← Back to StrydeLab

Privacy Policy

Last updated: August 27, 2025

StrydeLab ("we", "us", "our") provides training analytics and optimization tools. This policy explains what data we collect, how we use it, and the choices you have.

Scope

This policy applies to our website, app, and integrations you connect to StrydeLab (e.g., Garmin).

Who controls your data

Controller: StrydeLab (contact: jessica.eichel@strydelab.com). If you are in the EEA/UK, StrydeLab is the data controller for your personal data.

Data we collect

• Account data: email, name (if provided).
• Activity & training data (from Garmin and other services you connect): activity summaries, distance, duration, pace, heart rate, power, cadence, and related metrics that you explicitly authorize us to access.
• Device & technical data: IP address, device/browser info, event logs, and cookies or similar technologies for reliability and security.
• Support communications: messages you send to us (e.g., email, in-app help).

How we use data

• Provide core features: import, analyze, and visualize your training; generate recommendations.
• Operate, secure, and troubleshoot the service; prevent abuse; measure performance.
• Improve features and models using aggregated and de-identified analytics where possible.
• Communicate with you about service updates and important notices.

Legal bases (GDPR/UK GDPR)

• Consent: connecting your Garmin account and importing activity data.
• Contract: delivering the features you request.
• Legitimate interests: safety, fraud prevention, product improvement (balanced against your rights).

Garmin-specific disclosures

• Your data is submitted to StrydeLab, not to Garmin. Garmin is not responsible for our processing of your data.
• Stable policy URL: if we move this policy, we will redirect from the old URL to the new location.
• Retention limits: we do not retain user data longer than needed to operate StrydeLab unless you give express consent for a longer period.
• No default location collection: we do not collect location by default; if a feature needs location, we will ask you to opt in.
• Consent-scoped access: we only access and use Garmin data for the limited purposes you consent to; we stop processing and delete retained Garmin-sourced data when you revoke consent or request deletion. We do not sell, rent, or transfer Garmin user data.

These items reflect the Connect IQ/Developer Agreement requirements for privacy policies, retention, and data access/consent. See Garmin's developer terms for details.

Sharing & processors

We do not sell your personal data. We share it only with service providers ("processors") that help us run StrydeLab (e.g., cloud hosting, error monitoring, analytics). These providers are bound by contracts to use the data only on our instructions and protect it appropriately. We may also share data if required by law or to protect rights, safety, or integrity of the service.

Security

• In transit: all traffic to our services uses TLS/HTTPS.
• At rest: our primary databases and backups use provider-level encryption at rest. Some limited operational data (e.g., certain application logs or short-lived processing caches) may not be encrypted at rest but is access-controlled and retained for a short period.
• Access to production systems is restricted to authorized personnel and logged.
• We regularly apply security updates and monitor for abuse. No method of transmission or storage is 100% secure.

Data retention

• We keep your training data while your account is active and as needed to provide the service.
• When you delete your account or revoke Garmin access, we delete or de-identify your personal data from active systems within 30 days, and from backups within 90 days (subject to legal obligations).
• Aggregated, de-identified analytics (which cannot reasonably identify you) may be retained to improve the service.

Your choices & rights

• Disconnect/revoke: you can disconnect Garmin at any time in our app or by contacting us; we will stop processing and remove retained Garmin-sourced data as described above.
• Access/Export: request a copy of your data.
• Correction & deletion: ask us to fix inaccurate data or delete your account/data.
• Opt-out: you can opt out of non-essential analytics where applicable.
• EEA/UK users: you may have additional rights to restrict/object to processing and to data portability, and to lodge a complaint with your local supervisory authority.

International transfers

If we transfer your data outside your region, we use appropriate safeguards (e.g., Standard Contractual Clauses) where required.

Children

StrydeLab is not directed to children and should not be used by anyone under the age at which valid consent applies in their jurisdiction.

Changes to this policy

We may update this policy as our service evolves. If we make material changes, we will notify you (e.g., email or in-app). We will not change the URL of this policy without providing a redirect to the new location.

Contact

Email: jessica.eichel@strydelab.com