Privacy Policy

Effective Date: June 3, 2025

Introduction

Metrica.fit ("we," "us," or "our") provides an AI-driven endurance coaching and performance tracking platform designed to help users build, follow, and adjust training and nutrition plans for swim, bike, and run activities. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you visit or use metrica.fit (the "Service"). By accessing or using the Service, you consent to the practices described here.

Information We Collect

1. Account and Profile Information

  • Registration Data: When you create an account, we collect your name, email address, profile picture (optional), and a password (securely hashed).
  • Physical and Demographic Data: To help tailor training plans and nutritional recommendations, you may provide height, weight, age, gender, and fitness goals.

2. Workout and Performance Data

  • Directly Logged Data: If you manually log workouts—such as swim times, bike routes, run distances, heart rate, and perceived exertion—we store that information.
  • Third-Party Integrations: When you connect Strava and/or Whoop via OAuth, we receive permission to access your activity history, workout metrics (GPS, pace, distance, power, heart rate), sleep and recovery metrics, and any other data you authorize. Strava and Whoop's privacy policies govern how they handle your data; Metrica.fit only retains what you explicitly permit.

3. Nutrition and Health Metrics

  • Dietary Logs: If you choose to track meals, macros, or calories, we store the entries you submit.
  • Health Device Data: Should you integrate other wearables or apps (e.g., fitness trackers beyond Whoop), any metrics you authorize (sleep, HRV, step counts) are stored.

4. Usage and Interaction Data

  • Analytics and Telemetry: We collect information about how you interact with the Service (pages viewed, features used, session duration, IP address, browser type, and operating system). This helps us improve functionality and user experience.
  • Cookies and Similar Technologies: We use cookies, local storage, and similar tracking tools to enable core functionality (authentication, session management) and to gather aggregate usage statistics (e.g., via Google Analytics).

5. Billing and Payment Information

Subscription Details: To process your subscription (currently $80 per year), we collect billing name, billing address, and payment method details (e.g., credit/debit card) through a third‑party payment processor (e.g., Stripe). We do not store raw payment credentials on our servers; the processor's policy governs how your payment data is handled.

How We Use Your Information

1. Provide and Maintain the Service

  • • Create and manage your account, authenticate you, and deliver training plans, workout summaries, and nutrition recommendations.
  • • Generate AI‑driven training and nutrition plans using the data you supply and historical performance metrics.

2. Improve and Personalize the Experience

  • • Analyze workout and health data (including Strava/Whoop feeds) to deliver personalized coaching insights, trend analyses, and adaptive adjustments.
  • • Tailor content, recommendations, emails, and in‑app notifications (e.g., daily check‑ins) based on your preferences and activity patterns.

3. Communicate with You

  • • Send transactional emails (e.g., account confirmation, password resets, payment receipts).
  • • Provide support in response to your inquiries, feedback, or technical issues.
  • • With your consent, send marketing communications about new features or promotions; you may opt out at any time.

4. Security, Fraud Prevention, and Legal Compliance

  • • Monitor for suspicious activity, detect and prevent unauthorized access or abuse, and enforce our Terms of Service.
  • • Respond to legal requests or comply with applicable laws, regulations, or court orders.

5. Research and Development

• Aggregate and anonymize User data to analyze trends, improve our AI models, and develop new features (never tied back to your personal identity).

How We Share and Disclose Information

1. Third-Party Service Providers

  • Strava and Whoop: Only share the data you explicitly authorize during OAuth flows; we do not share your Strava/Whoop credentials.
  • Payment Processor (e.g., Stripe): Transmit billing data strictly to process payments; we only store billing metadata, not full card numbers or banking credentials.
  • Hosting and Database (Supabase): Our backend and databases are hosted on Supabase; they manage data storage and basic security infrastructure under their privacy policy.
  • Analytics Providers: We use Google Analytics (or similar services) for aggregated usage reports. No personally identifiable information is shared without your consent.

2. Legal Requirements and Safety

  • • If required by law (e.g., subpoena, court order) or to comply with legal processes, we may disclose your personal data to law enforcement or other governmental authorities.
  • • We may also share information to protect the rights, property, or safety of Metrica.fit, our users, or the public (e.g., investigate fraud or security incidents).

3. Business Transactions

• In the event of a merger, acquisition, or sale of assets, we may transfer your information to the new owner. Any successor will be bound by the terms of this Privacy Policy or notified of revisions.

4. Consent-Based Sharing

• If you choose to share your workout achievements (e.g., social media posting feature) or grant permission for additional third‑party integrations, we share only the data you specify at that moment.

Cookies and Tracking Technologies

  • • We use essential cookies to keep you logged in, remember your preferences, and secure your session.
  • • We employ analytical cookies (via Google Analytics) to understand how users interact with the site—metrics like page views, session duration, and feature usage.
  • • You can manage or disable cookies through your browser settings. Disabling certain cookies may limit your ability to use key features of the Service.

Data Security

  • • We implement administrative, technical, and physical safeguards to protect personal data against unauthorized access, alteration, disclosure, or destruction.
  • • Passwords are hashed using bcrypt (or equivalent) before being stored.
  • • All data in transit between your device and our servers is encrypted via HTTPS/TLS.
  • • Access to production databases is restricted by role‑based access controls and requires two‑factor authentication for administrators.
  • • While we strive to protect user data, no method of transmission or storage is completely secure. You acknowledge that there is some risk in how data is handled online.

Data Retention

  • Account Data: We retain your account and profile information as long as your account remains active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.
  • Workout and Health Metrics: We keep your historical performance and nutrition data to allow you to view past activities and to power AI models that rely on longitudinal tracking. If you request deletion, this data will be purged unless we must preserve anonymized, aggregated metrics for research or legal compliance.
  • Billing Records: We retain billing records (e.g., invoices) for at least 7 years to comply with accounting and tax regulations.

Your Rights and Choices

1. Access, Update, and Delete

  • • You can view or edit your profile information and physical metrics by logging into your account and adjusting your settings.
  • • To delete your account and associated personal data, navigate to "Account Settings" and choose "Delete Account." If you encounter issues, contact privacy@metrica.fit and we will process your request promptly.

2. Email Communications

• You may opt out of marketing emails or newsletters at any time by clicking "Unsubscribe" at the bottom of any email. Essential service-related emails (e.g., password resets, billing notices) cannot be opted out of.

3. Data Portability

• Upon request, we can provide a machine-readable export of your personal data (workouts, nutrition logs, settings) in a common format (JSON or CSV).

4. Withdraw Consent

• If you previously authorized Strava or Whoop integrations, you can revoke access in your "Connected Apps" settings or within your account on those third‑party platforms. Revoking access will stop future data imports, though historical data remains in our systems until you request its deletion.

5. Cookie Preferences

• You can disable or delete cookies via your browser settings. If you block all cookies, certain features (login, performance tracking) may not function correctly.

Children's Privacy

Metrica.fit is not intended for children under 13. We do not knowingly collect or solicit personal information from anyone under 13. If we become aware that a user under 13 has provided personal data, we will delete it immediately.

International Data Transfers

Metrica.fit is based in the United States (New York, NY). If you are located outside the US, your data may be transferred to, stored, and processed in the US. By using the Service, you consent to this transfer under applicable laws. We take steps—such as standard contractual clauses or other safeguards—to ensure adequate protection when transferring data internationally.

Changes to This Privacy Policy

We may update this Privacy Policy as our Service evolves or to comply with legal requirements. When we make material changes, we will notify you by email (if you have an account) and post a prominent notice on metrica.fit. Each revision will include an updated "Effective Date." Your continued use of the Service after the Effective Date means you accept the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: info@metrica.fit

Mailing Address:

Metrica.fit

1 Park View Avenue

Jersey City, NJ, 07302

United States

By using metrica.fit, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and use of your information as described.