Pulse Athletics

Privacy Policy

Last updated: February 15, 2026

1. Identity & Contact

This privacy policy describes how Pulse Athletics ("we", "us", "our") collects, uses, and protects your personal data when you use our athlete training platform.

For privacy-related inquiries, please contact us at: support@pulseathletics.team

2. Data We Collect

We collect the following categories of personal data:

Account Data

Email address, full name, date of birth (for age verification).

Physical Profile

Height, weight, gender, experience level, training preferences, primary goals.

Training Data

Workouts, activities, training plans, performance metrics.

Health & Recovery Data (Special Category)

Sleep duration and quality, heart rate variability (HRV), resting heart rate, stress levels, readiness scores, body battery, VO2max estimates, acute/chronic training load, ACWR (Acute:Chronic Workload Ratio).

Note: Health data is considered a "special category" of personal data under GDPR Article 9 and requires your explicit consent.

Nutrition Data

Macronutrient intake, hydration tracking, body composition metrics.

Integration Data

When you connect third-party services:

  • Strava: Activity data (runs, rides, swims, etc.) via user-initiated OAuth authorization
  • Garmin Connect: Wellness and recovery metrics via user-initiated credential login (data is pulled from Garmin and not shared back)

3. Legal Basis for Processing

We process your personal data based on:

  • Explicit consent (GDPR Art. 9(2)(a)) for health and recovery data
  • Legitimate interest for account management, service functionality, and performance optimization
  • Contractual necessity to provide the training platform services you've signed up for

4. Third-Party Processors

We use the following third-party processors to deliver our services:

  • Supabase (EU) — Database hosting and authentication (data stored in EU region)
  • Vercel — Frontend hosting and CDN
  • Strava API — Activity data synchronization (user-initiated OAuth)
  • Garmin Connect (unofficial API) — Wellness data synchronization (user-initiated credential login; data is not shared back with Garmin)
  • OpenAI / Anthropic — coaching features (your athlete profile, workouts, and recovery data are sent per chat request)

5. International Data Transfers

Your data is primarily stored in the EU (Supabase Cloud EU). However, when you use coaching features, your data may be transferred to US-based LLM providers (OpenAI, Anthropic). These transfers are protected by standard contractual clauses (SCCs) and appropriate safeguards.

6. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten"): Request deletion of your account and data (30-day cooling-off period applies)
  • Right to data portability: Receive your data in a machine-readable format (JSON export)
  • Right to withdraw consent: Withdraw consent for health data processing or AI features at any time
  • Right to lodge a complaint: Contact your local Data Protection Authority if you believe your rights have been violated

To exercise any of these rights, visit your Data & Privacy settings or contact us at support@pulseathletics.team.

7. Data Retention

We retain your personal data while your account is active. If you request account deletion, we will initiate a 30-day cooling-off period during which you can cancel the deletion. After 30 days, your data will be permanently deleted from our systems.

8. Cookies & Tracking

We use a session cookie for authentication purposes only (via Supabase Auth). We do not use third-party tracking cookies or analytics.

9. Age Restriction

Our service is restricted to users aged 18 years or older. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you via email. Your continued use of the service after notification constitutes acceptance of the updated policy.

Legal disclaimer: This privacy policy is provided as a starting point and should be reviewed by a qualified legal professional familiar with GDPR and data protection regulations before deployment to production.

← Back to Login