Privacy Policy

Treningsklubben is a personal training app for endurance athletes with activity tracking, strength training coaching, and AI-powered training plan generation. The app is developed as a private project for a limited user group.

Inge Thorud is the data controller for personal data processed in Treningsklubben. Contact: inge@thorud.com

We collect and process the following categories of personal data:

• Account information: Name, email address, and password (encrypted with bcrypt).
• Profile data: Date of birth, gender, weight, height, maximum heart rate, and heart rate zones.
• Activity data: Training sessions synced from connected services (Strava, Garmin Connect, Concept2 Logbook), including duration, distance, heart rate, pace, cadence, elevation, and GPS data.
• Strength training data: Exercises, sets, repetitions, weights, and progression.
• Wellness data: Resting heart rate, sleep quality, motivation, fatigue, and pain levels.
• Injury information: Injury type, body part, status, and dates.
• Training plans: AI-generated macro plans and weekly plans.

Data is used exclusively to:

• Display your own training data for personal monitoring and progression.
• Calculate training load, fitness curves, and performance trends.
• Generate personalized training plans and coaching advice via AI.
• Track strength training progression and personal records.

We never sell your data. Data is not shared with other users unless you explicitly choose to do so.

The app integrates with the following third parties:

• Strava: Activity data synchronization via the Strava API. Data from Strava is stored locally in the app upon import and displayed only to you. When you disconnect from Strava, all Strava-imported activities are deleted.
• Garmin Connect: Activity data and wellness data synchronization via the Garmin API.
• Concept2 Logbook: Rowing machine and SkiErg data synchronization.
• Anthropic Claude: AI service for training coaching and plan generation. Anonymized training metrics are sent to generate personalized advice and plans.

• Data is stored in an encrypted database on secure servers.
• All communication occurs over HTTPS.
• Passwords are stored using bcrypt hashing with individual salts.
• OAuth tokens for third-party services are stored encrypted.
• Raw API response data from Strava is not retained. Only normalized training data is preserved in the app's own tables.

You have the following rights under the General Data Protection Regulation (GDPR):

• Access: You can view all your data within the app.
• Data portability: You can export all your data as JSON via the profile page.
• Erasure: You can delete all training data or your entire account via the profile page. Cascading deletion ensures all associated data is removed.
• Rectification: You can update profile information and biometric data directly in the app.
• Withdrawal of consent: You can disconnect from third-party services at any time. When disconnecting from Strava, all Strava-imported data is deleted within 48 hours.

The app uses only essential session cookies for authentication. We do not use analytics or advertising cookies.

We may update this privacy policy as needed. Significant changes will be communicated within the app.

Questions about privacy can be directed to inge@thorud.com.