Privacy Policy
Last updated: July 12, 2026
1. Information We Collect
We collect information you provide directly:
- Account information (email, display name, birthdate, gender)
- Health metrics you choose to log (sleep, nutrition, body composition)
- Training availability preferences
- Activity feedback and notes
1.1 Data from Connected Services
With your explicit authorization, we collect data from third-party fitness platforms:
Strava
When you connect your Strava account, we access:
- Activity data: distance, duration, pace, elevation, GPS routes
- Performance metrics: heart rate, power, cadence, splits
- Activity metadata: date, time, activity type, title, description
- Athlete profile: name, profile photo, measurement preferences
We only access data you explicitly authorize. We do not access your Strava social features, followers, or other users' data.
Garmin Connect
When you connect your Garmin Connect account, we access:
- Activity data: distance, duration, pace, elevation, GPS routes
- Performance metrics: heart rate, power, cadence, training effect
- Health metrics: sleep data, stress, body battery, HRV
- Body composition: weight, body fat percentage (if recorded)
Garmin data displayed in StrideIQ is sourced from Garmin devices and Garmin Connect.
2. How We Collect Your Data
We collect data through:
- Direct input: Information you enter in forms (registration, check-ins, settings)
- OAuth authorization: When you connect Strava or Garmin Connect, you authenticate directly with those services. We receive an access token that allows us to retrieve your data on your behalf.
- Automatic sync: After authorization, we periodically sync your new activities and health data from connected services.
3. How We Use Your Data
Your data is used exclusively to provide you with personalized insights:
- Calculate efficiency metrics (pace at heart rate, heart rate at pace)
- Identify correlations between inputs (sleep, nutrition) and performance outcomes
- Generate age-graded performance comparisons
- Provide AI-powered coaching recommendations based on YOUR data only
- Display your activities, trends, and personal records
We do NOT:
- Sell, rent, or lease your data to third parties
- Share your individual data with other users or third parties
- Use your data for advertising or marketing purposes
- Use your data to train AI models or for machine learning purposes
- Display your data to other users without your explicit consent
- Aggregate your data with other users' data for analytics or insights
4. Data Storage & Security
We implement appropriate technical and organizational security measures:
- All data is encrypted in transit using HTTPS/TLS
- Database connections use encrypted channels
- OAuth tokens from Strava and Garmin Connect are encrypted at rest
- Access to production systems is restricted and logged
- Regular security reviews and updates
In the event of a security breach affecting your personal data, we will notify you and relevant authorities within 72 hours as required by applicable law.
5. Third-Party Services & Data Sharing
5.1 Connected Fitness Platforms
We integrate with the following services. Each requires your explicit OAuth authorization:
- Strava: Activity and performance data. See Strava Privacy Policy.
- Garmin Connect: Activity, health, and body composition data. See Garmin Privacy Policy.
5.2 Service Providers
We use the following service providers to operate StrideIQ:
- Cloud hosting: For secure data storage and application hosting
- AI services: For generating personalized coaching insights. See Section 6 (AI-Powered Insights) for full disclosure of providers, data handling, and your consent rights.
5.3 Platform Usage Data
Strava and Garmin Connect may collect usage data about how you access their APIs through StrideIQ. This is governed by their respective privacy policies.
6. AI-Powered Insights
StrideIQ uses third-party AI services for Coach, Plan Studio guidance, daily briefings, activity and progress narratives, structured fact extraction, nutrition and lab-photo parsing, and generated run images. This section explains what data is processed, who processes it, and how you control AI use of your data.
6.1 What Data Is Sent to AI Services
To generate personalized coaching insights, we send relevant portions of your training data to AI providers. This includes:
- Activity metrics: pace, heart rate, cadence, distance, elevation, training load, splits, and effort data from your runs
- Health data: sleep duration and quality, stress scores, HRV status, and body battery (when connected from Garmin Connect)
- Training context: recent training history, weekly volume, planned workouts, race goals, and training phase
- Athlete-provided context: Coach messages, notes, goals, symptoms, nutrition logs, supplement and medication context, and lab information you choose to enter
- Uploaded images: food and lab images submitted for parsing, and reference photos submitted for generated run images
Data is sent only for the product, safety, and quality purposes disclosed here. We do not send your account credentials, payment information, or data from other users.
6.2 AI Providers
StrideIQ currently uses or has configured these providers for the listed purposes:
- Moonshot AI (Kimi) — the primary text and vision processor for Coach, daily briefings, progress and activity explanations, structured extraction, nutrition parsing, and lab-photo parsing. See the Kimi OpenPlatform Privacy Policy.
- Google (Gemini) — configured for bounded activity, adaptation, caption, and optional image-generation paths. Gemini is not a fallback from Kimi. See the Gemini API Terms.
- OpenAI — used for athlete-requested Runtoon image generation from activity context and voluntarily uploaded reference photos. See OpenAI Enterprise Privacy.
6.3 Provider Data Use and Retention
StrideIQ does not use your data to train its own AI models.
- Moonshot AI's published OpenPlatform policy permits use of user content to improve, train, and refine its underlying technology.
- Google states that prompts and responses submitted through paid Gemini API services are not used to improve Google products, while limited retention may still occur for abuse monitoring and certain API features.
- OpenAI states that API inputs and outputs are not used for model training by default and may be retained for up to 30 days unless a different approved retention control applies.
6.4 Your Consent
AI processing is part of StrideIQ intake because Coach, Plan Studio guidance, and daily briefings depend on it. Account creation requires an explicit affirmative consent action. You can:
- Grant consent during signup or the authenticated intake recovery step
- Withdraw consent at any time via Settings → AI Processing — withdrawal takes effect immediately, and no new AI requests will be made on your behalf after withdrawal
6.5 What Happens After Withdrawal
Withdrawal blocks new AI requests and disables AI-dependent StrideIQ features. Existing deterministic records and account controls remain available so you can review your data, restore consent, export data, or delete your account.
7. Withdrawing Consent & Disconnecting Services
You can withdraw your consent and disconnect services at any time:
- Go to Settings → Integrations in StrideIQ
- Click "Disconnect" next to any connected service
- This immediately stops new data syncing from that service
When you disconnect a service:
- We stop accessing your data from that service immediately
- Previously synced activities remain in your StrideIQ account
- To delete previously synced data, use the account deletion feature or contact us
You can also revoke access directly from Strava or Garmin Connect:
- Strava: Settings → My Apps → Revoke Access
- Garmin Connect: Garmin Connect → Account Settings → Connected Apps
8. Your Rights (GDPR & UK GDPR)
Under applicable data protection laws, you have the right to:
- Access: Request a copy of all personal data we hold about you
- Rectification: Correct inaccurate or incomplete personal data
- Erasure: Request permanent deletion of your personal data
- Portability: Receive your data in a structured, machine-readable format
- Restriction: Request we limit processing of your data
- Objection: Object to processing of your personal data
- Withdraw consent: Withdraw consent at any time where processing is based on consent
To exercise these rights, use the Settings page or contact us at privacy@strideiq.run. We will respond within 30 days.
9. Data Retention
- Active accounts: Data retained for as long as your account is active
- Account deletion: Account access ends when deletion is accepted. Athlete-authored and account-linked product data is removed from active systems and verified before completion is reported, ordinarily well within 30 days.
- User request: Data deleted upon your request within 30 days
- Disconnected services: Previously synced data retained until you request deletion
- Cached data: Account-scoped cache and queued values are cleared and rechecked during account deletion
- Deletion receipts: A content-free operation receipt is retained for 90 days so you can verify status and we can investigate an incomplete deletion. The encrypted work manifest is erased at completion.
- Backup protection: A keyed marker containing no email, athlete ID, health data, or account content is retained in an external control store solely to prevent a backup restore from recreating a deleted account.
If you delete an activity on Strava or Garmin Connect, we will reflect that deletion in StrideIQ within 48 hours of our next sync.
10. Cookies
We use essential cookies only for authentication, session management, and the private post-logout status of an account-deletion request. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
11. International Data Transfers
Your data may be processed in the United States where our servers are located. We ensure appropriate safeguards are in place for international transfers in compliance with GDPR and UK GDPR requirements.
12. Children's Privacy
StrideIQ is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
13. Contact
For privacy-related questions, data requests, or to exercise your rights:
- Email: privacy@strideiq.run
- General inquiries: info@strideiq.run
14. Changes to This Policy
We may update this policy periodically. Significant changes will be communicated via email or in-app notification. Continued use of StrideIQ after changes constitutes acceptance of the updated policy.