Introduction
JohnnyLikesTraining ("the App") is a personal iOS application for managing ultrarunning training. This Privacy Policy explains what data the App collects, how it is used, and your rights regarding that data.
Data Collection Disclosure
Before you connect any third-party service, we want you to understand exactly what data will be collected, how it is collected, how to withdraw consent, and how to request deletion:
- Strava: When you tap "Connect Strava," you will be directed to Strava's website to authorize the App. We request
activity:read_allscope, which allows us to read your activity data (runs, rides, hikes, etc.). Data is collected via the Strava API after you grant authorization. You can withdraw consent at any time by disconnecting Strava in the App's Settings screen, which also deletes your imported Strava data. You may also revoke access from your Strava settings. - Oura: When you tap "Connect Oura," you will be directed to Oura's website to authorize the App. We request
dailyandheartratescopes. You can withdraw consent at any time by disconnecting Oura in Settings.
Data We Collect
The App collects and processes the following categories of data:
- Account information: Your email address and authentication credentials when you sign in with Apple.
- Training plan data: The training plan you configure, including race name, race date, workout schedules, swaps, skips, and manual adjustments.
- Oura data: If you connect your Oura account, the App imports daily readiness scores, sleep scores, heart rate variability (HRV), resting heart rate, and body temperature deviation via the Oura API.
- Strava data: If you connect your Strava account, the App imports completed activities including distance, pace, duration, heart rate, elevation, and activity type via the Strava API. We do not store GPS route data or map polylines.
- Strength, heat, and stretch training logs: Exercise sets, reps, weights, and session durations that you manually log.
How We Use Your Data
Your data is used solely to provide the App's functionality:
- Displaying your training plan and daily workout prescriptions.
- Showing recovery metrics from Oura alongside your training schedule.
- Comparing planned vs. actual performance using Strava activity data.
- Tracking strength and heat training progress.
- Generating progress dashboards and compliance statistics.
We do not use your data for advertising, marketing, profiling, analytics, AI/ML training, or any purpose unrelated to the App's core training functionality. We do not sell, license, or share your data with third parties, data brokers, or advertisers.
Data Storage
Your training data is stored in a Supabase-hosted PostgreSQL database secured with row-level security policies, meaning you can only access your own data. OAuth tokens for Oura and Strava are stored locally on your device in the iOS Keychain and are not transmitted to any third party.
Third-Party Services
The App integrates with:
- Oura (Oura Privacy Policy) — to retrieve your health and recovery data.
- Strava (Strava Privacy Policy) — to retrieve your running activity data.
- Supabase (Supabase Privacy Policy) — for authentication and data storage.
- Apple Sign-In — for account authentication.
Data shared with these services is limited to what is necessary for authentication and data retrieval. We do not sell or share your data with any other third parties. Please note that Strava may monitor and collect data related to your use of the Strava API as described in the Strava Privacy Policy.
Data Retention and Caching
Your training plan data, strength logs, heat logs, and stretch logs are retained as long as you have an active account.
Strava activity data is synced periodically and cached locally. In accordance with Strava's API Agreement, cached Strava data is refreshed regularly and not retained beyond what is necessary to provide the App's functionality. If you delete an activity on Strava, it will be removed from the App within 48 hours of the next sync.
If you wish to delete all your data, contact us at the email address below and we will remove all associated records from our database.
Disconnecting Services
You can disconnect your Oura or Strava account at any time from the App's Settings screen. Disconnecting Strava removes your stored OAuth tokens from your device, stops further data syncing, and deletes all imported Strava activity data from our database. Disconnecting Oura removes OAuth tokens and stops syncing; previously imported recovery data remains unless you request deletion. You may also revoke access from within Strava's settings or Oura's settings.
Your Rights
Under applicable data protection laws, including GDPR and UK GDPR where applicable, you have the right to:
- Access the personal data the App holds about you.
- Request correction of inaccurate data.
- Request deletion of your data (right to erasure).
- Withdraw consent for data collection at any time by disconnecting third-party services or deleting your account.
- Request a copy of your data in a portable format.
- Object to processing of your personal data.
- Disconnect third-party integrations at any time from the App's Settings screen.
To exercise any of these rights, contact us at the email address below.
Legal Basis for Processing (GDPR)
We process your personal data based on your explicit consent, which you provide when you sign in, connect third-party services, and use the App. You may withdraw consent at any time as described above.
Children's Privacy
The App is not directed at children under 16 (or the applicable age of digital consent in your jurisdiction) and we do not knowingly collect personal information from children.
Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. If changes are significant, we will notify you through the App.
Contact
For questions, data requests, support, or to express contact preferences, reach out to: atler.j@gmail.com