Privacy Policy
Last Updated: February 12, 2026
1. Introduction
ICU Coach ("we", "our", "the app") is an AI-powered training coach application for endurance athletes. This
Privacy Policy explains how we collect, use, store, and protect your information in compliance with the
General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and applicable data
protection laws.
Data Controller
The data controller responsible for your personal data is:
2. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
- Consent (Art. 6(1)(a) GDPR): Health data access (HealthKit / Health Connect), push
notifications, and optional AI analysis.
- Contract Performance (Art. 6(1)(b) GDPR): Providing the core app functionality
(training analysis, recovery calculation) as part of our service.
- Legitimate Interest (Art. 6(1)(f) GDPR): Crash reporting and error monitoring to
maintain app stability and security.
3. Data We Collect
3.1 Data You Provide Directly
- Intervals.icu API key and display name
- AI provider API keys (OpenAI, Gemini) — stored securely on your device only
- Training preferences (sport type, target race, thresholds, experience level)
- App settings (language, theme, notification preferences)
- Profile information (age, gender, weight)
3.2 Data Accessed from Intervals.icu (with your permission)
- Wellness data (HRV, resting heart rate, sleep hours, weight, SpO2)
- Training activities (distance, duration, power, heart rate, TSS, pace)
- Planned workouts and events
- Athlete profile (FTP, max HR, training zones, VO2max)
- Weather data associated with your location
3.3 Health Data (with your explicit permission)
Health data is only accessed when you explicitly grant permission through your device's health settings. You
can revoke this permission at any time.
| Data Type |
iOS (HealthKit) |
Android (Health Connect) |
| Sleep Duration & Quality |
Yes |
Yes |
| Heart Rate Variability (HRV) |
Yes |
Yes |
| Resting Heart Rate |
Yes |
Yes |
| Heart Rate |
Yes |
Yes |
| Weight |
Yes |
Yes |
| Blood Oxygen (SpO2) |
Yes |
Yes |
| VO2 Max |
Yes |
Yes |
| Steps |
— |
Yes |
| Body Fat Percentage |
— |
Yes |
| Active & Total Calories |
— |
Yes |
| Distance |
— |
Yes |
| Basal Metabolic Rate |
— |
Yes |
3.4 Automatically Collected Data
The following data is collected automatically to maintain app stability and improve the service:
- Crash and error reports: Device model, operating system version, app version, crash
stack traces, and error context (via Sentry)
- IP address: Collected incidentally by Sentry and cloud services during network
requests. Not used for tracking or profiling.
- AI usage metrics: Daily count of AI feature usage, stored locally on your device for
rate-limiting purposes only
- Subscription status: Anonymous purchase and entitlement data processed by RevenueCat
for subscription management
4. How We Use Your Data
- Generate personalized AI training recommendations
- Calculate recovery status and training readiness
- Provide nutrition advice based on your activity
- Predict race performance
- Display weather conditions for your training location
- Send scheduled training notifications (with your permission)
- Monitor and fix app crashes and errors
- Manage your subscription and in-app purchases
We do NOT use your data for advertising, profiling, or automated decision-making that
produces legal effects.
5. Data Storage and Security
- All API keys are stored locally on your device using encrypted secure storage (Expo SecureStore).
- Training preferences and app settings are stored locally on your device (AsyncStorage).
- We do NOT maintain a user database or store your health/training data on our servers.
- When using the Cloud AI option, your training context is sent to our secure backend (hosted on Vercel,
US region) for AI processing. This data is processed in memory and not persisted — it
is discarded immediately after the AI response is generated.
- When using your own AI keys (OpenAI/Gemini), data is sent directly from your device to the AI provider's
servers.
6. Data Retention
| Data Type |
Retention Period |
Location |
| API keys & credentials |
Until you delete them or uninstall the app |
Your device (SecureStore) |
| App settings & preferences |
Until you delete them or uninstall the app |
Your device (AsyncStorage) |
| Cached training data |
Automatically refreshed; stale data expires within 24 hours |
Your device (AsyncStorage) |
| AI usage counters |
Reset daily; cleared on uninstall |
Your device (AsyncStorage) |
| Crash reports (Sentry) |
90 days (Sentry default retention) |
Sentry servers (EU — Frankfurt, DE) |
| Subscription data (RevenueCat) |
As per RevenueCat's retention policy |
RevenueCat servers (US) |
| Cloud AI processing data |
Not stored — discarded after response |
Vercel (US) |
7. Third-Party Services
The app integrates with the following third-party services. Each has its own privacy policy governing their
data handling:
| Service |
Purpose |
Data Shared |
Server Location |
| Intervals.icu |
Training data platform |
Your API key; planned workouts created by the app |
EU |
| Google Gemini |
AI analysis (optional) |
Anonymized training context for AI processing |
US |
| OpenAI |
AI analysis (optional) |
Anonymized training context for AI processing |
US |
| Sentry |
Crash reporting & error monitoring |
Device info, OS version, crash data, IP address |
EU (Frankfurt) |
| RevenueCat |
Subscription & purchase management |
Anonymous user ID, purchase receipts, entitlements |
US |
| Open-Meteo |
Weather data |
Geographic coordinates only (no personal data) |
EU |
| Apple HealthKit |
Health data (iOS) |
Read-only access with your permission |
Your device |
| Google Health Connect |
Health data (Android) |
Read-only access with your permission |
Your device |
| Strava |
Supplementary athlete statistics (optional) |
Publicly available profile data only |
US |
We encourage you to review each service's privacy policy.
8. International Data Transfers
Some third-party services process data in the United States. When your data is transferred outside the
European Economic Area (EEA), we rely on:
- Standard Contractual Clauses (SCCs) adopted by the European Commission
- The service provider's compliance with applicable data protection frameworks
Crash reporting data (Sentry) is processed within the EU (Frankfurt, Germany).
9. Push Notifications
With your permission, the app can send local push notifications to remind you of your daily training
readiness. These notifications are:
- Scheduled locally on your device — no data is sent to any server
- Fully configurable (time, enable/disable) in app settings
- Can be disabled at any time through app settings or your device's notification settings
10. Data Sharing
We do NOT sell, rent, or share your personal data with any third parties for marketing or
advertising purposes.
Your data is only shared with third-party services in the following circumstances:
- When you explicitly request an AI analysis (training context sent to AI provider)
- When a crash occurs (anonymous error data sent to Sentry)
- When you make a purchase (transaction data processed by RevenueCat and the platform store)
11. Your Rights
For All Users
- You can delete all your data by removing your account from the app settings or uninstalling the app.
- You can revoke health data permissions at any time through your device settings.
- You can revoke Intervals.icu access by changing or deleting your API key in the app.
- You can disable push notifications at any time.
- You can use the app without providing AI keys (demo mode available).
Additional Rights Under GDPR (EU/EEA Users)
- Right of Access (Art. 15): You can request a copy of all personal data we hold about
you.
- Right to Rectification (Art. 16): You can correct inaccurate personal data via app
settings.
- Right to Erasure (Art. 17): You can request deletion of your personal data by
uninstalling the app or contacting us.
- Right to Data Portability (Art. 20): Since your data is stored locally on your device,
you already have full access and control over it.
- Right to Restrict Processing (Art. 18): You can disable specific features (AI, health
data, notifications) independently.
- Right to Object (Art. 21): You can object to processing based on legitimate interest by
contacting us.
- Right to Withdraw Consent: You can withdraw consent at any time without affecting the
lawfulness of prior processing.
- Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory
authority in your country of residence. For Turkey: KVKK
(kvkk.gov.tr).
Additional Rights Under CCPA (California Users)
- You have the right to know what personal information is collected and how it is used.
- You have the right to request deletion of your personal information.
- We do not sell your personal information.
- You will not be discriminated against for exercising your rights.
12. Children's Privacy
ICU Coach is not intended for use by children under 16. We do not knowingly collect data from children. If
you believe a child under 16 has provided us with personal data, please contact us so we can take
appropriate action.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you
through an in-app notice. The latest version will always be available within the app. We recommend reviewing
this policy periodically.
14. Contact
For questions, data requests, or concerns about this Privacy Policy, contact us at:
We will respond to your request within 30 days.