← Back to home

Privacy Policy

Effective date: March 4, 2026

Overview

TrueFeel (“we,” “our,” “us”) is a feel-first training advisor for endurance athletes. This Privacy Policy describes how we collect, use, and protect your personal data when you use truefeel.ai and our related services.

We take your privacy seriously. We collect only the data necessary to provide personalized training recommendations, and we never sell your data.

1. What We Collect

Account information

  • Email address (for authentication and communication)
  • Strava profile ID (if connected)

Self-reported training data

  • Energy level, soreness, motivation, and life stress ratings
  • Free-text notes you choose to provide
  • Planned workout details
  • Post-workout feedback and ratings

Device data (via third-party APIs, with your explicit consent)

  • Strava: workout history, heart rate zones, activity type and duration
  • Oura Ring: sleep quality, HRV, resting heart rate, readiness scores
  • Garmin Connect: activity data (distance, duration, pace, heart rate), sleep duration and quality (light, deep, REM stages), resting heart rate, heart rate variability (HRV), Body Battery, stress levels, and VO2 Max estimates
  • TrainingPeaks: planned workouts from your calendar (via iCal feed)

Usage data

  • Check-in frequency and timing
  • Which recommendations you followed or overrode
  • Feedback you provide on recommendations

2. How We Use Your Data

  • Generate personalized training recommendations — Your self-reported data and device data are combined to determine whether to train as planned, modify, or rest.
  • Build your personal model — Over time, we learn your patterns (your “Model of Me”) to improve recommendation accuracy. This model is specific to you and is not shared with others.
  • Improve the product — We analyze aggregate, anonymized usage patterns to improve our recommendation algorithms. Individual data is never used for this purpose without anonymization.

3. Third-Party Data Sources

Strava

We access your Strava data through their official API with your explicit OAuth consent. In compliance with the Strava API Agreement, we do not use Strava data for AI/ML model training. Your Strava data is used solely to inform your personal recommendations. When you disconnect Strava, we delete your Strava data from our systems.

Oura Ring

We access your Oura Ring data through their official API with your explicit OAuth consent. In compliance with the Oura API Agreement, we do not sell, lease, or share your Oura data. Your Oura data is used solely to inform your personal recommendations. When you disconnect Oura, we delete your Oura data from our systems.

Garmin Connect

We access your Garmin Connect data through Garmin's official Health API using the OAuth 2.0 protocol, with your explicit consent. We request read-only access to your fitness and health data. We cannot post activities, edit existing data, or access any non-fitness information on your Garmin account.

Data we access via the Garmin API:

  • Activity data: distance, duration, pace, heart rate (average and maximum), cadence, elevation gain
  • Sleep data: duration and quality breakdowns (light, deep, REM stages)
  • Recovery metrics: resting heart rate, heart rate variability (HRV), Body Battery, stress levels
  • Fitness estimates: VO2 Max

This data is used solely to inform your personal training recommendations within TrueFeel. We do not sell, lease, or commercially distribute your Garmin data. We do not use Garmin data for AI/ML model training on aggregated datasets. Your Garmin data is processed only in the context of your individual account to generate personalized readiness assessments and training guidance.

When you disconnect Garmin from TrueFeel, we immediately stop accessing your Garmin data and revoke the OAuth tokens. You can disconnect at any time from the Settings page. Garmin's own privacy practices are governed by the Garmin Connect Privacy Policy.

TrainingPeaks

If you provide a TrainingPeaks iCal feed URL, we read your planned workouts to pre-populate your daily training plan. We access only the calendar data you share and do not modify your TrainingPeaks account.

4. Data Sharing

We do not sell your personal data. We do not share your individual data with third parties for their marketing or commercial purposes.

We may share data only in these limited circumstances:

  • With service providers who help us operate TrueFeel (hosting, database), under strict data processing agreements
  • If required by law or legal process
  • To protect the safety of our users or the public

5. Data Retention & Deletion

Your data is retained for as long as your account is active. You can delete your account and all associated data at any time from Settings.

When you delete your account:

  • All personal data, check-ins, recommendations, and device data are permanently deleted
  • Strava, Oura, and Garmin OAuth tokens are revoked
  • Your user record is anonymized (tombstoned) — we retain only a non-identifiable record that an account existed
  • This process is irreversible

When you disconnect a device (Strava, Oura, or Garmin), we immediately revoke the OAuth tokens and stop accessing your data from that service. Historical data pulled from that device remains to preserve your recommendation history, unless you delete your account entirely.

6. Security

We implement reasonable security measures to protect your data:

  • All data is encrypted in transit (HTTPS/TLS)
  • Authentication tokens are hashed (SHA-256) before database storage
  • OAuth tokens for Strava, Oura, and Garmin are stored encrypted
  • Database access is restricted to our application servers

No system is perfectly secure. If we discover a data breach affecting your personal data, we will notify you promptly.

7. Your Rights

You have the right to:

  • Access your data — View your profile, check-in history, and Model of Me in the app
  • Delete your data — Delete your entire account from Settings
  • Withdraw consent — Disconnect devices or revoke data processing consent at any time
  • Data portability — Contact us to request an export of your data

To exercise these rights, use the in-app controls or contact us at privacy@truefeel.ai.

8. Health Data (GDPR Article 9)

TrueFeel processes health-related data, including biometric data from wearable devices and subjective wellness assessments. Under GDPR Article 9, this data requires explicit consent for processing, separate from general terms of service acceptance.

We obtain explicit consent for each category of health data:

  • Self-reported feel data — consented during onboarding
  • Strava biometric data — consented before OAuth connection
  • Oura biometric data — consented before OAuth connection
  • Garmin biometric data — consented before OAuth connection

Each consent is recorded with a timestamp. You may withdraw any consent at any time by disconnecting the relevant data source or deleting your account.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notification. Your continued use of TrueFeel after changes constitutes acceptance of the updated policy.

10. Contact

Questions about this Privacy Policy? Contact us at privacy@truefeel.ai.

TrueFeel · truefeel.ai