Ultracoach

Privacy Policy

Last updated: March 4, 2026

1. What Data We Collect

We collect the following categories of data to provide and improve the Service:

  • Account data: Email address, full name, and authentication credentials
  • Profile data: Age, weight, height, experience level, training preferences, and race goals
  • Health and fitness data: Workouts (duration, distance, pace, heart rate, elevation), HRV, resting heart rate, sleep metrics, recovery scores, body metrics, and body composition photos
  • Nutrition data: Food logs, macro tracking, meal photos, and nutrition label scans
  • Integration data: Activities from Strava (including distance, duration, pace, heart rate, GPS routes, elevation, and activity type), recovery metrics from Whoop, and nutrition entries from FatSecret (synced with your explicit consent via OAuth)
  • AI conversation data: Messages sent to the AI coach and responses received
  • Usage data: Pages visited, features used, and interaction patterns to improve the Service

2. How We Use Your Data

  • Generate personalized AI training plans using Claude (Anthropic)
  • Provide adaptive nutrition recommendations and macro targets
  • Produce race predictions, pacing strategies, and execution plans
  • Deliver wellness insights and cross-metric correlations using Gemini (Google)
  • Power conversational AI coaching using Grok (xAI)
  • Calculate fitness metrics (CTL, ATL, TSB) and readiness scores
  • Sync and normalize data from connected integrations
  • Scan uploaded images for content safety compliance
  • Improve the Service through aggregated, anonymized analytics

3. AI Processing Disclosure

Your data is processed by AI models to deliver core Service features:

  • Claude (Anthropic): Generates training plans, analyzes nutrition from food photos (via Claude Vision), scans images for content safety, and provides race strategy
  • Gemini (Google): Produces wellness insights, analyzes correlations between sleep, recovery, and training, and handles long-context analysis
  • Grok (xAI): Powers conversational coaching and quick Q&A

When you upload a food photo, training screenshot, or body composition photo, the image may be sent to Claude Vision for analysis. Body composition photos are stored in private, encrypted storage accessible only by you. AI conversations are stored to maintain context across sessions.

4. Data Storage and Security

  • Data is stored in Supabase (PostgreSQL) with Row Level Security (RLS) — you can only access your own data
  • Photos are stored in Supabase Storage with encryption at rest
  • OAuth tokens for integrations are stored encrypted in the database
  • All data is transmitted over HTTPS
  • The application is hosted on Vercel with enterprise-grade infrastructure

5. Data Sharing

We do not sell your personal data to third parties.

Your data is shared only with the following services to provide core functionality:

  • Anthropic — AI model provider for training plans and image analysis
  • Google — AI model provider for wellness insights
  • xAI — AI model provider for conversational coaching
  • Supabase — Database and authentication provider
  • Vercel — Application hosting
  • Strava, Whoop, FatSecret — Only when you explicitly connect these integrations

6. Strava Integration and Data Practices

When you connect your Strava account to Ultracoach, the following data practices apply in compliance with the Strava API Agreement:

  • What we access: Activity data including distance, duration, pace, heart rate, GPS routes, elevation gain, activity type, and activity streams. We also access basic athlete profile information (name, profile photo) to personalize your experience.
  • How we store it: Strava data is stored in Supabase (PostgreSQL) with Row Level Security, meaning only your authenticated session can access your data. All data is encrypted at rest and transmitted over HTTPS. OAuth tokens for Strava are stored encrypted in the database.
  • Who can see it: Your Strava data is visible only to you, the authenticated user who connected the integration. No other users, administrators, or third parties can view your Strava data through Ultracoach. Strava data is not displayed publicly or shared with any third party.
  • How we use it: Strava data is used exclusively to provide you with personalized training insights, fitness metric calculations (CTL, ATL, TSB), race predictions, and AI coaching recommendations. Strava data is never used to train, fine-tune, or improve any AI or machine learning models.
  • Data retention: Strava data is retained in your account for as long as your Strava integration is connected and your Ultracoach account is active. When you disconnect Strava or delete your Ultracoach account, all data sourced from Strava is permanently deleted within 30 days.
  • How to revoke access: You can disconnect Strava at any time by going to Settings → Integrations and clicking the disconnect button next to Strava. You can also revoke access from your Strava Connected Apps settings. Upon disconnection, all Strava-sourced data and OAuth tokens are deleted from our systems.

7. Data Retention and Deletion

Your data is retained as long as your account is active. You may request deletion of your account and all associated data at any time by contacting us. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law. Integration connections and their associated tokens are deleted immediately upon disconnection.

8. Your Rights

You have the right to:

  • Access your personal data via the Data Export feature in Settings
  • Correct inaccurate data through your profile settings
  • Delete your account and all associated data
  • Disconnect third-party integrations at any time
  • Export your workout and nutrition data in CSV format

9. Cookie Policy

We use cookies to provide core functionality. You can manage your preferences at any time via the cookie banner or in Settings.

CookiePurposeCategoryDuration
sb-*-auth-tokenSupabase authentication sessionEssentialSession
cookie_consentStores your cookie preferenceEssentialPersistent
themeStores your light/dark mode preferenceEssentialPersistent
  • Essential cookies are required for authentication and basic functionality. They cannot be disabled.
  • We do not use advertising, tracking, or third-party analytics cookies.
  • Choosing “Essential Only” disables all non-essential cookies. Choosing “Accept All” allows functional cookies for improved experience.

10. Children's Privacy

The Service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service or sending you an email. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact

If you have any questions about this Privacy Policy or your data, please contact us at privacy@ultracoach.app.