section 15.

4.3 For Legal Reasons

We may disclose your information if required by law or if we believe disclosure is necessary to:

  • Comply with legal process
  • Protect our rights or property
  • Prevent fraud or security issues
  • Protect the safety of users or the public

4.4 Business Transfers

If TempoClub is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Keep you logged in to your account
  • Remember your preferences
  • Analyze platform usage
  • Improve our services

Types of Cookies We Use

  • Essential Cookies: Required for the platform to function (e.g., authentication, security)
  • Analytics Cookies: Help us understand how users interact with the platform
  • Preference Cookies: Remember your settings and choices

You can manage your cookie preferences through our cookie consent banner or your browser settings.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal data:

6.1 Access and Portability

You can access and download your personal data through your account settings. We provide your data in a portable format (JSON).

6.2 Correction

You can update your personal information through your profile settings at any time.

6.3 Deletion

You can request deletion of your account and associated data through your security settings. Note that we may retain certain information as required by law or for legitimate business purposes.

6.4 Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or updating your notification preferences.

6.5 Do Not Track

We currently do not respond to "Do Not Track" browser signals.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Pseudonymization of identifiers in logs and analytics where feasible
  • Secure authentication with support for 2FA and social login
  • Regular security assessments and monitoring
  • Access controls limiting who can access personal data

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain your personal data only for as long as necessary for the purposes described in this policy. Because retention needs vary by data type and context, we use the following criteria to determine how long we keep information rather than fixed periods:

  • Account data is retained while your account is active and for a reasonable period after account deletion to handle refunds, chargebacks, and disputes.
  • Transaction and payment records are retained as long as required by tax, accounting, and anti-fraud laws in the jurisdictions where we operate.
  • Registration and event records may be retained by event organizers for historical race results, athletic records, and their own legal obligations. You should consult the organizer for their retention practices.
  • Server logs, diagnostic data, and abuse-detection signals are retained only as long as needed for security monitoring, abuse investigation, and debugging.
  • Marketing consent records are retained as long as needed to demonstrate that consent was given, and then deleted.

When personal data is no longer needed for any of the above purposes, we delete or anonymize it. If you would like more detail about the retention of a specific type of data, contact us using the details in Section 15.

9. International Data Transfers

We are based in the United States, and several of our subprocessors are located in the United States or other countries outside the European Economic Area, United Kingdom, and Switzerland. Your information may be transferred to and processed in these countries.

For transfers from the EEA, UK, or Switzerland to the United States, we rely on appropriate safeguards under Article 46 of the GDPR, including the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, certification under the EU-U.S. Data Privacy Framework (and its UK Extension and Swiss-U.S. counterpart). You can request a copy of the safeguards that apply to a specific transfer by contacting us.

10. Children's Privacy

Our platform is not intended for children under 13 in the United States or under 16 in the European Economic Area, United Kingdom, and Switzerland (or the applicable lower age set by the user's member state under Article 8(1) GDPR, which may be as low as 13). We do not knowingly collect personal information from children below these thresholds. If you believe we have collected information from a child under the applicable age, please contact us immediately and we will delete it.

For users between the applicable minimum age and 18, a parent or guardian may manage the account and must consent to event registrations.

11. California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know what personal information we collect and how it's used
  • Right to delete personal information
  • Right to opt out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your rights

12. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under GDPR:

  • Right to access your personal data (Art. 15)
  • Right to rectification of inaccurate data (Art. 16)
  • Right to erasure ("right to be forgotten") (Art. 17)
  • Right to restrict processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object to processing (Art. 21)
  • Right to withdraw consent at any time (Art. 7(3))
  • Right to lodge a complaint with a supervisory authority in your country of residence (Art. 77) — for example, the Irish Data Protection Commission, the UK Information Commissioner's Office, or your national data protection authority

To exercise these rights, visit your security settings or contact us at [email protected]. We will respond within the timeframes required by applicable law.

13. Automated Processing and Decision-Making

We use a limited amount of automated processing to keep the platform safe and functional. This includes:

  • Abuse and fraud detection: We analyze account activity, payment signals, and usage patterns to detect spam, bot activity, payment fraud, and abusive behavior. Accounts or actions flagged by these systems may be rate-limited, temporarily blocked, or queued for human review.
  • Security monitoring: We use automated tools to detect suspicious sign-ins, credential stuffing, and other security threats.

We do not use solely automated decisions that produce legal or similarly significant effects on you within the meaning of Article 22 GDPR. Where an automated signal would materially restrict your account, a human reviews the decision before it becomes final. If you believe an automated action was taken against you in error, you can request human review by contacting us.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

15. Contact Us

The data controller responsible for your personal data is:

If you have questions or concerns about this Privacy Policy, want to exercise your rights, or request the current subprocessor list or transfer safeguards, please reach out using the details above.

This document is available for printing. Use your browser's print function (Ctrl/Cmd + P) to save a copy for your records.