Privacy notice
Last updated: [PLACEHOLDER]
This is a placeholder privacy notice for the Strydes pilot. The structure below is final; the legal content inside each section will be replaced before public launch. If you are reviewing the pilot and have questions about how your data is handled, please contact us at the address in the “Contact” section.
Data we collect
[PLACEHOLDER] Describe the categories of personal data Strydes collects, including account data (email, password hash via Supabase Auth), training profile data (event, training history, timezone, age range), and training-log data including pain scores and injury flags that may qualify as health-related data under UK GDPR Article 9.
How we use it
[PLACEHOLDER] Explain that data is used to generate and adapt personalised training plans, including AI-generated coaching copy via the Anthropic API. Note that AI prompts include anonymised session metadata; they do not include the user's name or email.
Who we share it with
[PLACEHOLDER] List the processors Strydes relies on: Supabase (data storage, authentication), Vercel (hosting, edge logs), Anthropic (AI copy generation). Note any cross-border transfers and the safeguards in place (Standard Contractual Clauses, adequacy decisions where applicable).
How long we keep it
[PLACEHOLDER] State the retention period for each data category and the trigger for deletion (account closure, inactivity).
Your rights
[PLACEHOLDER] List the data subject rights available under UK GDPR / DPA: access, rectification, erasure, restriction, portability, objection. Explain how to exercise each.
You can permanently delete your account and all associated training data at any time from the delete account page. This removes your account, profile, training plans, session logs, and load history within seconds.
Contact
For data-protection enquiries, contact support@strydes.run.
[PLACEHOLDER] Also include postal address and the ICO complaint route.