Privacy Policy

Last updated: January 14, 2025

1. Introduction

TrainCraft is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your information.

2. Information We Collect

Account Information

We collect information you provide when creating an account:

  • Name, email address
  • FTP, weight, cycling goals
  • Training data you create or upload

Activity Data

We collect workout data you create or import from third-party services like Strava.

Automatically Collected Data

  • Essential cookies for session management and authentication (required for the service to work)
  • Analytics cookies (optional - requires your consent):
    • Usage data: pages visited, features used, workout completion rates
    • Device information: browser type, operating system
    • Log data: IP address (anonymized), timestamps

Cookie Consent: When you first visit TrainCraft, we ask for your consent before setting analytics cookies. You can accept or decline - we only track analytics data if you accept.

3. How We Use Your Information

We use your data to:

  • Provide and improve the Service
  • Generate AI-powered workout recommendations (PRO AI users)
  • Send service updates and support responses
  • Analyze usage patterns
  • Prevent fraud and ensure security

3A. Integration with Fitness Devices and Services

TrainCraft connects with fitness devices and third-party services to import your activity data and export workouts you create. By connecting these services, you give us permission to access your data from these platforms.

Strava Integration

When you connect your Strava account (via OAuth 2.0), we access:

  • Your cycling and running activities: power metrics, heart rate, duration, distance, activity type, date/time
  • Your athlete profile: name, profile photo

How we use your Strava data:

  • Calculate Training Stress Score (TSS) for each activity
  • Update cumulative fitness metrics: CTL (Chronic Training Load), ATL (Acute Training Load), TSB (Training Stress Balance)
  • Display your training history chart and fitness trends in your progress dashboard
  • Match imported activities to planned workouts in active training plans

What we do NOT do with Strava data:

  • Share your Strava data with other users
  • Train AI models on your activity data
  • Sell or license your data to third parties

AI-Powered Training Plans: When generating workouts or training plans, we send only aggregated fitness metrics (your FTP, current fitness level CTL/ATL/TSB, recent training volume) to AI services—never your raw activity data from Strava.

Your control: You can disconnect Strava anytime in Settings. All Strava-sourced data will be deleted within 48 hours of disconnection. Data is visible only to you.

Compliance: Our use of Strava data complies with Strava API Terms.

Garmin Connect Integration

When you connect your Garmin Connect account (via OAuth 2.0), we access:

  • Your cycling activities: power metrics, heart rate, duration, distance, activity type, date/time
  • Your athlete profile information

How we use your Garmin data:

  • Calculate Training Stress Score (TSS) and fitness metrics (CTL, ATL, TSB)
  • Display your training history and fitness trends
  • Match imported activities to planned workouts
  • Workout Sync: Push workouts you create in TrainCraft to your Garmin Connect calendar so you can execute them on your Garmin device (Edge, Forerunner, etc.)

Your control: You can disconnect Garmin anytime in Settings. All Garmin-sourced data will be deleted within 48 hours of disconnection.

Data Import and Export

We may import activity data from connected wearable devices and services (Strava, Garmin Connect) with your explicit authorization. We may also export workout structures you create to these services at your request. You control all connections and can revoke access at any time.

4. How We Share Your Information

Service Providers

We share data with service providers who help us operate TrainCraft:

  • Cloud hosting and database providers
  • Payment processors (we don't store credit card details)
  • AI processing services for PRO AI features
  • Analytics providers (anonymized data only)

Third-Party Integrations

When you connect third-party services (Strava, Garmin Connect), data is shared as follows:

  • From third parties to us: We import your activity data (with your explicit OAuth authorization) to calculate fitness metrics and display your progress
  • From us to third parties: We may export workouts you create in TrainCraft to your connected service calendar (e.g., sync a workout to Garmin Connect) at your request
  • Your control: You authorize each connection individually and can disconnect at any time in Settings
  • No cross-user sharing: We never share your data from one connected service to another user or use it for any purpose beyond your individual account

Each integration is subject to the third party's own terms of service and privacy policy.

Legal Requirements

We may disclose information if required by law or to protect our rights.

Business Transfers

If TrainCraft is acquired or merged, your information may be transferred. We will notify you.

5. Data Retention

We keep your data while your account is active. If you delete your account, we delete your personal data within 30 days, except:

  • Data required for legal compliance
  • Anonymized analytics data
  • Backup copies (deleted within 90 days)

6. Data Security

We use industry-standard security measures:

  • HTTPS/TLS encryption
  • Encrypted data storage
  • Access controls and authentication

No internet transmission is 100% secure. We cannot guarantee absolute security.

7. Your Rights

  • Access: View your data in account settings
  • Export: Request a copy of your data at [email protected]
  • Delete: Delete your account in settings
  • Marketing: Unsubscribe from emails anytime
  • Analytics Cookies: When you first visit TrainCraft, you can accept or decline analytics cookies via our cookie consent banner. Your choice is saved for 1 year. To change your preference, clear your browser cookies and revisit the site, or contact us at [email protected]
  • Browser Settings: You can also block cookies entirely via your browser settings

8. International Data

Your data may be processed in countries outside your own. We ensure appropriate protections are in place.

9. California & GDPR Rights

If you're in California or the EEA, you have additional rights:

  • Right to know what data we collect
  • Right to request deletion
  • Right to data portability
  • Right to opt-out (we don't sell your data)

10. Children

TrainCraft is not for users under 13. We don't knowingly collect children's data.

11. Changes to This Policy

We may update this policy. Check this page for the latest version.

12. Contact

Questions? Email [email protected]

Related Policies: