Privacy Policy

The controller responsible for data processing on this website is:

Questions about data protection can be sent to the email address above.

We process the following categories of personal data:

• Account data from your Strava sign-in: your name, profile picture and Strava athlete ID.
• Training and activity data synced from Strava: activities including heart rate, power, pace, distance, elevation and GPS routes.
• Performance metrics you record or that are derived from your activities, such as FTP, threshold pace and personal bests.
• Preferences: your chosen language, units and theme.
• Technical data needed to keep you signed in, including Strava access tokens.

We process account, training and preference data to provide the training platform you signed up for (Art. 6(1)(b) GDPR — performance of a contract).

Heart rate, power and similar training data can reveal information about your health and is therefore treated as sensitive data. We process it only on the basis of your explicit consent, which you give when signing in (Art. 9(2)(a) GDPR). You may withdraw this consent at any time by deleting your account.

Connecting your Strava account and importing your activities is likewise based on your consent.

We use the following service providers, who process data on our behalf under data processing agreements:

• Supabase — database and authentication hosting, located in the EU (eu-central-1, Frankfurt).
• Vercel — application hosting and delivery.
• Strava — your activity data is imported from Strava Inc. (USA) at your request. This transfer to the USA is based on Standard Contractual Clauses. Strava's own privacy policy also applies.

We use only strictly necessary cookies: a cookie that keeps you signed in, and cookies that store your language and theme preferences. We do not use any tracking or analytics cookies, so no cookie consent banner is required.

We store your data for as long as your account exists. You can delete all synced activities, or your entire account, at any time in the settings. Deleting your account permanently removes all associated data.

Under the GDPR and the Swiss Data Protection Act (revDSG) you have the right to:

• Access the personal data we hold about you.
• Have inaccurate data corrected.
• Have your data erased — available directly in the settings.
• Data portability — export all of your data as a file from the settings.
• Restrict or object to the processing of your data.
• Withdraw your consent at any time with effect for the future.
• Lodge a complaint with a data protection supervisory authority.

You can connect a third-party AI assistant (such as ChatGPT) to your account using the connector. Connecting always requires your explicit authorisation through a consent screen, and you can decline or disconnect at any time.

Once connected, the assistant can read and modify your planned workouts, workout templates and weekly plans on your behalf. When you use it, the relevant training data is sent to the AI provider that operates the assistant; that provider processes it under its own privacy policy.

Each connection is limited to your own account and grants no access to other users. You can revoke an assistant’s access at any time, which immediately invalidates its tokens.