Privacy Policy

Last updated: March 26, 2026

1. Introduction

athletedata.health (“athletedata”, “we”, “us”, “our”) is an AI fitness coaching platform. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website, Telegram bot, and related services.

2. Information We Collect

Account Information

When you sign up via Google OAuth, we receive your name, email address, and profile photo from Google. We store this to identify your account.

Connected Platform Data

When you connect third-party fitness platforms, we access and store data from those services to provide coaching. This includes:

  • Strava: Activities (runs, rides, swims), heart rate, pace, distance, elevation, athlete profile and stats.
  • Hevy: Gym workouts, exercises, sets, reps, weights, routines, and personal records.
  • Withings: Body measurements (weight, body fat, muscle mass), daily activity (steps, calories), and sleep data (duration, stages, score).
  • Garmin: Activities, daily health summaries (steps, calories, stress, body battery, heart rate), sleep data (duration, stages, quality, SpO2), and body composition (weight, body fat, BMI).

We store OAuth tokens (access tokens and refresh tokens) to maintain your connection to these platforms. Tokens are stored encrypted in our database.

Conversation Data

Messages you send to our Telegram bot are stored to maintain conversation history and provide contextual coaching. This includes text messages, voice message transcriptions, and photos you share. We also store AI-generated memories (facts about your goals, preferences, and training context) to personalize coaching across conversations.

Webhook Data

When you sync your fitness devices, connected platforms send us push notifications containing your latest activity, sleep, or measurement data. We use this data to provide proactive coaching messages.

3. How We Use Your Information

We use your data exclusively to:

  • Provide personalized AI fitness coaching based on your actual training data
  • Send proactive coaching messages when you complete workouts, log sleep, or record measurements
  • Generate weekly training digests and progress summaries
  • Maintain conversation context and coaching memories across sessions
  • Authenticate your identity and manage your account

We do not sell, rent, or share your personal data with third parties for marketing purposes. We do not use your data to train AI models.

4. AI-Powered Systems

athletedata is an AI-powered platform. The core coaching functionality is powered by artificial intelligence throughout the service:

  • AI coaching engine: All coaching responses, training analysis, and personalized recommendations are generated by AI models hosted on AWS infrastructure via Amazon Bedrock. When you interact with the Telegram bot, your messages and training data are processed by these models to generate coaching responses.
  • Proactive analysis: When you complete a workout, log sleep, or record a measurement, the AI automatically analyzes the data and may send you a coaching message via Telegram.
  • Conversation summaries: The AI automatically generates summaries of past coaching sessions to maintain context across conversations.
  • Athlete profile maintenance: The AI builds and updates a structured profile of your training history, goals, and preferences to personalize coaching over time.

Your data is sent to Amazon Bedrock (hosted on AWS infrastructure) solely to generate coaching responses. Data processed through Bedrock is not used to train or improve AI models. We do not use your data to train or fine-tune any AI models. No AI system makes autonomous decisions about your account, billing, or data - all such actions require your explicit input.

5. Third-Party Services

We use the following third-party services to operate:

  • Supabase: Authentication and database hosting (PostgreSQL)
  • AWS Bedrock: AI model hosting infrastructure for generating coaching responses (see Section 4 above)
  • Telegram: Chat platform for delivering coaching messages
  • Strava, Hevy, Withings, Garmin: Fitness data providers, accessed via their official APIs with your authorization

6. Data Storage and Security

Your data is stored in a Supabase-hosted PostgreSQL database with encryption at rest. OAuth tokens are stored in the database and used only to access your connected platform data on your behalf. We use HTTPS for all data transmission.

API keys generated for your account are hashed and can be revoked at any time from your dashboard.

7. Data Retention

We retain your data for as long as your account is active. You can disconnect any integration at any time from your dashboard, which stops data syncing from that platform. Conversation history can be cleared using the /clear command in Telegram. You can unlink your Telegram account using the /unlink command.

If you wish to delete your account and all associated data, contact us at the email below.

8. Your Rights

You have the right to:

  • Access your data through the dashboard and Telegram bot
  • Disconnect any integration at any time, stopping further data collection from that platform
  • Clear your conversation history and coaching memories
  • Request deletion of your account and all associated data
  • Revoke API keys at any time

9. Children’s Privacy

Our service is not intended for users under 16 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of significant changes via the Telegram bot or dashboard. The “Last updated” date at the top of this page reflects when the policy was last modified.

11. Contact

If you have questions about this Privacy Policy or want to request data deletion, contact us at: privacy@athletedata.health