Privacy Policy
Last updated: 12 March 2026
1. Who We Are
AiTrainingPlan is operated by Thomas Prommer ("we", "us"). For privacy inquiries, contact thomas at prommer dot net.
2. Data We Collect
2.1 Account Data
When you sign up for alpha access or create an account, we collect:
- Name and email address
- Primary sport selection
- Optional: training frustrations or feedback you provide
2.2 Training Data
When you connect integrations, we receive data from:
- Strava, Garmin, Zwift, Intervals.icu: workout history, activity metrics, heart rate, power, pace
- Apple Health: sleep, HRV, resting heart rate, activity summaries
- Manual input: blood panel results, perceived exertion, race goals
2.3 Sensitive Health Data
Blood work results, DNA-related inputs, and medical notes are classified as sensitive data. This data is:
- Encrypted at rest and in transit
- Never shared with third parties
- Only processed to generate your training recommendations
- Deletable at any time via your account settings
2.4 Usage Data
We use Google Analytics (GA4) to collect anonymized usage data: pages visited, feature usage, device type, and country. No personally identifiable information is sent to Google Analytics.
3. How We Use Your Data
- Training plan generation: your data is compressed into AI prompts to generate personalized plans
- Service improvement: aggregated, anonymized patterns help us improve features
- Communication: email updates about your account and the alpha program
We do not sell, rent, or share your personal data with advertisers or data brokers.
4. AI Processing
Your training data is sent to AI providers (OpenAI, Anthropic, Google) to generate coaching recommendations. When this happens:
- Data is sent via encrypted API calls
- We use API-only access — your data is not used to train AI models
- You choose which AI provider processes your data
- Prompts contain anonymized fitness metrics, not your name or email
5. Data Storage and Security
- Data is stored on servers in the EU (Germany/Singapore)
- All connections use TLS 1.3 encryption
- Sensitive health data is encrypted at rest (AES-256)
- Access is restricted to essential personnel only
6. Your Rights (GDPR)
If you are in the EU/EEA, you have the right to:
- Access: request a copy of all data we hold about you
- Rectification: correct inaccurate data
- Erasure: request deletion of your data ("right to be forgotten")
- Portability: export your data in a machine-readable format
- Restriction: limit how we process your data
- Objection: object to processing based on legitimate interests
To exercise any right, contact us at the address above. We respond within 30 days.
7. Data Retention
We retain your data for as long as your account is active. If you delete your account:
- Personal data is deleted within 30 days
- Training data is deleted within 30 days
- Backups containing your data expire within 90 days
- Anonymized, aggregated statistics may be retained indefinitely
8. Cookies
We use minimal cookies:
- Essential: session authentication (strictly necessary)
- Analytics: Google Analytics cookies for anonymized usage tracking
No advertising or third-party tracking cookies are used.
9. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Google Analytics | Usage analytics | Anonymized page views, device info |
| OpenAI / Anthropic / Google AI | Training plan generation | Anonymized fitness metrics |
| Strava / Garmin / Apple | Data sync | OAuth tokens (read-only access) |
| Cloudflare | CDN and DDoS protection | IP address (not logged by us) |
10. Children
AiTrainingPlan is not intended for users under 16. We do not knowingly collect data from children.
11. Changes
We may update this policy. Material changes will be communicated via email or in-app notification. Continued use after changes constitutes acceptance.
Apply for Alpha Access
Join the first athletes testing AiTrainingPlan.