Legal

Privacy Policy

Last updated: March 2026

Artificial Intelligence Transparency Statement

CrankWise uses artificial intelligence (AI) to generate personalised training plans. When you connect your Garmin account, your activity and health data is processed by AI systems — specifically Anthropic Claude and Google Gemini — to create training recommendations tailored to your fitness level and goals.

  • Your Garmin data is used solely to generate your training plan. It is not used to train AI models.
  • AI processing is performed by Anthropic (Claude) and Google (Gemini) under their respective data processing agreements, which prohibit model training on customer data by default.
  • You must give explicit consent before your Garmin data is shared with CrankWise. You can withdraw this consent at any time from your profile settings.
  • When you disconnect your Garmin account or delete your CrankWise account, your Garmin activity data is permanently removed from our systems.
  • AI-generated training plans are recommendations only and do not constitute medical advice.

1. Who We Are

CrankWise (“we”, “us”, “our”) is an AI-powered cycling coaching platform. We are committed to protecting your personal data and your right to privacy. This policy explains what information we collect, why we collect it, and how we use it.

2. Information We Collect

  • Account data: Email address and password (when signing up directly), or your Strava profile when connecting via Strava OAuth.
  • Profile data: Information you provide during onboarding: FTP, heart rate zones, training availability, goal races, and fitness resources.
  • Garmin activity data: When you connect your Garmin account, we access your cycling activities (distance, power, heart rate, speed, cadence) to personalise your training plan. Any data submitted through your Garmin connection is submitted to CrankWise — not to Garmin.
  • Strava activity data: When you connect Strava, we read your recent cycling activities to personalise your training plan.
  • Usage data: Standard server logs including IP address, browser type, and pages visited, used for security and performance monitoring.

3. Garmin Data — Consent and Your Rights

Access to your Garmin data requires your explicit, informed consent. By connecting your Garmin account, you consent to CrankWise retrieving your activity data for the sole purpose of generating training recommendations.

  • You can withdraw consent and disconnect your Garmin account at any time from your profile settings.
  • Upon disconnection, all Garmin activity data held by CrankWise is permanently deleted within 30 days.
  • Your Garmin data will only ever be used for the purpose you consented to — generating your training plan.
  • We do not sell, rent, or transfer your Garmin data to any third party.
  • We do not retain your Garmin data longer than necessary for the operation of the service.

4. Strava Data — Consent and Your Rights

When you connect your Strava account, you consent to CrankWise accessing your activity data via the Strava API. This data is used solely to generate personalised training plans.

  • Strava activity data we access includes: activity type, duration, distance, elevation, average power, average heart rate, and activity name.
  • This data is sent to Anthropic Claude (our AI provider) to generate your personalised training plan. It is not used for AI model training.
  • Strava data is displayed only to you — the athlete who owns it. We never share your Strava data with other users.
  • You can disconnect Strava at any time from your Connections settings. This revokes our access and deletes your Strava data within 48 hours.
  • If you revoke CrankWise access directly in your Strava settings, we automatically receive a notification and delete your stored tokens and synced activities.
  • We do not sell, rent, license, or transfer your Strava data to any third party.
  • We do not use Strava data for advertising, analytics, machine learning model training, or any purpose beyond generating your individual training plan.
  • All Strava data is transmitted over HTTPS and stored in an encrypted database with row-level security.

5. How We Use Your Data

  • Generate personalised AI training plans tailored to your fitness level, schedule, and race goals.
  • Authenticate you and maintain your session securely.
  • Sync your Garmin and Strava activities to keep your training history up to date.
  • Send transactional emails (e.g. account confirmation, password reset).
  • Improve platform performance (using anonymised, aggregated data only — never individual activity data).

6. Data Sharing and Third-Party Services

We do not sell, rent, or transfer your personal data to third parties for commercial purposes. We use the following sub-processors strictly to operate the platform:

  • Supabase: Database, authentication, and file storage. Data is stored in the EU region.
  • Garmin: OAuth-based access to your activity data, with your explicit consent. Governed by the Garmin Connect Developer Program Agreement.
  • Strava: OAuth login and activity data import. Governed by the Strava API Agreement.
  • Anthropic (Claude): AI plan generation. Activity and profile data is sent to generate training recommendations. Anthropic does not train models on this data by default under its API data processing terms.
  • Vercel: Application hosting and serverless functions.

7. Data Retention

We retain your data only as long as necessary to provide the service:

  • Account and profile data is retained while your account is active.
  • Garmin activity data is retained only while your Garmin connection is active. Disconnecting triggers deletion within 30 days.
  • If you delete your account, all personal data is permanently removed from our systems within 30 days.
  • You may request deletion of specific data at any time by contacting us.

8. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Withdraw consent for data processing (including Garmin integration) at any time.
  • Object to or restrict certain types of processing.
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at privacy@crankwise.app.

9. Cookies

We use only essential cookies required for authentication and session management. We do not use advertising or tracking cookies.

10. Security

All data is transmitted over HTTPS. Passwords are hashed and never stored in plain text. We are solely responsible for securing your data on our systems and maintain appropriate technical and organisational controls to protect it against unauthorised access, loss, or disclosure.

11. Health Data

Heart rate, power, and other physiological data accessed from Garmin or Strava are used solely to generate training recommendations. This data is not shared with insurers, employers, or any third party beyond the sub-processors listed in Section 5. AI-generated training recommendations do not constitute medical advice. Consult a qualified healthcare professional before beginning any new training programme.

12. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or via an in-app notification. Where changes affect how we use your Garmin data or AI processing, we will request fresh consent where required. Continued use of CrankWise after changes take effect constitutes acceptance of the updated policy.

13. Contact

If you have any questions about this policy or want to exercise your rights, please contact us at privacy@crankwise.app.

← Back to CrankWise