Privacy Policy
Your Training Monkey
Version 1.0 • Effective Date: January 1, 2025
Your Privacy Matters: This Privacy Policy explains how Your Training Monkey collects, uses, protects, and handles your personal information. We are committed to transparency and giving you control over your data.
1. Information We Collect
1.1 Data from Strava Integration
When you connect your Strava account, we collect:
| Data Type |
Purpose |
Examples |
| Activity Data |
Training load analysis |
Distance, duration, elevation, heart rate |
| Profile Information |
Account setup & personalization |
Name, athlete ID, profile settings |
| Performance Metrics |
AI recommendation generation |
Pace, power data, training zones |
1.2 Information You Provide Directly
- Account Information: Email address, password, profile preferences
- Training Preferences: Goals, injury history, training preferences
- Journal Entries: Daily observations, energy levels, perceived exertion
- Feedback: Support requests, feature suggestions, user experience feedback
1.3 Automatically Collected Information
- Usage Analytics: How you interact with our platform
- Technical Data: Device information, browser type, IP address
- Performance Data: System performance, error logs, response times
2. How We Use Your Information
2.1 Core Service Functionality
- Training Analysis: Calculate ACWR, TRIMP, and training load metrics
- Divergence Calculations: Apply our patent-pending analysis algorithms
- Injury Risk Assessment: Identify patterns that may indicate overtraining
- Performance Insights: Generate personalized training recommendations
2.2 AI-Powered Recommendations
We use Anthropic's Claude AI service to process your training data and generate:
- Daily training guidance based on your current status
- Weekly training plan adjustments
- Personalized injury prevention strategies
- Performance optimization recommendations
2.3 Service Improvement
- Analyze usage patterns to improve features
- Identify and resolve technical issues
- Develop new training insights and capabilities
- Enhance AI recommendation accuracy (using aggregated, anonymized data)
3. Information Sharing and Third Parties
3.1 Third-Party Services We Use
| Service Provider |
Purpose |
Data Shared |
| Strava |
Activity data source |
OAuth access to your Strava activities |
| Anthropic (Claude AI) |
AI recommendation generation |
Training data for analysis (anonymized) |
| Google Cloud |
Data hosting and processing |
All platform data (encrypted) |
3.2 Data Sharing Principles
- No Sale of Personal Data: We never sell your personal information
- Limited to Service Providers: Only shared with essential service partners
- Contractual Protection: All partners bound by strict data protection agreements
- Anonymized Research: Aggregated, non-identifiable data may be used for research
3.3 Legal Disclosures
We may disclose your information only when required by law or to:
- Respond to valid legal process or government requests
- Protect our rights, property, or safety
- Prevent fraud or illegal activities
- Enforce our Terms and Conditions
4. Data Security and Protection
4.1 Security Measures
- Encryption: All data encrypted in transit (TLS) and at rest (AES-256)
- Access Controls: Strict user authentication and authorization
- Regular Security Audits: Ongoing monitoring and vulnerability assessments
- Secure Infrastructure: Google Cloud Platform with enterprise-grade security
4.2 Data Isolation
Your data is protected through:
- Multi-user architecture with strict user-level data isolation
- Database-level security preventing cross-user data access
- Application-level controls ensuring data privacy
- Regular security testing and monitoring
5. Your Rights and Data Control
5.1 Your Privacy Rights (GDPR & CCPA Compliant)
You have the right to:
- Access: Request a copy of your personal data we hold
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of your personal data
- Portability: Export your data in a machine-readable format
- Restriction: Limit how we process your data
- Objection: Object to processing based on legitimate interests
- Withdrawal: Withdraw consent for data processing
5.2 How to Exercise Your Rights
- Data Export: Download your training data and analysis
- Account Deletion: Permanently delete your account and data
- Support Requests: Contact us for specific data requests
5.3 Strava Data Control
Remember that you can also:
- Disconnect your Strava account at any time
- Control your Strava privacy settings independently
- Manage which activities are shared with third-party applications
6. Data Retention and Deletion
6.1 Data Retention Schedule
| Data Type |
Retention Period |
Reason |
| Training Activity Data |
Account lifetime + 30 days |
Core service functionality |
| AI Recommendations |
Account lifetime + 30 days |
Personalization and learning |
| Account Information |
Account lifetime + 30 days |
Account management and security |
| Usage Analytics |
2 years (aggregated) |
Service improvement and research |
| Support Communications |
3 years |
Customer service and legal compliance |
6.2 Deletion Process
When you delete your account:
- Personal data is deleted within 30 days
- Aggregated, anonymized data may be retained for research
- Legal and security logs retained as required by law
- Strava connection is permanently severed
7. International Data Transfers
7.1 Data Processing Locations
Your data may be processed in:
- United States: Primary data hosting and processing (Google Cloud)
- European Union: For EU users, data processed under GDPR protections
- Third-Party Locations: AI processing by Anthropic (US-based)
7.2 Transfer Safeguards
- Standard Contractual Clauses for international transfers
- Adequacy decisions where applicable
- Strong encryption and security measures
- Regular compliance audits
8. Children's Privacy
Our service is not intended for children under 18. We do not knowingly collect personal information from children. If we learn we have collected information from a child, we will delete it immediately. Parents who believe we may have collected their child's information should contact us.
9. Changes to This Privacy Policy
We may update this Privacy Policy as our service evolves or as required by law. We will:
- Notify you of material changes via email and in-app notifications
- Post updates on our website with clear change summaries
- Provide at least 30 days' notice before significant changes take effect
- Give you the opportunity to review and accept updated terms
10. Your Choices and Controls
10.1 Communication Preferences
- Training Notifications: Control AI recommendation delivery
- Marketing Communications: Opt-out of promotional emails
- Security Alerts: Critical security notifications (cannot be disabled)
- Feature Updates: Choose to receive service improvement notifications
10.2 Data Processing Controls
- AI Analysis: Disable AI recommendation generation
- Data Sharing: Opt-out of anonymized research participation
- Activity Sync: Control which Strava activities are analyzed
- Recommendation Frequency: Adjust daily vs. weekly AI guidance
11. Data Breach Notification
In the event of a data breach affecting your personal information:
- We will notify you within 72 hours of discovering the breach
- Notification will include the nature and scope of the breach
- We will describe steps taken to address the breach
- Guidance will be provided on protecting your information
- Regulatory authorities will be notified as required by law
12. Cookies and Tracking Technologies
12.1 Essential Cookies
- Authentication: Keep you logged in during sessions
- Preferences: Remember your dashboard settings
- Security: Protect against unauthorized access
12.2 Analytics Cookies
- Usage Analytics: Understand how features are used
- Performance Monitoring: Identify and fix technical issues
- Feature Development: Guide new feature development
12.3 Cookie Management
You can control cookies through your browser settings, though disabling essential cookies may limit service functionality.
12. Automated Decision-Making and Profiling
12.1 GDPR Article 22 Compliance
Our service uses automated decision-making for:
- AI Training Recommendations: Algorithmic analysis of your training patterns
- Injury Risk Assessment: Automated calculation of risk indicators
- Training Load Analysis: Mathematical processing of activity data
12.2 Your Rights Regarding Automated Decisions
Under GDPR, you have the right to:
- Request human review: Ask for manual review of AI recommendations
- Express your point of view: Provide context for automated decisions
- Contest decisions: Challenge automated recommendations you disagree with
- Opt-out: Disable automated recommendations (may limit service functionality)
13. Detailed Cookie Policy
13.1 Cookie Categories and Purposes
| Cookie Type |
Purpose |
Duration |
Required |
| Authentication |
Keep you logged in securely |
Session/24 hours |
Yes |
| Preferences |
Remember dashboard settings |
1 year |
Yes |
| Analytics |
Understand feature usage |
2 years |
No |
| Performance |
Monitor system performance |
30 days |
No |
13.2 Cookie Management Options
- Browser Controls: Disable non-essential cookies through browser settings
- Granular Control: Choose which optional cookies to accept
14. Data Subject Request Procedures
14.1 Request Processing Timeline
- Standard Requests: Processed within 30 days
- Complex Requests: Up to 60 days with notification
- Urgent Requests: Expedited processing for account deletion
- Verification: Identity verification required for all requests
14.2 Verification Process
To protect your privacy, we require verification for data requests:
- Email confirmation from registered address
- Additional verification for sensitive requests (deletion, export)
- Government ID may be required for complex cases