BRUT
Legal

Privacy policy

Last updated: April 2026

1. Who we are

BRUT is operated by Brut (“Brut”, “we”, “us”). For any privacy question, write to hello@brutfuel.com.

2. What we collect

Account: email address and an encrypted password (or your Google identity if you sign in with Google).

Profile: name, age, gender, sport, body weight and other training inputs you choose to provide.

Activity: the race plans, sessions and race-day plans you generate inside BRUT.

Technical: minimal cookies needed to keep you signed in and basic server logs (IP, user agent, request path) for security purposes.

3. Why we use it

To run the service: authenticate you, save your plans, personalise your fuelling guidelines. We do not sell your data and we do not use it for advertising.

4. Legal basis (GDPR)

Contract performance for account and service data. Legitimate interest for minimal server logs. Consent for any optional analytics or marketing communications, which you can withdraw at any time.

5. Who can see your data

Only Brut and our infrastructure providers (Supabase for the database, Vercel for hosting, Resend for transactional email). Each processes data under their own privacy terms. We never sell or share your data with advertisers.

6. International transfers

Some processors may store data outside the EU. We rely on Standard Contractual Clauses or equivalent safeguards.

7. Retention

We keep your account data for as long as your account exists. Delete your account from your profile to remove it permanently. Server logs are retained for up to 30 days.

8. Your rights

Access, rectification, erasure, restriction, portability and objection — write to hello@brutfuel.com and we will respond within 30 days.

9. Cookies

We use only the cookies strictly required to keep you signed in. See our Cookie Policy for the full list.

10. Security

Passwords are hashed. Data in transit is encrypted with TLS. We apply row-level security at the database so each athlete only sees their own data.

11. Children

BRUT is not directed at users under 16. We do not knowingly collect data from minors.

12. Changes

If we update this policy materially, we will let you know in the app or by email before the changes take effect.