Privacy Policy
Effective date: March 2026
1. Introduction
Coach Veos places great importance on the confidentiality and protection of your personal data. This Privacy Policy explains the information we collect about you when you use our website and applications (together, the "Services"), how we use it, how we share it with third parties, and your rights regarding this information.
This policy should be read alongside our Terms of Service.
For any questions, contact us at: contact@coachveos.com
This policy may be updated from time to time. Your continued use of the Services after an update constitutes acceptance. The date of the last update is shown at the top of this page.
Important
When you use Coach Veos, your data is submitted to and processed by Coach Veos. Partner platforms (Strava, Garmin) are not responsible for the collection, use, or processing of your data by Coach Veos. To learn how these platforms handle your data, please refer to:
2. Data Collected and Purposes
| Data Categories | Processing Purposes | Legal Basis |
|---|---|---|
| Identity: name, profile picture (via Strava/Garmin) | Account management, coaching personalization | Contract performance |
| Sports data: running activities (distance, duration, pace, heart rate, cadence) imported from Strava and/or Garmin Connect | Performance analysis, personalized training plan generation, progress tracking | Contract performance |
| Location data (GPS): GPS tracks from your activities, only if you connect Strava or Garmin | Route analysis (elevation, pace per segment). This data is NOT permanently stored — it is fetched on-demand via partner APIs | Consent (voluntary account connection) |
| Onboarding data: training goal (marathon, half-marathon, 10K, Hyrox), target race date, preferred sessions per week, voice profile information | Creation of your personalized training plan | Contract performance |
| Coach-generated data: activity analyses, training programs, conversation history, post-workout feedback | Delivery of coaching service, continuous improvement of advice quality | Contract performance |
| Authentication tokens: OAuth tokens for Strava and/or Garmin (encrypted with AES-256-CBC) | Secure access to your sports data | Contract performance |
Important note about Strava and Garmin data
We do NOT permanently store your raw activity data. Activities are fetched on-demand via the Strava and Garmin APIs when needed for coaching analysis, in compliance with these platforms’ terms of service.
What we DO store:
- AI coach-generated analyses
- Your planned programs and workouts
- Your feedback and sensations after workouts
- Your conversation history with the coach
3. Location Data
Coach Veos does not collect location data by default. GPS data is only accessible if you voluntarily connect your Strava or Garmin Connect account, which constitutes your explicit consent.
- Are never permanently stored on our servers
- Are fetched on-demand via partner APIs for route analysis
- Are used solely for elevation calculation, pace per segment, and terrain analysis
You can revoke access to this data at any time by disconnecting your Strava or Garmin account from the app.
4. How Long Do We Keep Your Data?
| Data Type | Retention Period |
|---|---|
| Raw Strava/Garmin data | Not stored (on-demand API access) |
| Coach analyses | Until account deletion |
| Training programs | Until account deletion |
| Conversation history | Until account deletion |
| OAuth tokens | Until disconnection or account deletion |
We retain your coach-generated data only for as long as necessary to provide the Services. This data helps improve coaching quality over time.
You can request deletion of your data at any time (see section 6).
5. Who Is Your Data Shared With?
We never sell, rent, or transfer (directly or indirectly) your personal data to third parties.
| Third-Party Category | Why? |
|---|---|
| Strava API | Access your activity data (Strava Privacy Policy) |
| Garmin Connect API | Access your activity data (Garmin Privacy Policy) |
| OpenRouter / AI Models | Generate coaching responses. No personally identifiable data is shared beyond the current conversation context |
| ElevenLabs | Voice synthesis for audio briefings and debriefs |
| Supabase | Database hosting (secure servers) |
| Vercel | Backend application hosting |
| Apple Push Notification service (APNs) | Sending coaching notifications |
These providers only have access to data strictly necessary for their services and are not authorized to use it for other purposes.
6. Deleting Your Data
You can delete your data and revoke Coach Veos’ access at any time:
From Coach Veos (Recommended)
- Tap your avatar in the top-right corner of the app
- Select "Disconnect Strava" or "Disconnect Garmin"
- Confirm the deletion
This immediately:
- Revokes Coach Veos’ access to your account
- Deletes ALL your data from our servers
- Logs you out of the service
From Strava
Strava Settings > My Apps > Revoke access to Coach Veos. Your data will be deleted within 30 days.
From Garmin Connect
Garmin Connect Settings > Third-Party Apps > Revoke Coach Veos. Your data will be deleted within 30 days.
7. How Is Your Information Protected?
- Token encryption: all Strava and Garmin OAuth tokens are encrypted with AES-256-CBC
- Database: hosted on Supabase with Row Level Security enabled
- Communications: all transmissions use HTTPS
- Restricted access: access to personal data is strictly limited to authorized personnel
In the event of a high-risk data breach, Coach Veos will notify the relevant authorities within 72 hours of detection and, if necessary, will also notify affected users.
8. Your Rights (GDPR)
If you are in the European Union, you have the following rights:
- Right of access : receive a copy of the data we hold about you
- Right to rectification : correct any incomplete or inaccurate information
- Right to erasure : ("right to be forgotten") request deletion of your data
- Right to restriction of processing : temporarily suspend processing in certain circumstances
- Right to data portability : receive your data in a structured, machine-readable format
- Right to object : object to processing based on our legitimate interest
- Right to withdraw consent : withdraw your consent at any time
To exercise any of these rights: contact@coachveos.com
9. Policy Regarding Minors
Our Services are not intended for persons under 16 years of age. If we discover that a minor has provided us with personal data, we will delete that information and close the associated account.
10. Contact
For any questions about this Privacy Policy: contact@coachveos.com