Privacy Policy

Last updated: November 2025

1. Privacy at a Glance

General Information

The following notes provide a simple overview of what happens to your personal data when you use our app. Personal data is all data that can be used to personally identify you.

Data Collection in Our App

Who is responsible for data collection?

Data processing in this app is carried out by the app operator. You can find their contact details in the imprint of this website.

2. What Data Do We Collect?

Account Data

• Email address (for authentication)
• Name (optional, for personalization)
• Profile picture (optional)

Training Data

• Workouts and activities from connected services (Strava, Intervals.icu, Garmin)
• GPS data from activities
• Heart rate, power, pace
• Training plans and goals

Wellness and Recovery Data

• HRV (Heart Rate Variability)
• Resting heart rate
• Sleep quality (if provided by connected services)
• Subjective fatigue values

OAuth Tokens

• Access tokens for connected services (Strava, Garmin)
• These are stored encrypted in our database

3. How Do We Use Your Data?

Your data is used exclusively for:

• Training Planning: Creating personalized training plans based on your fitness level
• Recovery Analysis: Calculating your recovery status for optimal training control
• Synchronization: Retrieving your activities from connected services
• AI Features: Generating workout recommendations

We do not sell your data to third parties.

4. Integration with Third Parties

Strava

When you connect your Strava account, we receive access to:

• Your public profile data
• Your activities (runs, rides)
• Detailed activity data (GPS, heart rate, power)

Strava Privacy: https://www.strava.com/legal/privacy

Intervals.icu

When you connect your Intervals.icu account, we receive access to:

• Your wellness data (HRV, resting heart rate, sleep)
• Training plans and goals
• Your activities and workouts

Garmin

When you connect your Garmin account, we receive access to:

• Activity data from your Garmin devices
• Health data (heart rate, sleep)

Garmin Privacy: https://www.garmin.com/en-US/privacy/

5. Data Storage

Where is data stored?

Our servers are located in Germany (Hetzner Cloud). All data is stored and processed within the EU.

How long is data stored?

• Account data: Until account deletion
• Training data: Until account deletion or manual deletion
• OAuth tokens: Until integration disconnection or account deletion

6. Your Rights

You have the right to:

• Access: What data we have stored about you
• Rectification: Correction of incorrect data
• Erasure: Complete deletion of your data
• Data Portability: Export your data in machine-readable format
• Withdrawal: Withdraw your consent to data processing

To exercise your rights, contact us at: privacy@peakhuman.app

7. Data Security

We implement technical and organizational security measures:

• SSL/TLS encryption for all data transfers
• Encrypted storage of OAuth tokens
• Password hashing with bcrypt
• Regular security updates
• Access restrictions at database level

8. Cookies and Tracking

Our app does not use tracking cookies or third-party analytics tools. We only use technically necessary authentication tokens.

9. Changes to this Privacy Policy

We reserve the right to update this privacy policy to comply with current legal requirements or to implement changes to our services. We recommend visiting this page regularly.

10. Contact

For privacy questions, contact us at:
Email: privacy@peakhuman.app