Privacy Policy

Last updated: January 25, 2026

1. Introduction

SplitSync ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our triathlon training platform, including our website and mobile applications (collectively, the "Service").

By using SplitSync, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (first and last)
  • Password (encrypted and managed by our authentication provider)
  • Profile picture (optional)

2.2 Athlete Profile Data

To personalize your training experience, you may optionally provide:

  • Age and gender
  • Weight and height
  • Location (for weather forecasting purposes)
  • Training zones (FTP, threshold heart rate, running pace, swim CSS)
  • Previous injuries or physical limitations

2.3 Workout and Training Data

When you use our Service, we collect:

  • Workout details (date, time, duration, distance, sport type)
  • Performance metrics (heart rate, pace, power, elevation)
  • Subjective feedback (perceived exertion, mood, notes)
  • Training plans and scheduled workouts
  • Race information and results
  • Personal records and achievements

2.4 Data from Third-Party Integrations

If you connect third-party services, we may receive:

  • Strava: Activity data including distance, duration, pace, heart rate, power, elevation, and activity type
  • Garmin Connect (coming soon): Similar workout and health metrics

2.5 Payment Information

Payment processing is handled by RevenueCat and their payment partners. We do not store your credit card numbers, bank account details, or other financial information on our servers. We receive only:

  • Subscription status and type
  • Purchase history and entitlements
  • Subscription expiration dates

2.6 Automatically Collected Information

When you access our Service, we automatically collect:

  • Device information (device type, operating system, browser type)
  • IP address and general location (country/region level)
  • Usage data (pages visited, features used, time spent)
  • Error logs and performance data

3. How We Use Your Information

We use your information to:

  • Provide the Service: Create and manage your account, generate AI training plans, track workouts, and display analytics
  • Personalize Your Experience: Tailor training recommendations based on your fitness level, goals, and preferences
  • Generate AI Training Plans: Process your athlete profile, race goals, and training history to create personalized training plans using AI
  • Provide Weather Forecasts: Use your location to display relevant weather data for planned workouts
  • Process Payments: Manage subscriptions and provide access to premium features
  • Improve Our Service: Analyze usage patterns to enhance features and fix issues
  • Communicate With You: Send service-related notifications, updates, and support responses
  • Ensure Security: Detect and prevent fraud, abuse, and unauthorized access

4. Third-Party Services and Data Sharing

We work with trusted third-party services to provide our platform. Your data may be processed by:

4.1 Authentication (Clerk)

We use Clerk for secure user authentication. Clerk processes your email, name, and authentication credentials. View Clerk's Privacy Policy.

4.2 Database (Supabase)

Your workout data, training plans, and settings are stored securely on Supabase, a cloud database provider. Data is encrypted at rest and in transit. View Supabase's Privacy Policy.

4.3 Payment Processing (RevenueCat)

RevenueCat handles all subscription billing and payment processing. They may collect payment method information directly. View RevenueCat's Privacy Policy.

4.4 AI Plan Generation (Google)

To generate personalized training plans, we send your athlete profile, race details, fitness level, training zones, and recent workout history to Google's Gemini API. This data is processed to generate your plan and is not stored by Google for other purposes. We do not send personally identifiable information like your name or email to Google. View Google's Privacy Policy.

4.5 Strava Integration

If you choose to connect Strava, we access your workout activities through their API with your explicit authorization. You can disconnect Strava at any time from your Settings. View Strava's Privacy Policy.

4.6 Weather Data (Open-Meteo)

We use Open-Meteo to provide weather forecasts. Only your location coordinates are shared (not your identity). View Open-Meteo's Terms.

4.7 When We May Disclose Information

We may also disclose your information:

  • To comply with legal obligations or valid legal processes
  • To protect our rights, privacy, safety, or property
  • In connection with a merger, acquisition, or sale of assets (with notice to you)
  • With your explicit consent

5. Cookies and Tracking Technologies

We use minimal cookies and similar technologies:

  • Essential Cookies: Required for authentication and session management (set by Clerk)
  • Preference Cookies: Remember your settings and preferences

We do not use third-party advertising cookies or sell your data to advertisers. You can manage cookie preferences through your browser settings, though disabling essential cookies may affect Service functionality.

6. Data Security

We implement industry-standard security measures to protect your data:

  • All data transmission is encrypted using TLS/HTTPS
  • Database encryption at rest
  • Row-level security policies ensuring you can only access your own data
  • Secure OAuth 2.0 authentication for third-party integrations
  • Regular security audits and updates
  • API keys and secrets stored securely on the server side

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your data as follows:

  • Account Data: Retained while your account is active and for a reasonable period after deletion for legal compliance
  • Workout and Training Data: Retained until you delete it or your account
  • Third-Party Tokens: OAuth tokens are retained until you disconnect the service
  • Analytics Data: Aggregated, anonymized analytics may be retained indefinitely

8. Your Rights and Choices

Depending on your location, you may have the following rights:

8.1 Access and Portability

You can access most of your data directly through the app (Settings, Workouts, Analytics). To request a complete export of your data, contact us at splitsynchq@gmail.com.

8.2 Correction

You can update your profile information, workouts, and settings at any time through the app.

8.3 Deletion

You can delete individual workouts, training plans, and races from the app. To delete your entire account and all associated data, contact us at splitsynchq@gmail.com or use the account deletion option in Settings.

8.4 Withdraw Consent

You can disconnect third-party integrations (like Strava) at any time through Settings. You can also revoke access directly through those platforms.

8.5 Opt-Out

You can opt out of non-essential communications through your notification preferences.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. Our service providers (Clerk, Supabase, Google, RevenueCat) may process data in the United States and other jurisdictions. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

10. For European Users (GDPR)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

  • Legal Basis: We process your data based on your consent (for optional features), contract performance (to provide the Service), and legitimate interests (to improve and secure our Service)
  • Right to Object: You may object to processing based on legitimate interests
  • Right to Restriction: You may request we restrict processing in certain circumstances
  • Right to Lodge a Complaint: You may file a complaint with your local data protection authority

11. For California Residents (CCPA)

Under the California Consumer Privacy Act, California residents have the right to:

  • Know what personal information we collect and how it's used
  • Request deletion of personal information
  • Opt out of the "sale" of personal information
  • Non-discrimination for exercising these rights

We do not sell your personal information. To exercise your rights, contact us at splitsynchq@gmail.com.

12. Children's Privacy

SplitSync is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at splitsynchq@gmail.com, and we will delete such information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: splitsynchq@gmail.com
Subject Line: Privacy Inquiry

We will respond to your request within 30 days.