Privacy Policy
Last updated: February 19, 2026
1. Information We Collect
We collect information you provide directly:
- Account information (email, display name, birthdate, gender)
- Health metrics you choose to log (sleep, nutrition, body composition)
- Training availability preferences
- Activity feedback and notes
1.1 Data from Connected Services
With your explicit authorization, we collect data from third-party fitness platforms:
Strava
When you connect your Strava account, we access:
- Activity data: distance, duration, pace, elevation, GPS routes
- Performance metrics: heart rate, power, cadence, splits
- Activity metadata: date, time, activity type, title, description
- Athlete profile: name, profile photo, measurement preferences
We only access data you explicitly authorize. We do not access your Strava social features, followers, or other users' data.
Garmin Connect
When you connect your Garmin Connect account, we access:
- Activity data: distance, duration, pace, elevation, GPS routes
- Performance metrics: heart rate, power, cadence, training effect
- Health metrics: sleep data, stress, body battery, HRV
- Body composition: weight, body fat percentage (if recorded)
Garmin data displayed in StrideIQ is sourced from Garmin devices and Garmin Connect.
2. How We Collect Your Data
We collect data through:
- Direct input: Information you enter in forms (registration, check-ins, settings)
- OAuth authorization: When you connect Strava or Garmin Connect, you authenticate directly with those services. We receive an access token that allows us to retrieve your data on your behalf.
- Automatic sync: After authorization, we periodically sync your new activities and health data from connected services.
3. How We Use Your Data
Your data is used exclusively to provide you with personalized insights:
- Calculate efficiency metrics (pace at heart rate, heart rate at pace)
- Identify correlations between inputs (sleep, nutrition) and performance outcomes
- Generate age-graded performance comparisons
- Provide AI-powered coaching recommendations based on YOUR data only
- Display your activities, trends, and personal records
We do NOT:
- Sell, rent, or lease your data to third parties
- Share your individual data with other users or third parties
- Use your data for advertising or marketing purposes
- Use your data to train AI models or for machine learning purposes
- Display your data to other users without your explicit consent
- Aggregate your data with other users' data for analytics or insights
4. Data Storage & Security
We implement appropriate technical and organizational security measures:
- All data is encrypted in transit using HTTPS/TLS
- Database connections use encrypted channels
- OAuth tokens from Strava and Garmin Connect are encrypted at rest
- Access to production systems is restricted and logged
- Regular security reviews and updates
In the event of a security breach affecting your personal data, we will notify you and relevant authorities within 72 hours as required by applicable law.
5. Third-Party Services & Data Sharing
5.1 Connected Fitness Platforms
We integrate with the following services. Each requires your explicit OAuth authorization:
- Strava: Activity and performance data. See Strava Privacy Policy.
- Garmin Connect: Activity, health, and body composition data. See Garmin Privacy Policy.
5.2 Service Providers
We use the following service providers to operate StrideIQ:
- Cloud hosting: For secure data storage and application hosting
- AI services: For generating personalized coaching insights. See Section 6 (AI-Powered Insights) for full disclosure of providers, data handling, and your consent rights.
5.3 Platform Usage Data
Strava and Garmin Connect may collect usage data about how you access their APIs through StrideIQ. This is governed by their respective privacy policies.
6. AI-Powered Insights
StrideIQ uses third-party AI services to generate personalized coaching insights, including morning briefings, activity narratives, coaching moments, and progress analysis. This section explains what data is processed, who processes it, and how you control AI use of your data.
6.1 What Data Is Sent to AI Services
To generate personalized coaching insights, we send relevant portions of your training data to AI providers. This includes:
- Activity metrics: pace, heart rate, cadence, distance, elevation, training load, splits, and effort data from your runs
- Health data: sleep duration and quality, stress scores, HRV status, and body battery (when connected from Garmin Connect)
- Training context: recent training history, weekly volume, planned workouts, race goals, and training phase
Data is sent only to generate insights for you. We do not send your account credentials, payment information, or data from other users.
6.2 AI Providers
StrideIQ uses paid API tiers from the following AI providers:
- Google (Gemini) — used for narrative generation and coaching intelligence. See Google Privacy Policy.
- Anthropic (Claude) — used for coaching intelligence and correlational analysis. See Anthropic Privacy Policy.
6.3 Model Training
StrideIQ does not train AI models on your data.
Under the current terms of service for both Google's Gemini API and Anthropic's Claude API (verified February 2026), neither provider trains their models on data submitted through paid API tiers. We review provider terms quarterly. If a provider's terms change, we will update this policy immediately and, where required, seek renewed consent.
6.4 Your Consent
AI processing of your training data requires your explicit consent. You are never enrolled silently. You can:
- Grant consent during onboarding or when prompted in the app
- Withdraw consent at any time via Settings → AI Processing — withdrawal takes effect immediately, and no new AI requests will be made on your behalf after withdrawal
6.5 What Continues Without Consent
All non-AI features remain fully functional if you decline or withdraw AI processing consent. This includes activity data, charts, metrics, training calendar, pace splits, training load analysis, and performance tracking. Only AI-generated coaching text — morning briefings, activity narratives, coach chat, and progress analysis — requires consent.
7. Withdrawing Consent & Disconnecting Services
You can withdraw your consent and disconnect services at any time:
- Go to Settings → Integrations in StrideIQ
- Click "Disconnect" next to any connected service
- This immediately stops new data syncing from that service
When you disconnect a service:
- We stop accessing your data from that service immediately
- Previously synced activities remain in your StrideIQ account
- To delete previously synced data, use the account deletion feature or contact us
You can also revoke access directly from Strava or Garmin Connect:
- Strava: Settings → My Apps → Revoke Access
- Garmin Connect: Garmin Connect → Account Settings → Connected Apps
8. Your Rights (GDPR & UK GDPR)
Under applicable data protection laws, you have the right to:
- Access: Request a copy of all personal data we hold about you
- Rectification: Correct inaccurate or incomplete personal data
- Erasure: Request permanent deletion of your personal data
- Portability: Receive your data in a structured, machine-readable format
- Restriction: Request we limit processing of your data
- Objection: Object to processing of your personal data
- Withdraw consent: Withdraw consent at any time where processing is based on consent
To exercise these rights, use the Settings page or contact us at privacy@strideiq.run. We will respond within 30 days.
9. Data Retention
- Active accounts: Data retained for as long as your account is active
- Account deletion: All personal data permanently deleted within 30 days
- User request: Data deleted upon your request within 30 days
- Disconnected services: Previously synced data retained until you request deletion
- Cached data: Temporary API caches cleared within 7 days
If you delete an activity on Strava or Garmin Connect, we will reflect that deletion in StrideIQ within 48 hours of our next sync.
10. Cookies
We use essential cookies only for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
11. International Data Transfers
Your data may be processed in the United States where our servers are located. We ensure appropriate safeguards are in place for international transfers in compliance with GDPR and UK GDPR requirements.
12. Children's Privacy
StrideIQ is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
13. Contact
For privacy-related questions, data requests, or to exercise your rights:
- Email: privacy@strideiq.run
- General inquiries: info@strideiq.run
14. Changes to This Policy
We may update this policy periodically. Significant changes will be communicated via email or in-app notification. Continued use of StrideIQ after changes constitutes acceptance of the updated policy.