Privacy Policy

Effective date: 2026-05-14

This policy explains how Coach Fartlek collects, uses, and shares personal data when you use the app and website.

1. Data Controller

The data controller is [Your name], operating the Coach Fartlek service as a sole trader (enskild näringsverksamhet) registered in Sweden.

Contact for privacy matters, access requests, rectification, or erasure: info@fartlek.io

2. Data We Process

  • Account data: email address and authentication data via Supabase Auth.
  • Training data: workouts, segments, distance, pace, heart rate, elevation, cadence, and planning data.
  • Health data (special category of personal data under GDPR art. 9): HRV, resting heart rate, and health/injury history.
  • Goal and race data: focus distances, race dates, priorities, and target times.
  • Messages in the coach chat.
  • Device data for push notifications (device tokens).
  • Purchase history and subscription status (handled by Google Play and RevenueCat).

3. How Data Is Collected

  • Directly from you in the app (onboarding, chat, goals, settings).
  • From Intervals.icu when you connect your account via OAuth.
  • From Health Connect on your Android phone when you grant the app permission (workouts and recovery data).
  • Automatically for technical operations, such as error monitoring.

4. Purpose and Legal Basis

  • Contract: to provide coaching, planning, and app functionality.
  • Consent: for health data and certain notification features.
  • Legitimate interests: troubleshooting, security, and service improvement.

5. Third-Party Processors

We use the following sub-processors to operate the service. Data Processing Agreements (or equivalent) are in place with each of them:

  • Supabase (authentication and data storage within the EU).
  • Anthropic (generates AI coaching responses based on your context).
  • OpenAI (text embeddings for semantic memory in the chat).
  • Sentry (error and performance monitoring).
  • Expo (push notifications and OTA updates).
  • Intervals.icu (import of training history after you connect your account).
  • Google Health Connect (local hub on your Android device; we read workout and recovery data with your consent).
  • Google Play Billing and RevenueCat (purchase and subscription handling).
  • Railway and Vercel (hosting environments for the API and website).

6. Data Retention

While your account is active we retain your data to provide the service.

When you delete your account from the app, your personal data is removed from our production systems immediately. Encrypted backups are purged within 30 days.

We may need to retain certain accounting data (purchase receipts) for up to 7 years under Swedish accounting law.

Error and operational logs in Sentry are deleted automatically after 90 days.

7. Automated Decision-Making and AI

Coach Fartlek uses a large language model (AI) to suggest training plans, comment on your workouts and reply in the chat. These suggestions are generated automatically from your training and health data.

The suggestions have no legal effects and do not constitute automated decision-making within the meaning of Article 22 GDPR. You are always free to follow, adapt, or ignore the coach’s suggestions.

You can stop using the app or delete your account at any time if you do not want your data to be used for AI-generated coaching.

8. Your Rights

Under GDPR, you have rights to access, rectification, erasure, restriction, objection, and data portability.

You can withdraw consent for processing of health data by deleting your account from the app or by contacting info@fartlek.io.

You can also lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se.

9. Security

We use technical and organisational safeguards, including encryption in transit (TLS) and separate encrypted storage for sensitive tokens (OAuth tokens and similar).

10. International Transfers

Our primary databases and authentication services (Supabase) are located within the EU/EEA.

Anthropic, OpenAI, Sentry, Expo, Vercel, Google, and RevenueCat may process data outside the EU/EEA (e.g. in the US). Where this happens, transfers are based on the European Commission’s Standard Contractual Clauses or other appropriate safeguards under Chapter V of the GDPR.

11. Children

The service is intended for persons aged 18 or over and is not intended for use by children.

12. Cookies and Tracking

The website uses only a technical cookie to remember your language preference. We do not use analytics or marketing tracking on the website.

The app does not use tracking cookies.

13. Changes to this Policy

We may update this policy when needed. The latest version is always published on this page with an effective date.

Material changes are communicated in the app or by email.