Legal

Privacy Policy

Last updated: May 2026

This policy applies to Paths Labs Ltd, a company registered in England and Wales (Company No. 17175677).

Paths is designed to be simple and private.

What we collect

  • Movement data — GPS coordinates (latitude and longitude), timestamps, distance, and route geometry that you draw, upload, import from a route link (Google Maps, Komoot), or generate using the AI route tool
  • Strava activity data — when you connect your Strava account, we import GPS coordinates, speed/velocity, altitude/elevation, grade, distance, and time data from activities you choose to import. We store the minimum data needed to render your visual and do not store raw Strava activity files
  • Account information — your email address, used for authentication. Passwords are never stored by Paths; authentication is handled by Supabase Auth using either a magic link sent to your email or a securely hashed credential. We do not have access to your password in any form
  • Profile data — display name and profile photo, if you choose to add them
  • Subscription data — your plan tier (Free or Collection) and subscription status, used to gate features and manage access
  • Basic usage data — interactions with the website, such as pages visited

How we use it

  • Authenticate your account and maintain your session
  • Generate and display your visual movement artwork
  • Save your movements to your account (if you choose)
  • Apply plan limits — free accounts may create up to 3 visuals; Collection accounts have no limit
  • Improve the product and user experience

Strava integration

If you connect your Strava account, we request read-only access to your activities (activity:read_all scope). We access only the specific activities you choose to import. We do not read your full activity history automatically, access private messages, or store information about followers or connections.

Speed, elevation, and GPS data from imported activities are used solely to generate your artwork and are stored only for as long as your movement remains saved in your account. You can disconnect Strava at any time from the Movements page, which removes your stored access credentials immediately. Disconnecting does not delete movements you have already saved.

Your use of Strava remains subject to Strava’s own privacy policy.

AI-generated content

Paths uses an AI service (Claude, provided by Anthropic) to suggest movement titles and notes. To do this, a sample of your route’s coordinates is sent to Anthropic’s API along with any context you choose to provide. This data is used solely to generate the suggestion and is not retained by Anthropic or used to train their models. You are not required to use AI suggestions — you can name your movement manually at any time.

Payments

If you subscribe to Collection, payments are processed by Stripe. We do not store your card details — all payment data is held by Stripe and subject to their privacy policy. We store only your subscription status and tier for the purpose of managing your access.

Data security

We use appropriate technical and organisational measures to protect your data.

Your rights

You have the right to access, correct, or request deletion of your personal data. You can contact us at any time to exercise these rights.

Cookies

We use minimal cookies to keep the website functioning and understand basic usage. You can control cookies through your browser settings.

Data protection laws

We process personal data in accordance with applicable data protection laws, including the UK GDPR.

Contact

hello@paths.today

Paths Labs Ltd
Registered in England and Wales (Company No. 17175677)
Registered office: 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom