AdaptCycling

Privacy Policy

Effective date: April 14, 2026

Last updated: April 14, 2026

Introduction

AdaptCycling is committed to protecting your privacy. This policy explains how we collect, use, store, and protect your data when you use our service. We take your trust seriously, especially when it comes to sensitive training and performance data from your Strava account.

What Data We Collect

When you connect your Strava account to AdaptCycling, we access and store the following data:

  • Activities: Your cycling workouts, including dates, distances, durations, and elevation data
  • Performance metrics: Power output, heart rate data, cadence, and normalized power when available
  • Athlete profile: Your functional threshold power (FTP), weight, heart rate zones, and other personal training parameters
  • Segment data: Performance on specific road segments and climb efforts

We do not collect your location history, followers, social connections, or any data not necessary for generating your personalized training plans and coaching feedback.

How We Use Your Data

Your Strava data is used solely to provide you with personalized coaching and training insights. Specifically, we use it to:

  • Generate personalized training plans tailored to your fitness level and goals
  • Analyze your performance trends and identify areas for improvement
  • Provide real-time coaching feedback during and after your workouts
  • Track your progress over time and adjust recommendations accordingly

We may also use anonymized, aggregated data (stripped of any identifying information) to improve our service, understand feature usage patterns, and ensure system reliability. This aggregated data cannot be traced back to you.

AI Coaching and Your Data

AdaptCycling uses AI to analyze your individual training data and provide personalized coaching feedback directly to you. Our AI model processes your activity history and performance metrics to generate insights and recommendations specific to your training needs.

Critical privacy guarantees:

  • Your Strava data is never used to train, fine-tune, or improve AI/ML models.
  • Your data is never shared with other users, coaches, or third parties.
  • AI-generated insights are derived solely from your own activity history and profile.
  • Your individual data is never used to create or improve general-purpose models that could benefit other organizations.

AI calls to OpenAI's API are subject to their terms, but your data is not retained by OpenAI beyond the duration of the API request for processing your immediate coaching needs.

Data Retention and Account Deletion

We retain your Strava activity data as long as your account is active. Your data is permanently deleted in any of the following cases:

  • You delete your AdaptCycling account from settings
  • You revoke AdaptCycling’s access from your Strava connected apps page (per Strava’s API agreement, this triggers immediate deletion of all of your data)
  • You request deletion at

In all of these cases, we permanently delete:

  • All activity data, performance metrics, athlete profile data, training plans, and chat history
  • Any cached or processed data used for generating coaching insights
  • OAuth tokens and our access to your Strava account

Account deletion is permanent and cannot be undone. Aggregated, non-identifiable analytics data (e.g., feature-usage counts) may be retained for service improvement, but is not traceable to you.

Cookies and Analytics

We use the following cookies and tracking technologies:

  • ac_session: A secure, httpOnly cookie used to maintain your authenticated session. This is essential for the app to function and cannot be disabled.
  • PostHog analytics: We use PostHog to understand how users interact with AdaptCycling—which features are used, where users encounter friction, and overall usage patterns. PostHog does not track personal identifying information beyond your user ID and does not share data with third parties.
  • Google Analytics: We use Google Analytics on our public marketing pages only (homepage, pricing, guides, glossary, comparison pages) to measure traffic sources and which pages help visitors learn about AdaptCycling. Google Analytics is not loaded inside the signed-in app, and never receives your training data.

You can opt out of PostHog analytics through your account settings. Opting out does not affect the functionality of AdaptCycling.

Third-Party Services

AdaptCycling relies on carefully selected third-party services to operate. Here's what data each service receives:

OpenAI (AI Coaching)

We send your activity data and training profile to OpenAI's API to generate personalized coaching insights. OpenAI does not retain your data beyond the API request and does not use it to train or improve their models. Requests are encrypted in transit.

Stripe (Payments)

Payment processing is handled by Stripe. We do not store your credit card information—Stripe does. We receive only confirmation of successful or failed transactions.

Resend (Email)

We use Resend to send transactional emails (password resets, subscription confirmations, training plans). Your email address and the content of these emails are shared with Resend only for delivery purposes.

PostHog (Analytics)

PostHog receives anonymized event data about your interactions with AdaptCycling (e.g., "user viewed training plan", "user initiated chat coach"). Personal training data is never sent to PostHog.

Google Analytics (Marketing pages only)

Google Analytics is loaded only on our public marketing pages and receives standard traffic data (page views, referrer, approximate location, device type). It is not loaded inside the signed-in app, and never receives your training data, account identifiers, or activity history.

Neon (Database Hosting)

Your data is stored on Neon's Postgres infrastructure. Neon operates under strict data protection agreements and does not have access to your unencrypted personal data.

Vercel (Hosting)

AdaptCycling runs on Vercel's infrastructure. Vercel does not have access to your personal training data and operates under strict security and privacy standards.

Strava and API Monitoring

When you authorize AdaptCycling to access your Strava account, Strava may monitor our API usage to ensure compliance with their terms of service. Strava may collect metadata about our integration (e.g., how many users have connected, frequency of API calls) but does not share your personal activity data with us except through your explicit authorization. You can revoke AdaptCycling's access to your Strava account at any time through Strava's connected apps settings.

Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit: All communication between your device and our servers uses HTTPS/TLS encryption
  • Token storage: Strava refresh tokens and API credentials are encrypted at rest using industry-standard encryption algorithms
  • Database-backed sessions: Session tokens are stored in our database with cryptographic hashing, not in plain text
  • Access controls: Only authorized backend services can access your data; we do not expose personal data to client-side code
  • Regular security practices: We follow OWASP guidelines for secure coding, conduct regular security reviews, and keep dependencies up to date

No system is 100% secure. If you believe your data has been compromised, please contact us immediately at .

Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal data:

  • Right to access: You can request a copy of all personal data we hold about you
  • Right to correction: You can request that we correct inaccurate data
  • Right to deletion: You can request that we delete your account and all associated data
  • Right to data export: You can request your data in a portable, machine-readable format
  • Right to opt-out: You can opt out of analytics and non-essential processing

To exercise any of these rights, contact with a clear description of your request. Deletion requests are processed immediately on receipt; access and export requests we will respond to within 30 days. If you are located in the European Union, these rights are guaranteed under the GDPR.

Children's Privacy

AdaptCycling is not intended for users under 13 years old (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect data from children. If we become aware that we have collected data from a child, we will promptly delete it. Parents or guardians who believe a child's data has been collected may contact .

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes via email or by updating the "Last updated" date at the top of this page. Your continued use of AdaptCycling following any changes constitutes your acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or how we handle your data, please contact us at:

Email: