Privacy Policy — MyTrainingPlan

MyTrainingPlan is a training plan management tool for endurance athletes and coaches. This policy explains what data we collect, why we collect it, and how you can control it — including data we receive from Strava.

1. Who We Are

MyTrainingPlan (“we”, “us”, or “our”) operates the MyTrainingPlan application at www.mytrainingplan.io. For privacy questions, contact us at privacy@mytrainingplan.io.

2. Data We Collect

We collect the following categories of data:

Account information — your name, email address, and authentication credentials, managed via Clerk (our authentication provider).
Training plans — PDF files you upload, and the structured workout schedules we extract from them using AI.
Workout logs — distance, duration, pace, notes, and completion status you record manually within MyTrainingPlan.
Strava activity data — if you connect your Strava account, we receive: activity type, start date/time, distance, moving time, elapsed time, average pace, average and max heart rate, calories, and elevation gain.
Strava athlete profile — your Strava athlete ID, first name, last name, and username, used solely to associate your account.

3. How We Use Your Data

Training plan management — to display, align, and track your structured training schedule.
Strava activity matching — to compare your Strava activities against planned sessions and allow you to import actuals into your training log.
AI plan parsing — uploaded PDF plans are processed by OpenAI's API to extract structured workout data. We do not use your data to train AI models.
Progress tracking — to display weekly and plan-level completion metrics visible only to you and any coach you are linked with.

4. Strava Integration

When you connect Strava, MyTrainingPlan requests the read and activity:read_all scopes. This allows us to read your activity history to match sessions to your training plan.

We do not write data to Strava, share your Strava data with third parties, or use it for any purpose other than populating your MyTrainingPlan training log.

You can disconnect Strava at any time from the Import Strava page. Disconnecting immediately deletes your Strava OAuth tokens and all Strava activity records from our database. Your manually logged training data (distances, notes, completion status you entered yourself) is not affected by disconnecting Strava.

We also listen to Strava's deauthorisation webhook. If you revoke access from the Strava side, we automatically invalidate your tokens within minutes.

To permanently delete all your data including your training log, email privacy@mytrainingplan.io or use the account deletion option in your profile settings.

5. Data Sharing

We share data with the following service providers only to the extent necessary to operate MyTrainingPlan:

Clerk — authentication and user account management
OpenAI — AI extraction of workout data from uploaded PDFs
Strava — activity data via OAuth (only when you connect)
Vercel — application hosting and infrastructure
Neon / PostgreSQL — encrypted database storage

We do not sell your personal data.

6. Data Retention

We retain your data for as long as your account is active. If you request account deletion, we will remove your personal data and training records within 30 days. Some anonymised aggregate data may be retained for operational purposes.

7. Your Rights

You have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your account and all associated data
Disconnect third-party integrations (Strava) at any time
Object to or restrict certain data processing

To exercise any of these rights, email privacy@mytrainingplan.io.

8. Security

We use industry-standard security measures including encrypted connections (TLS), encrypted token storage, and access controls to protect your data. Strava OAuth tokens are stored encrypted and used only for API requests on your behalf.

9. Cookies

MyTrainingPlan uses cookies and similar technologies for authentication (managed by Clerk) and session management. We do not use advertising or tracking cookies.

10. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email or an in-app notice. The “Last updated” date at the top reflects the most recent revision.

11. Contact

Questions about this policy? Contact us at privacy@mytrainingplan.io.