Privacy Policy

Effective date: April 12, 2026

1. Data we collect

When you create an account, we store your email address and a securely hashed password via Supabase Auth. When you log workouts, we store the session data you enter (date, distance, duration, split, stroke rate, heart rate, RPE, notes).

In demo mode (no account), all data stays in your browser's local storage and is never sent to our servers.

2. How we use your data

  • Provide and personalize our training features (pace zones, programs, history).
  • Send transactional emails (password resets, account confirmations).
  • Monitor service health and fix errors (aggregated, non-personal metrics).

We do not sell or share your personal data with third parties for advertising.

3. Data storage & security

Your data is stored in a Supabase-managed PostgreSQL database with row-level security (RLS) enabled. All connections use TLS encryption. Passwords are hashed using bcrypt and never stored in plain text.

4. Cookies & local storage

We use Supabase auth tokens stored in local storage to keep you signed in. We do not use third-party tracking cookies. In demo mode, workout data is stored in local storage under the key erg-coach-demo-state.

5. Your rights

You may at any time:

  • Access your data by viewing your profile and workout history in the app.
  • Export your data via the CSV export feature in the History tab.
  • Delete individual workout records through the app.
  • Delete your account by contacting us at the email below. We will remove all associated data within 30 days.

If you are in the EU/EEA, you have rights under the GDPR including data portability, rectification, and the right to lodge a complaint with your local data protection authority. California residents have similar rights under the CCPA.

6. Data retention

We retain your workout data for as long as your account is active. If you delete your account, all personal data is permanently removed within 30 days. Anonymized, aggregated metrics may be retained for service improvement.

7. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice. Continued use after changes constitutes acceptance.

8. Contact

For questions about this policy or to exercise your data rights, email us at privacy@ergbuddy.com.