Back to home

Privacy Policy

Last updated: May 25, 2026

1. About this application

SportDataCoach is a personal sports dashboard that uses the Strava API to visualize and analyze your training data. The application is developed for personal use and is hosted at https://sportdatacoach.com.

2. What data we collect

When you log in via Strava OAuth, we gain access to the following data:

• Profile information: Your first name, last name and profile photo (for display in the dashboard)
• Activity data: Your sports activities including distance, duration, speed, heart rate, elevation, date and location
• Gear: Your connected shoes and bikes with associated mileage

3. How we use your data

Your data is used exclusively to:

• Display your personal sports dashboard with statistics and charts
• Analyze trends and patterns in your training data
• Calculate and display personal records
• Generate AI-powered training analyses (via Google Gemini, only when you use the Chat feature)

4. Data storage

Your activity data is stored in a secure MySQL database on our server. This is necessary to load the dashboard quickly without repeatedly calling the Strava API.

Stored data includes:

• Your Strava athlete ID, name and profile photo URL
• OAuth tokens (securely stored in the database, automatically refreshed)
• Your activities with associated metrics

We do not store Strava passwords. Authentication is handled entirely via the Strava OAuth2 protocol.

5. AI Chat feature

The SportCoach AI feature uses Google Gemini. When you ask a question:

• A summary of your sports data is sent to Google Gemini to answer your question
• Your chat conversations are encrypted and stored on our server for your conversation history, and are fully deleted when you disconnect your account
• Google's privacy policy applies to processing by Gemini

6. Sharing with third parties

We do not share your data with third parties, except:

• Google Gemini: Sports data summaries are shared when you actively use the Chat feature

Your data is not sold, rented or otherwise made commercially available.

7. Strava API compliance

This application complies with the Strava API Agreement and the Strava Brand Guidelines. We:

• Use only the minimum required OAuth scopes
• Only refresh data when you synchronize (no bulk scraping)
• Display the required Strava branding and attribution
• Respect the API rate limits

8. Your rights

You have the right to:

• Revoke app access: Go to Strava Settings → My Apps to disconnect
• Delete data: Contact us to have all your stored data deleted
• Log out: This will end your session

9. Security

We take the following security measures:

• HTTPS encryption for all communications
• OAuth tokens are processed server-side and securely stored
• The Strava client secret is not in frontend code
• Sessions are secured with CSRF protection

10. Changes

We may change this privacy policy from time to time. Changes will be published on this page with an updated date.

11. Contact

For questions about this privacy policy or your data, you can contact the administrator of https://sportdatacoach.com.