Privacy Policy

1. Who We Are

Project Podium ("we", "our", or "the app") is an AI-driven endurance training platform operated by 7D Training. Our application is available at www.7dtraining.app.

We are committed to protecting your personal data and your rights as an athlete. This policy explains what data we collect, why we collect it, and how we use it.

2. Data We Collect

2.1 Account Data

• Email address and password (stored securely via Supabase Auth)
• Display name
• Newsletter opt-in preference

2.2 Athletic Profile Data

• Athlete level (beginner / intermediate / advanced)
• Functional Threshold Power (FTP) in watts
• Functional Threshold Heart Rate (FTHR) per sport (cycling, running, swimming)
• Run threshold pace (seconds per km)
• Swim CSS pace (seconds per 100m)
• Race goals: race name, date, type, and priority (A/B/C)

2.3 Strava Activity Data

When you connect Strava, we request access with the scope activity:read_all and profile:read_all. We collect and store:

• Activity summaries: type, date, duration, distance, average HR, average power/pace, elevation
• Activity streams (per-second data): time, velocity, heart rate, power, altitude, distance — used for zone analysis only
• Strava athlete ID and OAuth tokens (access token + refresh token) — stored encrypted in our database

We do not collect private notes, photos, kudos, segments, gear, or any social data from Strava.

2.4 Computed Training Metrics

• Daily Stress Load (DSL) per activity
• Long-Term Chronic Load (LTC) — 42-day exponentially weighted moving average
• Short-Term Fatigue (STF) — 7-day EWMA
• Race Readiness (RR = LTC − STF)
• Training zone distributions per workout

3. How We Use Your Data

We use your data exclusively to provide the Project Podium service:

• Training plan generation: Your thresholds, race goals, and fitness metrics are used to generate a periodized macrocycle, mesocycles, and weekly microcycles tailored to your race date and level.
• DSL and load calculation: Strava activity data is parsed to compute your Daily Stress Load using sport-specific formulas (power-based for cycling, pace/NGP-based for running, CSS-based for swimming).
• Zone analysis: Per-second activity streams are used to compute time-in-zone distributions and detect cardiac drift. Streams are cached in our database to avoid redundant API calls and are not used for any other purpose.
• Performance Management Chart (PMC): LTC, STF, and RR are tracked over time to visualize your fitness trajectory toward your race goal.
• Safety guardrails: Your weekly load, ACWR, and intensity distribution are evaluated against established sports science thresholds to flag potentially harmful training patterns.
• Account communication: We may send transactional emails (account confirmation, password reset). If you opted in, we may send training tips and product updates. You can unsubscribe at any time.

We do not sell, rent, trade, or share your personal or athletic data with any third party for advertising, analytics, or commercial purposes.

4. Strava API Data Use

Project Podium uses the Strava API in compliance with the Strava API Agreement. Specifically:

• We only request the minimum scopes necessary (activity:read_all, profile:read_all)
• We do not write data back to Strava
• We do not display raw Strava data to users other than the authenticated athlete who owns it
• We do not aggregate or sell Strava data
• We store Strava OAuth tokens securely and refresh them automatically
• You can disconnect Strava at any time from your profile page, which immediately revokes our access and deletes your stored tokens
• Activity stream data is cached to reduce API load and is deleted when you delete your account

5. Data Storage and Security

• All data is stored in Supabase (PostgreSQL), hosted on secure cloud infrastructure with row-level security (RLS) enforced — you can only access your own data
• Authentication is handled by Supabase Auth with bcrypt password hashing
• OAuth tokens are stored in our database and transmitted only over HTTPS
• We do not store payment information — the app is currently free
• Our application is deployed on Vercel with HTTPS enforced on all endpoints

6. Data Retention

• Your data is retained as long as your account is active
• If you delete your account, all personal data, training metrics, activity records, and Strava tokens are permanently deleted within 30 days
• Disconnecting Strava removes your stored tokens immediately but retains the computed metrics (DSL, LTC, etc.) that were derived from your activities

7. Your Rights

You have the right to:

• Access: Request a copy of all data we hold about you
• Correction: Update your profile, thresholds, and race goals at any time from the app
• Deletion: Delete your account and all associated data
• Portability: Request an export of your training metrics
• Disconnect Strava: Revoke our Strava access from your Profile page at any time
• Unsubscribe: Opt out of non-transactional emails at any time

To exercise any of these rights, contact us at coaching@7dtraining.com

8. Third-Party Services

We use the following third-party services to operate the platform:

We do not use Google Analytics, Facebook Pixel, or any advertising or tracking technology.

9. Children's Privacy

Project Podium is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has provided us their data, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this policy as the platform evolves. We will notify you of significant changes via email or a notice in the app. The "Last updated" date at the top of this page always reflects the most recent version.

11. Contact

Questions about this policy or how we handle your data? Contact us: