Privacy

Privacy Policy

This policy explains what data Coach Tempo collects from you, what we do with it, and the control you have over it. Last updated 19 April 2026.

TL;DR. We read your Strava activities so we can build your training plan and coach you. We store the minimum we need, never sell it, never use it to train AI models, and delete it in full whenever you ask — or the moment you revoke access on strava.com.

Who we are

Coach Tempo is an independent Australian project run by the founder, Chris. It is the Application described in this policy. References to "we", "us", and "our" mean Coach Tempo. References to "you" mean the person using the app.

Contact for privacy questions: support@coachtempo.run.

What data we collect

When you connect Strava, we receive the following through Strava's official OAuth flow (which you control — scope activity:read_all):

Strava profile basics: your Strava athlete ID, first name, profile picture URL, sex, and unit preference.
Activity summaries: distance, duration, pace, elevation, activity type, start time, and title of each run.
Activity detail on demand: laps, per-second streams (time, distance, heart rate, cadence, velocity, altitude), best-efforts, and splits for activities we use to build your plan.
Heart rate and cadence where your device recorded them.

Data you give us directly inside the app:

Training preferences (coaching style, available days, long-run day, max HR, etc.).
Race targets (distance, goal time, date).
Feedback you send us via the in-app feedback button, including any screenshot you attach.

Data your browser stores locally for performance:

localStorage keys scoped to your Strava athlete ID hold your session token, your most-recent activity cache, and your training preferences so the app opens instantly on return visits.
No tracking cookies, no advertising identifiers, no fingerprinting.

What we do with it

Generate your training plan. We compute fitness metrics (CTL, ATL, TSB), estimate HR-to-pace relationships from your history, and produce a week-by-week plan toward your race target.
Provide AI coaching. When you request coaching feedback, a summary of your recent training (not your raw streams) is sent to Anthropic's Claude API to generate commentary.
Show you analytics. Charts for weekly load, zone distribution, pace-heart-rate decoupling, and similar — all computed from data you already shared with Strava.
Improve the app. We read the feedback you submit and act on it. Screenshots are stored privately and signed URLs are short-lived.

What we will never do

We will never sell your data or share it with advertisers.
We will never use your Strava data to train AI or machine-learning models. This is also required by the Strava API Agreement, which we operate under.
We do not run ad networks, tracking pixels, or third-party analytics that identify you.

Who processes your data

We use a small set of service providers to run the app. Each one is bound by its own privacy commitments, and we only share the minimum data required to perform the task.

Provider	What they handle	Where
Strava	OAuth, activity fetches, webhook events (deauthorisation, activity deletion)	United States
Supabase	Postgres database (training plan, preferences, race target, activity summaries) and private file storage (feedback screenshots)	AWS, region closest to the app
Netlify	Static hosting and serverless functions that handle every API call	Global CDN / AWS
Anthropic	Claude API for AI coaching commentary. Anthropic's policy is that API inputs and outputs are not used for model training.	United States
Resend	Transactional email (feedback notifications to the founder — your address is not used for marketing)	United States

Garmin Connect integration is in development and not yet active. If and when it ships, this policy will be updated before any data flows.

How long we keep it

Raw Strava API responses: kept no longer than seven days. A scheduled job runs daily and nulls any raw payloads older than that, in line with the Strava API Agreement. Summary fields we derive (distance, pace, heart rate averages, training load) are kept as long as your account is active so the app can show you history.
Plan, race target, preferences, notes: kept while your account exists.
Feedback and screenshots: kept while your account exists, unless you ask us to delete them sooner.
Session tokens in your browser: expire on their own; cleared when you sign out or clear site data.

How to withdraw and delete

You are always in control. There are two ways to remove your data:

Revoke access on Strava — visit strava.com/settings/apps, find Coach Tempo, and revoke. Strava notifies us immediately via webhook and we delete every row we hold for your athlete ID, plus any feedback screenshots you submitted. No further action is required.
Ask us directly — email support@coachtempo.run from the address associated with your account (or include your Strava athlete ID if you've never emailed us) and we'll delete everything within seven days. We'll confirm when it's done.

Deletion is final. We don't keep hidden copies, we don't retain "anonymised" derivatives, and we don't export anything to analytics systems.

Strava-specific disclosure

As a downstream of the Strava API, we're required to tell you: Strava may collect and process data relating to our use of the Strava API. That's between you and Strava — it's governed by Strava's own privacy policy. We don't see Strava's internal telemetry about our app.

Security

Every connection is HTTPS. Tokens are signed with HS256 secrets held only in our server environment.
Database access goes through row-level security keyed on your Strava athlete ID. Even our own backend cannot read another user's rows without a forged signed token.
Strava access tokens issued to your browser are short-lived and refreshed automatically. Refresh tokens live only on your device.
If a security incident affects your data, we will contact you at the earliest reasonable opportunity and within Australian notifiable-breach timeframes.

Your rights

Under Australian privacy law (and, where it applies to you, GDPR / UK GDPR / CCPA), you have the right to:

Ask what data we hold about you.
Correct it if it's wrong.
Have it deleted.
Get a copy of it in a portable format.
Object to a particular use.
Withdraw consent for anything you previously agreed to.

Email support@coachtempo.run to exercise any of these. We'll respond within seven days.

Children

Coach Tempo is not directed at children under 16 and we don't knowingly collect their data. If you believe a child has used the app, contact us and we'll delete the account.

Changes

If we materially change how we handle your data, we'll update this page and surface a notice inside the app before the change takes effect. Minor wording fixes may be made without notice.

Contact

For privacy questions, deletion requests, or anything else: support@coachtempo.run.