Privacy Policy
This privacy policy explains how Endurance Planner processes your personal data and the rights you have. The service processes training and health-related data, which we treat with particular care.
1. Data Controller
The controller responsible for data processing on this website is:
Questions about data protection can be sent to the email address above.
2. What data we process
We process the following categories of personal data:
- Account data from your Strava sign-in: your name, profile picture and Strava athlete ID.
- Training and activity data synced from Strava: activities including heart rate, power, pace, distance, elevation and GPS routes.
- Performance metrics you record or that are derived from your activities, such as FTP, threshold pace and personal bests.
- Preferences: your chosen language, units and theme.
- Technical data needed to keep you signed in, including Strava access tokens.
3. Purpose and legal basis
We process account, training and preference data to provide the training platform you signed up for (Art. 6(1)(b) GDPR — performance of a contract).
Heart rate, power and similar training data can reveal information about your health and is therefore treated as sensitive data. We process it only on the basis of your explicit consent, which you give when signing in (Art. 9(2)(a) GDPR). You may withdraw this consent at any time by deleting your account.
Connecting your Strava account and importing your activities is likewise based on your consent.
4. Recipients and processors
We use the following service providers, who process data on our behalf under data processing agreements:
- Supabase — database and authentication hosting, located in the EU (eu-central-1, Frankfurt).
- Vercel — application hosting and delivery.
- Strava — your activity data is imported from Strava Inc. (USA) at your request. This transfer to the USA is based on Standard Contractual Clauses. Strava's own privacy policy also applies. As the provider of the Strava API, Strava may monitor technical usage data of our integration (such as API request volumes) under its own policies.
5. Cookies
We use only strictly necessary cookies: a cookie that keeps you signed in, and cookies that store your language and theme preferences. We do not use any tracking or analytics cookies, so no cookie consent banner is required.
6. Data retention
We store your data for as long as your account exists. You can delete all synced activities, or your entire account, at any time in the settings. Deleting your account permanently removes all associated data and revokes our access to your Strava account.
You can also disconnect Strava at any time in the settings. Disconnecting immediately revokes our access to your Strava account and permanently deletes all activities synced from Strava together with all statistics derived from them; you receive an on-screen written confirmation of the deletion. If you instead revoke Endurance Planner's access in your Strava settings (strava.com/settings/apps), we are notified by Strava and delete all of your Strava data within 48 hours. Activities you delete on Strava are likewise removed from our systems automatically.
7. Your rights
Under the GDPR and the Swiss Data Protection Act (revDSG) you have the right to:
- Access the personal data we hold about you.
- Have inaccurate data corrected.
- Have your data erased — available directly in the settings.
- Data portability — export all of your data as a file from the settings.
- Restrict or object to the processing of your data.
- Withdraw your consent at any time with effect for the future — for Strava data processing, use Settings → Disconnect Strava, or revoke Endurance Planner's access in your Strava settings; either way your Strava data is deleted as described in section 6.
- Lodge a complaint with a data protection supervisory authority.
8. Connecting AI assistants
You can connect a third-party AI assistant (such as ChatGPT) to your account using the connector. Connecting always requires your explicit authorisation through a consent screen, and you can decline or disconnect at any time.
Once connected, the assistant can read and modify your planned workouts, workout templates and weekly plans on your behalf. When you use it, this planning data is sent to the AI provider that operates the assistant; that provider processes it under its own privacy policy. AI assistants have no access to data originating from Strava: activities synced from Strava, heart-rate, power and GPS data, and metrics derived from them (such as FTP or personal bests) are never made available to a connected assistant.
Each connection is limited to your own account and grants no access to other users. You can revoke an assistant’s access at any time, which immediately invalidates its tokens.
Last updated: July 2026