Privacy Policy

1. Introduction

Welcome to Strydly. This Privacy Policy explains how Strydly ApS ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our mobile application and related services (collectively, the "Service").

We are committed to protecting your privacy and ensuring transparency about our data practices. By using Strydly, you agree to the collection and use of information in accordance with this policy.

2. Data Controller

The data controller responsible for your personal data is:

3. Data We Collect

3.1 Account Information

When you create an account, we collect:

• Email address
• Name (if provided)
• Profile picture (if provided)
• Password (encrypted)

3.2 Activity Data

We collect workout and activity data including:

• Activity type (running, cycling, swimming, etc.)
• Duration, distance, and pace
• GPS routes and location data
• Elevation data
• Splits and lap information
• Training load calculations

3.3 Health and Fitness Data

With your explicit consent, we may collect:

• Heart rate data and heart rate zones
• Power data (for cycling)
• Cadence information
• Body metrics (weight, if provided)
• Sleep data (if synced from connected devices)

3.4 Third-Party Service Data

When you connect third-party services, we receive data from:

• Garmin Connect: Activities, health metrics, and device data via Garmin's OAuth API
• Apple HealthKit: Workouts, heart rate, and health data (with your permission)
• Strava: Historical activity data (when you import your data)

3.5 Device Information

We automatically collect:

• Device type and model
• Operating system version
• App version
• Unique device identifiers

3.6 Usage Data

We collect information about how you use the app:

• Features accessed and frequency of use
• Crash reports and performance data
• Interaction patterns

4. How We Use Your Data

We use your personal data to:

• Provide the Service: Display your activities, track progress, and enable workout planning
• Sync with connected devices: Import and synchronize activities from Garmin, Apple Health, and other connected services
• Provide AI coaching features: Analyze your training data to offer personalized insights and recommendations (Supporter tier)
• Improve the Service: Analyze usage patterns to enhance features and fix issues
• Communicate with you: Send service-related notifications and respond to support requests
• Ensure security: Detect and prevent fraud, abuse, or unauthorized access

5. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service you requested when creating an account and using Strydly
• Consent: Processing of health data and sensitive fitness information, which requires your explicit consent. You may withdraw consent at any time
• Legitimate Interests: Processing for analytics, security, and service improvement, where our interests do not override your rights
• Legal Obligation: Processing required to comply with applicable laws and regulations

6. Data Sharing

We do not sell your personal data. We may share your data with:

• Service Providers: Third-party companies that help us operate the Service:
  • Supabase (database and authentication)
  • Render (backend hosting)
  • Analytics providers (anonymized usage data)
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets (you would be notified)

All service providers are contractually obligated to protect your data and may only use it for the specific purposes we define.

7. International Data Transfers

Your data may be processed and stored in countries outside the European Economic Area (EEA), including the United States:

• Supabase: Data stored in US and EU regions
• Render: Backend services hosted in the US

For transfers outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, to protect your personal data in accordance with GDPR requirements.

8. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes described in this policy:

• Account data: Retained until you request deletion of your account
• Activity data: Retained until you request deletion
• Analytics data: Anonymized after 24 months
• Backup data: Retained for up to 30 days after deletion for recovery purposes

9. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing at any time (this does not affect the lawfulness of prior processing)

To exercise these rights, contact us at hello@strydly.com.

You also have the right to lodge a complaint with a supervisory authority. For Denmark, this is the Danish Data Protection Agency (Datatilsynet):www.datatilsynet.dk

10. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication with encrypted passwords
• Regular security assessments and updates
• Access controls limiting data access to authorized personnel
• Secure OAuth connections for third-party integrations

11. Children's Privacy

Strydly is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal data, please contact us at hello@strydly.com.

12. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated "Last updated" date. For material changes, we may also send you a notification through the app or via email. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: