Privacy policy
Last updated: April 2026
1. Who we are
BRUT is operated by Brut (“Brut”, “we”, “us”). For any privacy question, write to hello@brutfuel.com.
2. What we collect
Account: email address and an encrypted password (or your Google identity if you sign in with Google).
Profile: name, age, gender, sport, body weight and other training inputs you choose to provide.
Activity: the race plans, sessions and race-day plans you generate inside BRUT.
Technical: minimal cookies needed to keep you signed in and basic server logs (IP, user agent, request path) for security purposes.
3. Why we use it
To run the service: authenticate you, save your plans, personalise your fuelling guidelines. We do not sell your data and we do not use it for advertising.
4. Legal basis (GDPR)
Contract performance for account and service data. Legitimate interest for minimal server logs. Consent for any optional analytics or marketing communications, which you can withdraw at any time.
5. Who can see your data
Only Brut and our infrastructure providers (Supabase for the database, Vercel for hosting, Resend for transactional email). Each processes data under their own privacy terms. We never sell or share your data with advertisers.
6. International transfers
Some processors may store data outside the EU. We rely on Standard Contractual Clauses or equivalent safeguards.
7. Retention
We keep your account data for as long as your account exists. Delete your account from your profile to remove it permanently. Server logs are retained for up to 30 days.
8. Your rights
Access, rectification, erasure, restriction, portability and objection — write to hello@brutfuel.com and we will respond within 30 days.
9. Cookies
We use only the cookies strictly required to keep you signed in. See our Cookie Policy for the full list.
10. Security
Passwords are hashed. Data in transit is encrypted with TLS. We apply row-level security at the database so each athlete only sees their own data.
11. Children
BRUT is not directed at users under 16. We do not knowingly collect data from minors.
12. Changes
If we update this policy materially, we will let you know in the app or by email before the changes take effect.