Privacy Policy
Effective date: April 4, 2026
1. What Data We Collect
When you connect your Strava account, ThresholdLab collects:
- Strava profile information — your name, profile photo, and athlete ID, provided via Strava OAuth.
- Activity data — workout type, duration, distance, pace, heart rate, and other metrics synced from Strava.
- Email address — provided through Strava OAuth, used for account communication and morning briefs.
- Wellness check-in data — optional self-reported metrics such as sleep quality, fatigue, and soreness.
2. How We Use Your Data
Your data is used exclusively for training load analysis and related features:
- Calculating injury risk scores (ACWR, fitness, fatigue, freshness).
- Generating adaptive training plans and taper recommendations.
- Producing AI-powered daily morning briefs.
- Sending transactional emails (account updates, briefs).
We do not sell your data. We do not use your data for advertising.
3. Third-Party Services
ThresholdLab shares limited data with the following services to operate:
- Stripe — processes subscription payments. Stripe receives your email and payment details. See Stripe's Privacy Policy.
- Anthropic (Claude) — generates AI training briefs. Activity summaries (no personal identifiers) are sent for analysis. See Anthropic's Privacy Policy.
- Resend — delivers transactional emails. Your email address and message content are shared for delivery. See Resend's Privacy Policy.
- Strava — syncs your activity data via API. Strava may monitor our use of their API to ensure compliance with their terms of service. When you disconnect Strava, all Strava-sourced activity data is permanently deleted from our systems. See Strava's Privacy Policy.
4. Data Retention
Your data is retained for as long as your account is active. When you delete your account, all associated data — including activity history, training plans, briefs, and profile information — is permanently removed from our systems.
5. Your Rights (GDPR)
You have the right to:
- Access and export your data — available from the Settings page in your account.
- Delete your account and data — available from the Settings page. Deletion is immediate and irreversible.
- Withdraw consent — you can disconnect Strava or delete your account at any time.
- Lodge a complaint — you may contact your local data protection authority.
6. Security
All data is transmitted over HTTPS. Sensitive tokens are encrypted at rest using Fernet symmetric encryption. Database access is restricted to application services only.
7. Contact
For privacy-related questions or requests, contact us at [email protected].