Privacy Policy

Personal information you provide. We collect personal information that you voluntarily provide when registering for the Services, expressing interest in our products, participating in activities on the Services, or contacting us. This includes:

• Name and contact data: first and last name, email address, and similar contact information
• Credentials: passwords and similar security information used for authentication
• Consent records: a record of your acceptance of this Privacy Policy and our Terms of Service, including the version you accepted, the date and time of acceptance, and the IP address and user-agent of the device used to accept

Fitness and health data from integrations. If you connect third-party fitness platforms (such as Strava, Garmin Connect, Suunto, or Coros), we collect and store health and fitness data made available by those platforms. This may include heart rate, steps, distance, speed, location (GPS), power, elevation, training load, sleep, and other activity-related metrics. The information we access depends on the permissions you grant through each platform.

Calendar data. If you connect Google Calendar, we read your calendar event titles, start/end times, and calendar names. We do not read event descriptions, attendee lists, or attachments. See the Google Calendar Data section below for full details.

Information automatically collected. When you visit or use the Services, we automatically collect certain information such as your IP address, browser and device characteristics, mobile device identifiers, operating system, language preferences, referring URLs, device name, country, and approximate location. This information is used to maintain security and operation of our Services and for internal analytics.

Diagnostic and error reports. When the Services encounter an error, we collect diagnostic information including stack traces, request paths, and runtime metadata to help us identify and fix problems. We take measures to scrub direct personal identifiers from these reports before they are stored.

The Services may be offered as part of a closed beta program. Beta participants help us validate features before general release. During the beta:

• Features may change, become temporarily unavailable, or be removed without notice.
• We may delete data stored as part of the beta program with reasonable notice.
• We may end the beta program at our discretion. Continued use of the Services after the beta program ends will be governed by the version of this policy and our Terms of Service then in effect.

We may use aggregated, anonymized observations from beta usage to improve the Services and develop new features. Aggregated data does not identify individual users and is not associated with personal information.

When you connect a wearable platform (such as Strava, Garmin Connect, Suunto, or Coros), we collect fitness and health data via that platform's API. Activity data from your connected wearable accounts is used to operate the Services. Where automated processing is involved, that processing acts on system-derived analytics produced inside our systems and complies with each platform's developer terms. See the Automated and AI-Assisted Processing section for details.

Garmin Connect. Data obtained via the Garmin Connect API adheres to the Garmin Connect Developer Program requirements. Garmin data is not shared with, processed by, or otherwise made available to any third party, including external artificial intelligence or data processing services. Users can disconnect Garmin via their Profile page; we call the Garmin deregistration API and delete stored tokens and associated data.

Suunto. Data obtained via the Suunto Cloud API is used solely within our application in accordance with the Suunto Cloud API Agreement. Suunto data is not used outside of our application, and is not transferred to advertising networks, data brokers, or monetization-related services. Users can disconnect Suunto and request deletion of associated data at any time.

Coros. Data obtained via the Coros API is processed solely within our own systems and in compliance with Coros's developer terms. Coros data is not shared with external advertising networks or data brokers. Users can disconnect Coros and request deletion of associated data at any time.

Strava. Strava data may be processed using automated tools and service providers we use to operate the Services, including to generate personalized coaching insights, in compliance with Strava's API Agreement. This processing is disclosed here and users consent upon connecting their Strava account. Users can disconnect Strava and revoke access at any time.

Integrative Endurance's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

What we access. We request read-only access to your Google Calendar events and calendar list (calendar.events.readonly, calendar.calendars.readonly). We cannot create, modify, or delete events on your calendar.

Why we access it. Calendar events are used solely to detect scheduling conflicts with your training plan and to recommend optimal workout times around your commitments.

How we store it. Event titles and times are stored in our database, associated with your user account, and protected by row-level security. We do not store full event details, attendee information, or attachments.

Sharing. We do not sell, share, or transfer your Google Calendar data to any third party. Calendar data is never used for advertising, marketing, or profiling.

Retention and deletion. When you disconnect Google Calendar from your profile, we immediately revoke the access token with Google, stop webhook notifications, and permanently delete all stored calendar events from our database. You can also request complete account deletion by contacting us.

Certain features (such as personalized coaching narratives, performance estimates, and training-plan adaptations) are produced using automated tools and service providers we use to operate the Services. These features operate only on system-derived analytics produced inside our systems — not on raw activity data from your wearable accounts — and only where the underlying platform's developer terms permit such processing.

We design these features to minimize what is sent to automated processing tools. The inputs are limited to derived analytics (such as summary statistics, classifications, and trend signals) that we compute internally; the underlying raw data from your wearable accounts and calendars is not sent.

We may change the underlying service providers we use for automated processing over time. The protections described in this section are written to apply regardless of which specific provider is in use at any given time.

We process your information for purposes based on legitimate business interests, the fulfillment of our contract with you, compliance with our legal obligations, and/or your consent. Specifically, we use the information we collect to:

• Facilitate account creation and login
• Deliver Services you have requested
• Generate and optimize personalized training plans using fitness data from integrated platforms
• Provide workout analytics, pacing guidance, and training insights
• Detect schedule conflicts between your calendar and training plan
• Send coaching notifications and weekly summaries
• Improve the quality and accuracy of the Services and develop new features
• Investigate and remediate errors, abuse, and security incidents

We may use and store information in aggregated and anonymized form so that it is not associated with individual end users and does not include personal information.

We only share information with your consent, to comply with laws, to provide you with Services, to protect your rights, or to fulfill business obligations. We may process or share data based on:

• Consent: when you have given specific consent
• Legitimate interests: when reasonably necessary to achieve our business interests
• Performance of a contract: to fulfill the terms of our agreement with you
• Legal obligations: to comply with applicable law, governmental requests, court orders, or legal process

We may share data with third-party vendors and service providers who perform services on our behalf. These may include data hosting, error monitoring, analytics, and automated processing tools. We do not sell, rent, or trade your information with third parties for their promotional purposes.

We keep your personal information only as long as necessary for the purposes outlined in this policy, unless a longer retention period is required by law (such as tax, accounting, or other legal requirements).

• Account data: retained while your account is active. Following account deletion, we retain account data only as long as reasonably necessary to complete the deletion process, comply with legal obligations, resolve disputes, and enforce our agreements.
• Disconnected-integration data: when you disconnect a third-party integration, we delete the associated data within 30 days, subject to any backup-rotation period required by our infrastructure providers.
• Diagnostic and error reports: retained per industry-standard windows (typically 90 days) for the purpose of identifying and remediating issues.
• Aggregated, anonymized analytics: retained indefinitely. These data sets do not identify individual users.
• Legal consent records: retained for the life of your account and a reasonable period thereafter as part of the legal record of your acceptance of our terms.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or securely store and isolate it from further processing until deletion is possible.

Future paid features. The Services are currently offered free of charge during the beta program. If we introduce paid plans, billing will be processed by a third-party payment processor; we do not store full payment-card details on our systems. We will update this policy if our retention practices change as a result of paid features.

We have implemented technical and organizational security measures to protect personal information we process. All data is transmitted over HTTPS. Our database uses row-level security to ensure users can only access their own data. Sensitive credentials, including third-party access tokens, are encrypted at rest. Internal services follow least-privilege access controls, and we apply industry-standard security controls to our infrastructure.

However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure. We will do our best to protect your personal information, but transmission of personal information to and from our Services is at your own risk.

The Services are not directed to, and we do not knowingly collect data from, anyone under 18 years of age. By creating an account, you affirmatively represent that you are at least 18 years old. We record this attestation as part of our consent records and we will deactivate any account where we learn the user is under 18, and take reasonable measures to delete associated data.

You may at any time:

• Review or change your account information via your account settings
• Disconnect integrations from your Profile page to revoke access and delete associated data
• Revoke Google access directly from your Google Account permissions page
• Revoke Strava, Garmin Connect, Suunto, or Coros access through the respective platform's app permissions settings
• Right to deletion: request deletion of your account and associated personal information by contacting us at the address below. We will process deletion requests within 30 days, subject to legal retention requirements.
• Right to data portability: request a copy of the personal information we hold about you in a machine-readable format by contacting us.
• Right to know (CCPA): California residents may request to know what categories of personal information we have collected, the sources, the purposes for which we collect it, and the categories of third parties with which we share it.
• Opt out of marketing emails by clicking the unsubscribe link in any marketing email.

Once you revoke access to a third-party integration, we stop receiving new data from that source. Previously collected data may remain stored in accordance with our retention policies unless you request deletion.

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you in a revised version of this policy.

Yes. California Civil Code Section 1798.83 ("Shine The Light") permits California residents to request and obtain from us, once a year and free of charge, information about the categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident, please submit your request in writing using the contact information below.

Do Not Sell or Share My Personal Information. We do not sell your personal information, and we do not share your personal information for cross-context behavioral advertising. Because we do not engage in either practice, no opt-out mechanism is necessary.

If you are under 18, reside in California, and have a registered account, you have the right to request removal of unwanted data that you publicly post on the Services. Please contact us with the email address associated with your account and a statement that you reside in California.

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last updated" date and will be effective as soon as it is accessible. If we make material changes, we may notify you by prominently posting a notice, by sending you a notification, or by prompting you to re-acknowledge the updated policy when you next sign in.

If you have questions or comments about this policy, you may contact us at: