Legal

Privacy Policy & Terms

We built VeloCoach AI because we care about cycling performance, not data harvesting. Here is exactly what we collect, why, and what you can do about it — in plain English.

Last updated: 3 May 2026

What we collect

Account data Required

Your name, email address, and encrypted password when you create an account. Passwords are hashed — we never store them in plain text.

Training profile Required

Your FTP (functional threshold power), body weight, preferred discipline (road, gravel, MTB), training goals, and gender (Man, Woman, Other, or Prefer not to say). Gender is used to personalise coaching — specifically to determine whether to offer cycle-aware coaching recommendations. It is retained until you delete your account.

Health data via Apple HealthKit Permission required

Heart rate, heart rate variability (HRV), resting heart rate, sleep duration, active energy, VO2 max estimates, and workout summaries. We only read this data after you explicitly grant permission in iOS. It is never sold or shared with any third party.

Activity data via Strava, Intervals.icu, and Wahoo Permission required

Ride activities, workout files, and your athlete profile from connected platforms. Data is fetched using OAuth tokens that you explicitly grant. You can revoke access at any time through each platform's settings.

We request access to all Strava activities, including private activities. This is necessary because your complete training history, including private rides, is required to give accurate coaching feedback and fitness analysis.

We also write AI coaching feedback back to your Strava activity descriptions when you use the "Send to Strava" feature. No other writes are made to your Strava account.

AI coaching interactions Collected

Your coaching messages and any generated training plans are stored so VeloCoach can remember your history and give continuity across sessions. This is what makes coaching feel personal rather than starting from scratch every time.

Menstrual cycle data Consent required

If you choose to enable cycle tracking in Settings, VeloCoach collects your last period start date, average cycle length, and whether cycle tracking is active. This is optional — you are never asked for this data unless you actively switch it on.

This data falls under GDPR Article 9 (special category health data) and is collected only on the basis of your explicit consent. You can withdraw consent and delete all cycle data at any time via Settings > Cycle Tracking > Turn Off. This deletes the data from our servers immediately.

Cycle data is used solely to tailor coaching commentary within VeloCoach — for example, adjusting training load recommendations around different cycle phases. It is never shared with third parties, never used for advertising, and never used for any purpose other than personalising your coaching. It is stored securely in Supabase with access restricted to your account only, and retained until you opt out or delete your account.

Device and usage analytics Not collected

VeloCoach does not include any analytics SDK. We do not track which screens you visit, how long you spend in the app, or anything about your device beyond what iOS provides for push notifications.

How we use your data

  • To generate personalised training plans and coaching advice using Claude AI (made by Anthropic).
  • To display your fitness history, recent activities, and recovery status inside the app.
  • To push structured workouts to your Wahoo ELEMNT device.
  • To maintain coaching memory so your coach knows your history without you repeating yourself.

We never sell your data. We never use it for advertising. We never share it with any company except the sub-processors listed below, which are strictly necessary to run the service.

Apple HealthKit

VeloCoach reads HealthKit data solely to improve the quality of your coaching — for example, factoring sleep and HRV into recovery recommendations.

  • HealthKit data is never shared with third parties.
  • HealthKit data is never used for advertising or sold.
  • We do not store raw HealthKit readings beyond what is needed to generate your coaching response. Summary insights (e.g. "poor sleep last night") may be stored as part of your coaching memory.
  • You can revoke HealthKit access at any time in iOS Settings → Privacy & Security → Health → VeloCoach AI.

Sub-processors

These are the third-party services we use to run VeloCoach. We have no other data-sharing arrangements.

Provider Purpose Data shared Notes
Anthropic (Claude AI) Coaching prompts and training plan generation Your coaching messages and relevant training context Anthropic does not use this data to train their models under our API agreement
Supabase Database hosting All stored account and training data Hosted in the EU region
Railway Backend hosting Data passes through the backend API Processes requests in transit; no separate data store

Data retention

  • Your data is kept for as long as your account is active.
  • If you delete your account, all stored data is permanently removed within 30 days.
  • Backups containing your data are purged on the same rolling 30-day schedule.

Your rights (GDPR)

If you are in the UK or EU, you have the following rights. To exercise any of them, email kyle@aimplatform.co.uk and we will respond within 30 days.

📋

Right to access

Request a copy of all data we hold about you. Email with subject "Data access request".

🗑️

Right to deletion

Ask us to permanently delete your account and all associated data. Email with subject "Delete my account".

📦

Right to portability

Request an export of your data in a machine-readable format. Email with subject "Data export request".

If you revoke VeloCoach's access directly from Strava's connected apps settings, your Strava credentials are automatically deleted from our systems within minutes via Strava's deauthorisation webhook. You do not need to contact us separately.

Security

  • All data is transmitted over HTTPS/TLS.
  • Passwords are hashed using industry-standard algorithms — we cannot recover them.
  • OAuth tokens for Strava, Intervals.icu, and Wahoo are stored encrypted.
  • We do not log or store raw API tokens in application logs.

Contact

Data controller: Kyle Hodgson, VeloCoach AI

For any privacy questions, data requests, or concerns, email kyle@aimplatform.co.uk. We aim to respond to all requests within 5 business days and to complete them within 30 days.

If you believe we have not addressed your concern adequately, you have the right to lodge a complaint with the ICO (UK) or your local data protection authority.

Terms of Use

By downloading or using VeloCoach AI you agree to these terms. These are intentionally straightforward — we are not trying to catch you out.

Acceptable use

  • VeloCoach is for personal use only. You may not use it commercially or resell access.
  • You must be 16 or older to create an account.
  • Do not attempt to reverse-engineer, scrape, or abuse the API.

Health disclaimer

VeloCoach AI provides coaching guidance based on your training data. It is not a substitute for medical advice. Always consult a doctor before starting a new training programme, especially if you have any underlying health conditions.

Subscription and billing

  • VeloCoach is offered as a subscription billed through the Apple App Store.
  • Subscriptions auto-renew unless cancelled at least 24 hours before the end of the current period.
  • You can manage or cancel your subscription in iOS Settings → [your name] → Subscriptions.
  • Refunds are handled by Apple in accordance with their standard policy.

No warranty

VeloCoach AI is provided "as is". While we work hard to keep it reliable and accurate, we cannot guarantee that the coaching advice will improve your performance or that the app will be error-free. Use it at your own discretion.

Changes to these terms

We may update this page from time to time. The "last updated" date at the top always reflects the most recent version. Continued use of the app after changes are posted constitutes acceptance of the updated terms.