Privacy Policy

2.1 Account data

Email address, name, and profile information you provide when signing up. Legal basis: performance of contract (Article 6(1)(b) GDPR).

2.2 Activity and health-related data from fitness platforms

When you connect your account to a fitness or activity platform (such as Strava, Garmin Connect, Polar Flow, or similar services), we receive and store activity data that you have authorised us to access. This may include:

• Activity type, duration, distance, and elevation
• Heart rate and other physiological metrics
• GPS routes and location data
• Calories, power, and similar training metrics

This data may qualify as health data under Article 4(15) GDPR and as special category data under Article 9 GDPR. We process it only on the basis of your explicit consent (Article 9(2)(a) GDPR), which you give when you connect a fitness platform to your account.

2.3 Usage data

Technical and usage information (e.g. pages visited, features used, IP address) necessary for the operation and improvement of our services. Legal basis: legitimate interest (Article 6(1)(f) GDPR).

We use your activity and health-related data solely to:

• Display your training activities in your athlete dashboard
• Calculate training load and summaries for your own use
• Share activity data with your linked coach, if you have chosen to work with a coach, so they can view your training and provide guidance

We do not sell your data. We do not use it for advertising or for purposes incompatible with those described above.

We may disclose your data:

• To your coach: If you have linked your account to a coach, that coach can view your synced activities and related training data to support your training.
• To processors: We use Supabase and other service providers for hosting and storage. They act as processors under Article 28 GDPR and process data only on our instructions.
• When required by law: We may disclose data if required by EU or Dutch law, or to protect our rights and safety.

We do not transfer your data to countries outside the EU/EEA unless adequate safeguards (e.g. standard contractual clauses) are in place.

If you are in the EU/EEA, you have the following rights:

• Access (Article 15): Obtain confirmation of whether we process your data and a copy of that data.
• Rectification (Article 16): Request correction of inaccurate data.
• Erasure (Article 17): Request deletion of your data in certain circumstances.
• Restriction (Article 18): Request that we limit processing in certain circumstances.
• Data portability (Article 20): Receive your data in a structured, commonly used format.
• Objection (Article 21): Object to processing based on legitimate interests.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

You can disconnect any fitness platform (Strava, Garmin, Polar, etc.) at any time from your account settings or from the platform's own app settings. Disconnecting stops new data from being synced. To request deletion of already-synced data or to exercise any of the above rights, contact us using the details in section 9.

Right to lodge a complaint (Article 77): You have the right to lodge a complaint with a supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (Dutch Data Protection Authority): autoriteitpersoonsgegevens.nl. You may also contact the supervisory authority in your country of residence.