Privacy Policy

Endurance AI ("we", "our", "us") provides an AI-powered running coaching platform that connects to Strava to personalise your training. This policy explains what personal data we collect, how we use it, who we share it with, and what rights you have over it. Contact us at support@endurance.ai with any questions or to request deletion of your data.

The data controller is Donald Woodbury, reachable at the email above.

Account and profile

Name, email address, and a hashed password (or OAuth tokens if you sign in via Google). Optionally: birth year, location, goal race details, running history, training notes, and fitness preferences.

Strava data

If you connect Strava, we request the activity:read_all scope to import your athlete profile (name, location, sex, weight, FTP) and running activities (distance, duration, heart rate, elevation, pace, calories, route, and device). Activities are imported on connection and kept in sync via Strava webhooks.

Strava data is stored solely to power your personal dashboard and AI coaching experience. It is never shared with other users or third parties except as described in Section 5.

Coaching conversations

Messages you send to your AI coach and the responses generated are stored in our database and also logged to our LLM observability provider for quality monitoring.

Profile-enrichment features

We may use information from your profile to find and display publicly available information relevant to your training within the app.

Usage data

Standard server logs (IP address, browser type, pages visited) collected by our hosting provider for security and operational purposes.

• To authenticate you and keep your account secure
• To generate and display your personalised training plan and calendar
• To provide your AI coach with context from your training history
• To sync activities from Strava in real time
• To monitor AI coaching quality and diagnose issues
• To send transactional emails (e.g. password reset) — no marketing emails

We process your data on the following legal bases: contract performance for core platform features; consent for connecting Strava and processing health-related data (heart rate, weight) — withdraw consent at any time by disconnecting Strava from your Profile page; and legitimate interests for security logging and coaching quality monitoring.

When you message your AI coach, relevant profile and activity data is retrieved from our database and sent to the OpenAI API as context. Responses are returned to you and stored in your conversation history.

Your data is never used to train, fine-tune, or otherwise modify any AI or machine learning model — by us or by our AI providers.

OpenAI does not use API inputs for model training by default. See their API data usage policy.

The following services may process your personal data. We do not sell, rent, or share your data with advertisers or data brokers.

• Strava — activity data and OAuth (privacy policy)
• OpenAI — AI coaching and plan generation (privacy policy)
• Google — optional sign-in provider (privacy policy)
• Vercel — hosting and infrastructure (privacy policy)
• Neon — cloud database (privacy policy)
• Inngest — background job processing for Strava sync (privacy policy)
• Laminar — LLM observability (privacy policy)
• Mapbox — activity route maps (privacy policy)

These services are predominantly US-based. If you are in the EU or UK, your data is transferred to the US under Standard Contractual Clauses or equivalent safeguards. See each provider's privacy policy for details.

If you provide your mobile number and check the consent box on the "Add your phone" onboarding screen, you opt in to receive automated text messages from Endurance AI sent via our messaging provider, Twilio. The categories of messages are:

• One-time passcodes to verify ownership of your phone number
• Reminders about scheduled workouts and notifications when your training plan changes
• Two-way coaching messages from your AI running coach

Message frequency varies based on your training schedule and activity. Message and data rates may apply. Reply STOP to opt out at any time and HELP for help. Providing consent is not a condition of using Endurance AI. You can also opt out by emailing support@endurance.ai.

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Text messaging originator opt-in data and consent are not shared with any third parties.

We share your mobile number only with Twilio, our SMS service provider, solely to deliver the messages described above, and never for those parties' own marketing. Your consent is collected for Endurance AI's messaging program only and is not transferable to any other business, affiliate, or downstream recipient.

Endurance AI is powered by the Strava API. By connecting Strava you also agree to Strava's Terms of Service and Privacy Policy. In the event of any conflict regarding Strava data, Strava's Privacy Policy controls. Strava may monitor and collect data related to our use of the Strava API for its own business purposes.

We use a single HTTP-only session cookie to keep you logged in. We do not use tracking cookies or third-party analytics scripts.

Data is retained for as long as your account is active. When you disconnect Strava, all Strava activity data is immediately and permanently deleted. If Strava notifies us of access revocation, we delete all associated data within 48 hours. When you delete your account, all personal data is permanently deleted.

All data is transmitted over HTTPS. Strava tokens are stored encrypted. We apply appropriate technical and organisational measures consistent with Article 32 of the GDPR. In the event of a breach we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, and will notify Strava within 24 hours as required by the Strava API Agreement.

Endurance AI is not directed at children under 16. We do not knowingly collect data from minors. Contact us at support@endurance.ai if you believe we hold data about a minor.

Under the GDPR, UK GDPR, and other applicable laws you may have the right to access, correct, delete, or export your personal data; restrict or object to its processing; and withdraw consent at any time. You also have the right to lodge a complaint with your local data protection authority (e.g. the ICO in the UK).

To exercise any of these rights, email support@endurance.ai. We will respond within 30 days.

We may update this policy from time to time. We will notify you of material changes by posting a notice in the app or by email. Continued use of Endurance AI after changes take effect constitutes acceptance of the updated policy.