← Back to home

Privacy Policy

Last updated: April 3, 2026

What we collect

DialedCoach collects data necessary to provide personalized training plans and coaching. This includes:

  • Account information from Google OAuth (name, email)
  • Training profile data you provide during onboarding (age, experience, goals, equipment access)
  • Conversations with the AI coach
  • Training plans and session data
  • Activity data synced from Strava or imported from Garmin FIT files
  • Location (ZIP code) for weather-aware coaching and session planning

How we use it

Your data is used to generate and adjust training plans, match activities to planned sessions, and provide coaching through conversation. We do not sell your data. We do not use your data for advertising.

Third-party services

  • Supabase — Authentication and database. Your data is stored in a Supabase-hosted PostgreSQL database with row-level security.
  • Anthropic (Claude) — AI coaching. Conversations and activity summary metrics (sport, distance, duration, pace, heart rate averages, elevation, effort score) are sent to the Claude API to generate coaching responses. No GPS, route, or location data is sent. Anthropic does not use API inputs to train models.
  • Strava — Activity sync (optional). When you connect Strava, we collect activity data including activity name, sport type, date, distance, duration, elevation, heart rate, cadence, power, effort score, and activity description. We do not collect GPS coordinates, route data, or location information from Strava. This data is fetched via the Strava API after you authorize with OAuth2. OAuth tokens are encrypted with AES-256-GCM before storage. You can withdraw consent by disconnecting Strava in Settings or by revoking access from Strava's app settings. To request deletion of your Strava data, disconnect Strava in Settings — this permanently deletes all Strava activity data from DialedCoach within 48 hours. Revoking access from Strava's settings has the same effect. You can also request full account deletion by emailing Contact support. Strava may collect data related to your use of their API through DialedCoach; see Strava's Privacy Policy.
  • Google — OAuth login and calendar sync (optional). Tokens are encrypted the same way. Calendar access is write-only for plan export.
  • OpenWeatherMap — Weather forecasts (optional). When you provide a ZIP code, we send it to the OpenWeatherMap API to retrieve local weather data for coaching and session planning. No account linking or personal data beyond location is shared.

Data security

OAuth tokens are encrypted at rest with AES-256-GCM. All traffic is served over HTTPS with HSTS. Database access is enforced through row-level security policies — users can only access their own data.

Data retention

Your data is retained while your account is active. During beta, you can request full deletion of your account and all associated data by contacting us.

Contact

Questions about this policy? Reach out at Contact support