Privacy Policy

Last updated: February 5, 2026

Introduction

Plan My Peak ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our cycling performance analysis platform.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address (via Google OAuth)
  • Name and profile information from your Google account
  • Athlete profile data (FTP, weight, training preferences)

Strava Data

If you connect your Strava account, we collect and process your cycling activity data including:

  • Ride history, distance, duration, and power metrics
  • Heart rate and cadence data
  • Activity names, descriptions, and timestamps

Usage Data

  • Pages visited and features used
  • Training plans generated
  • Performance analysis requests

How We Use Your Information

We use your information to:

  • Provide cycling performance analysis and insights
  • Generate personalized training plans using AI
  • Calculate power zones and training metrics
  • Sync and display your Strava activities
  • Improve our services and develop new features
  • Send important updates about your account

Third-Party Services

We use the following third-party services to operate our platform:

Supabase

Database and authentication provider. Data is stored securely on Supabase's infrastructure.

Google OAuth

Authentication service. We only access your email and basic profile information.

Strava API

Activity data synchronization. You control what data is shared via Strava's permissions.

AI Providers (Anthropic, OpenAI, Google)

Training plan generation and performance analysis. Your data is processed to generate insights but not used to train AI models.

AWS (Amazon Web Services)

Infrastructure and hosting. Data is stored in secure AWS data centers.

Data Security

We implement industry-standard security measures to protect your data, including:

  • Encrypted data transmission (HTTPS/TLS)
  • Secure authentication via Google OAuth
  • Row-level security policies in our database
  • Regular security updates and monitoring

Your Rights

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Disconnect your Strava account at any time
  • Opt out of non-essential communications

Data Retention

We retain your data as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where required by law or for legitimate business purposes (e.g., fraud prevention).

Children's Privacy

Our service is not intended for users under 13 years of age. We do not knowingly collect information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our platform.

Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: support@planmypeak.com