Privacy Policy

Effective Date: July 1, 2025

Last Updated: July 1, 2025

Who We Are

This privacy policy explains how we collect, use, and protect your information when you use the AerobAce App ("our app") available at aerob-ace.com.

Data Controller: AerobAce

Contact: support@aerob-ace.com

Information We Collect

Account Information

  • Email address (required for account creation and communication)
  • Full name (for personalized experience)

Health and Fitness Data from Strava

When you connect your Strava account, we collect and permanently store:

  • Activity Details: Type, name, duration, distance, and date
  • Heart Rate Data: Complete heart rate measurements during activities (when available)
  • Performance Metrics: Pace, elevation gain, power data, cadence (when available)
  • Basic Profile Information: Name, profile picture, and athlete ID

Important: This health and fitness data is considered special category personal data under GDPR and receives enhanced protection.

Technical Information

  • Device type and browser information
  • App usage analytics (through Vercel Analytics)
  • Log data for app functionality and security

Cookies and Tracking

We use minimal, privacy-friendly tracking technologies. No cookie consent banner is required because we don't use cookies that track personal data for marketing or analytics purposes.

  • Vercel Analytics: Privacy-compliant, cookieless analytics that don't track personal data or require consent. We collect basic usage metrics like page views and performance data without storing personally identifiable information.
  • Authentication Cookies: Essential cookies (starting with 'sb-') that enable you to log in and access your account. These are strictly necessary for the app to function and contain your authentication token.
  • No Third-Party Tracking: We don't use Google Analytics, Facebook Pixel, or other tracking technologies that require cookie consent.

Privacy-First Approach: Our analytics and authentication systems are designed to comply with GDPR and other privacy regulations without requiring cookie consent banners.

How We Use Your Data

MAF Training Analysis

We process your heart rate and activity data to:

  • Calculate MAF Zone Compliance: Analyze what percentage of each activity you spent in your optimal MAF heart rate zone
  • Generate Progress Charts: Create visual representations of your aerobic fitness development over time
  • Track Performance Trends: Monitor improvements in your MAF pace and training consistency
  • Provide Training Insights: Help you understand your aerobic development patterns

Data Processing Details

  • We analyze your complete heart rate streams to calculate precise MAF compliance percentages
  • We store calculated MAF scores permanently to show your progress over time
  • We generate weekly and monthly progress metrics from your activity history
  • We create charts and visualizations to help you understand your training effectiveness

Other Purposes

  • Account Management: Manage your account and provide app functionality
  • Communication: Send important updates about your training progress and app improvements
  • App Improvement: Use anonymous analytics to enhance app performance

Legal Basis for Processing

  • Health Data: We process your fitness and heart rate data based on your explicit consent when connecting Strava
  • Account Data: We process your email and name based on our contract to provide the app service
  • Analytics: We process technical data based on our legitimate interest in improving the app

Data Storage and Retention

Strava Activity Data

  • Permanent Storage: We store your Strava activities, heart rate data, and calculated MAF metrics permanently to provide meaningful progress tracking
  • Why Permanent Storage: Long-term storage is essential for tracking your aerobic development, which typically shows improvements over months and years
  • When Data is Deleted: All your Strava data is automatically deleted within 48 hours when you revoke access to our app on Strava's "My Apps" page

Important Note About Disconnection

  • Disconnecting in our app: If you disconnect Strava from within our app settings, your historical data remains stored to preserve your training history. New activities will stop syncing.
  • Revoking access on Strava: If you revoke our app's access on Strava's "My Apps" page, all your data is automatically deleted from our systems within 48 hours.

Account Data

  • Email and Name: Kept while your account is active
  • Deleted Accounts: All data permanently deleted within 30 days of account deletion

Data Location

Your data may be transferred to and stored in the United States where our service providers operate. These transfers are protected by EU-US Data Privacy Framework adequacy decisions and Standard Contractual Clauses where applicable.

How We Share Your Information

Service Providers

  • Supabase: Secure hosting of your account and fitness data
  • Vercel: App hosting and basic analytics
  • Strava: We access your data through their secure API (you can revoke this access anytime)

Data Security

We protect your information through:

  • Encryption of sensitive data (access tokens) in our database
  • Secure authentication and authorization
  • Regular security monitoring
  • Limited access controls

We Never:

  • Sell your personal information
  • Use your health data for advertising
  • Share your fitness data with third parties without your consent
  • Use your data to train AI or machine learning models

Your Strava Connection

What Happens When You Connect

  • You authorize us to access your Strava activities and heart rate data
  • We immediately begin importing and analyzing your recent activities
  • You can optionally import your historical activities for complete progress tracking

Ongoing Data Sync

  • New activities automatically sync from Strava when you upload them
  • We continuously calculate MAF scores for activities with heart rate data
  • Your progress metrics are updated as new activities are added

Managing Your Strava Connection

  • Disconnect in our app: Stops new activity syncing but preserves your historical training data
  • Revoke access on Strava: Completely removes all your data from our system within 48 hours
  • Full data deletion: To completely remove all data, revoke access on Strava's "My Apps" page

Strava Monitoring

Strava may monitor our use of their API for business purposes including compliance verification. This monitoring is governed by Strava's privacy policy.

Your Rights

You have these rights regarding your personal data:

Access Your Data

Request a copy of all personal data we hold about you.

Correct Your Data

Update or correct any inaccurate information in your profile.

Delete Your Data

Request complete deletion of your account and all associated data, or revoke access on Strava's "My Apps" page to delete all Strava-related data.

Data Portability

Download your activity data and MAF metrics in a machine-readable format.

Withdraw Consent

Remove consent for health data processing or disconnect Strava integration anytime.

Object to Processing

Object to data processing based on legitimate interests.

How to Exercise Your Rights: Contact us at support@aerob-ace.com or use the settings in your app account. We'll respond within 30 days.

Right to Complain: You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

Data Security

We protect your information through:

  • Encryption of data in transit and at rest
  • Secure authentication through Supabase
  • Encrypted storage of sensitive tokens
  • Regular security monitoring
  • Limited access controls for our team

However, no method of transmission over the Internet is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

Children's Privacy

Our app is not intended for children under 16. We don't knowingly collect personal information from children under 16. If we discover we've collected such information, we'll delete it immediately.

Changes to This Policy

We may update this privacy policy occasionally. We'll notify you of significant changes via email or through the app. Continued use after changes indicates acceptance of the updated policy.

Contact Us

Questions about this privacy policy or your data? Contact us:

Email: support@aerob-ace.com

Response Time: We aim to respond within 48 hours

For Strava-specific data questions, you can also contact Strava directly through their support channels.