Plan My PeakPlan My Peak

Privacy Policy

Last updated: May 29, 2026

Introduction

Plan My Peak (“we,” “our,” or “us”) is committed to protecting the privacy of coaches and athletes who use our endurance coaching platform. This Privacy Policy explains how we collect, use, and safeguard your information when you use Plan My Peak to analyze workout compliance, share AI-assisted feedback, and publish anonymous public reports.

Information We Collect

Account Information

When you create a coach or athlete account, we collect:

  • Email address used to authenticate via Supabase
  • Display name and role (coach, head coach, athlete)
  • Team membership and the athletes you coach or are coached by
  • Profile preferences such as language and notification settings

TrainingPeaks Data

If you or your athletes connect a TrainingPeaks account, we receive and process training data including:

  • Planned workouts, completed activities, and adherence to scheduled sessions
  • Power, heart rate, cadence, pace, and other sensor or metric streams
  • Activity names, descriptions, timestamps, and athlete profile fields
  • Account identifiers required to refresh tokens and reconcile athlete linkage

Usage Data

  • Pages visited and features used across the site and coach dashboard
  • AI feedback drafts, edits, and approval decisions
  • Anonymous public report views (counts only — no viewer PII)
  • Masked session recordings used to diagnose usability issues. All text and form inputs are redacted before a recording leaves your browser, so names, emails, and training metrics are never captured.

How We Use Your Information

We use your information to:

  • Score workout compliance and generate per-activity insights
  • Draft AI-assisted feedback for coaches to review and refine before publishing
  • Publish anonymous public reports that strip athlete PII before sharing
  • Surface trends, fatigue signals, and readiness across the athletes you coach
  • Maintain account security and send important service updates

Third-Party Services

We rely on the following third parties to operate the platform:

Supabase

Authentication, database, and row-level security. Application data is stored on Supabase’s infrastructure with tenant-isolating access policies enforced both at the database and application layers.

TrainingPeaks

Activity, workout plan, and athlete metadata synchronization. We exchange OAuth tokens server-side and never expose TrainingPeaks credentials to the browser. You can revoke access from TrainingPeaks or from inside Plan My Peak at any time.

AI Providers (Anthropic, OpenAI, Google)

Used to draft workout feedback and surface compliance insights. Training and athlete data sent to AI providers is processed to generate suggestions and is not used to train their general-purpose models.

AWS (Amazon Web Services)

Hosts the asynchronous analysis pipeline (queues, workers, Lambda) and stores intermediate analysis artifacts. Data resides in secure AWS regions.

PostHog

Product analytics and masked session replay used to understand how the platform is used and to improve it. We identify signed-in coaches only by an opaque account ID — never email or name — and anonymous report viewers are not identified at all. Session recordings redact all text and form inputs in your browser before capture.

Data Security

We implement industry-standard security measures, including:

  • Encrypted transport (HTTPS/TLS) end-to-end
  • Row-level security policies enforced in Supabase
  • Server-side handling of TrainingPeaks tokens — they never reach the browser
  • Regular dependency and infrastructure security monitoring

Anonymous Public Reports

When a coach publishes a public report link, Plan My Peak strips personally identifying information — including names, emails, and provider IDs — before rendering the report. Public report URLs contain unguessable tokens and can be revoked by the coach at any time.

Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Disconnect TrainingPeaks at any time from your integration settings
  • Revoke any anonymous public report link you have published
  • Opt out of non-essential communications

Data Retention

We retain your data while your account is active. If you delete your account, we remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes such as fraud prevention or financial recordkeeping.

Children’s Privacy

Plan My Peak is not intended for users under 13 years of age. We do not knowingly collect information from children under 13.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the platform.

Contact Us

If you have questions about this Privacy Policy, please contact us at:

Email: support@planmypeak.com