Privacy Policy

Personal information you provide. We collect personal information that you voluntarily provide when registering for the Services, expressing interest in our products, participating in activities on the Services, or contacting us. This includes:

• Name and contact data: first and last name, email address, and similar contact information
• Credentials: passwords and similar security information used for authentication

Fitness and health data from integrations. If you connect third-party fitness platforms (such as Strava, Garmin, Suunto, or Coros), we collect and store health and fitness data made available by those platforms. This may include heart rate, steps, distance, speed, location (GPS), power, elevation, training load, sleep, and other activity-related metrics. The information we access depends on the permissions you grant through each platform.

Calendar data. If you connect Google Calendar, we read your calendar event titles, start/end times, and calendar names. We do not read event descriptions, attendee lists, or attachments. See the Google Calendar Data section below for full details.

Information automatically collected. When you visit or use the Services, we automatically collect certain information such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, and location. This information is used to maintain security and operation of our Services and for internal analytics.

Integrative Endurance's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

What we access. We request read-only access to your Google Calendar events and calendar list (calendar.events.readonly, calendar.calendars.readonly). We cannot create, modify, or delete events on your calendar.

Why we access it. Calendar events are used solely to detect scheduling conflicts with your training plan and to recommend optimal workout times around your commitments.

How we store it. Event titles and times are stored in our database, associated with your user account, and protected by row-level security. We do not store full event details, attendee information, or attachments.

Sharing. We do not sell, share, or transfer your Google Calendar data to any third party. Calendar data is never used for advertising, marketing, or profiling.

Retention and deletion. When you disconnect Google Calendar from your profile, we immediately revoke the access token with Google, stop webhook notifications, and permanently delete all stored calendar events from our database. You can also request complete account deletion by contacting us.

We process your information for purposes based on legitimate business interests, the fulfillment of our contract with you, compliance with our legal obligations, and/or your consent. Specifically, we use the information we collect to:

• Facilitate account creation and login
• Deliver services you have requested
• Generate and optimize personalized training plans using fitness data from integrated platforms
• Provide workout analytics, pacing, and race predictions
• Detect schedule conflicts between your calendar and training plan
• Send coaching notifications and weekly summaries
• Analyze usage trends and improve the quality and accuracy of our Services

We may use and store information in aggregated and anonymized form so that it is not associated with individual end users and does not include personal information.

We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations. We may process or share data based on:

• Consent: when you have given specific consent
• Legitimate interests: when reasonably necessary to achieve our business interests
• Performance of a contract: to fulfill the terms of our agreement with you
• Legal obligations: to comply with applicable law, governmental requests, court orders, or legal process

We may share data with third-party vendors, service providers, and contractors who perform services on our behalf (e.g., hosting, analytics, fitness data synchronization). We do not sell, rent, or trade your information with third parties for their promotional purposes.

We keep your personal information only as long as necessary for the purposes outlined in this policy, unless a longer retention period is required by law (such as tax, accounting, or other legal requirements). No purpose in this policy will require us to keep your personal information for longer than 2 years past the termination of your account.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or securely store and isolate it from further processing until deletion is possible.

We have implemented appropriate technical and organizational security measures to protect any personal information we process. All data is transmitted over HTTPS. Our database uses row-level security to ensure users can only access their own data. OAuth tokens are stored server-side and never exposed to the browser. Sensitive credentials (client secrets, service role keys) are stored as environment variables and never included in client-side code.

However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure. We will do our best to protect your personal information, but transmission of personal information to and from our Services is at your own risk.

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.

You may at any time:

• Review or change your account information via your account settings
• Disconnect integrations from your Profile page to revoke access and delete associated data
• Revoke Google access directly from your Google Account permissions page
• Revoke Strava or Garmin access through the respective platform's app permissions settings
• Request account deletion by contacting us at the address below
• Opt out of marketing emails by clicking the unsubscribe link in any marketing email

Once you revoke access to a third-party integration, we stop receiving new data from that source. Previously collected data may remain stored in accordance with our retention policies unless you request deletion.

If you are a resident of the European Economic Area and believe we are unlawfully processing your personal information, you have the right to complain to your local data protection supervisory authority.

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you in a revised version of this policy.

Yes. California Civil Code Section 1798.83 ("Shine The Light") permits California residents to request and obtain from us, once a year and free of charge, information about the categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident, please submit your request in writing using the contact information below.

If you are under 18, reside in California, and have a registered account, you have the right to request removal of unwanted data that you publicly post on the Services. Please contact us with the email address associated with your account and a statement that you reside in California.

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last updated" date and will be effective as soon as it is accessible. If we make material changes, we may notify you by prominently posting a notice or by sending you a notification directly.

If you have questions or comments about this policy, you may contact us at: