1. Introduction

FIT-DB (www.fit-db.com) is a data-driven triathlon training management platform designed for serious athletes and coaches. We are committed to protecting your privacy and handling your personal and fitness data with the utmost care and transparency.

This Privacy Policy explains what data we collect, how we use it, how we protect it, and your rights regarding your information.

2. Data We Collect

We collect the following categories of data to provide personalized training analysis and recovery reports:

a) Account Information

• Username and display name
• Hashed password (we never store plaintext passwords)

b) Athlete Profile

• Age, gender, height, weight
• Experience level and target race distance
• Training phase and weekly training hours

c) Data from Garmin Connect (via Garmin API)

With your explicit authorization, we access the following data from your Garmin Connect account:

• Activities: Activity type, duration, distance, pace, heart rate data, cadence, power output
• Sleep Data: Total sleep time, deep sleep, REM sleep, light sleep duration, sleep score
• Heart Rate: Resting heart rate, heart rate zones during activities
• User Profile: Basic profile metrics synced from your Garmin device
• Training Status: Training load, VO2 Max estimates, recovery time

d) User-Entered Data

• Training logs, RPE (Rate of Perceived Exertion) ratings
• Body composition logs (weight, body fat, soreness, fatigue levels)
• Notes and custom training entries

3. How We Use Your Data

Your data is used solely for the following purposes:

• Personalized Training Analysis: Generating training load reports, performance trends, and periodization plans tailored to your goals
• Recovery Monitoring: Calculating recovery scores based on sleep quality, training stress, and perceived exertion
• Race Preparation: Building periodization calendars with phase-specific volume and intensity targets
• Heart Rate Zone Calculation: Providing Seiler-model-based intensity zone recommendations

Your fitness data is never used for advertising, marketing profiling, or any purpose other than providing you with training insights within the FIT-DB platform.

4. Data Storage & Security

We take the security of your data seriously and implement the following measures:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using HTTPS (TLS/SSL) with certificates from Let's Encrypt
• Secure Storage: Your data is stored on secured servers with restricted access
• Password Protection: All passwords are salted and hashed using SHA-256 before storage; we never store or have access to your plaintext password
• Access Control: Only authenticated users can access their own data; role-based access controls are in place for administrative functions
• Garmin OAuth Tokens: API tokens are stored securely and are only used to sync data you have explicitly authorized

5. Data Retention & Deletion

• Active Account: Your data is retained as long as your account is active to provide continuous service
• Data Deletion on Request: You may request deletion of any or all of your data at any time by contacting us at kiwi751200@fit-db.com
• Account Deletion: Upon account deletion, all associated personal data, training logs, body metrics, and Garmin-synced data are permanently and immediately deleted from our systems
• Garmin Disconnection: You can revoke FIT-DB's access to your Garmin data at any time through your Garmin Connect settings. Upon revocation, we will cease syncing and delete all Garmin-sourced data from our platform

6. Third-Party Services

FIT-DB integrates with Garmin Connect using the official Garmin Health API. This integration is governed by Garmin's own terms of service and privacy policy. We only access data that you have explicitly authorized through the Garmin OAuth consent flow.

We do not integrate with any advertising networks, analytics trackers, or social media platforms that would have access to your data.

7. Your Rights

You have the right to:

• Access all personal data we hold about you
• Correct any inaccurate data in your profile
• Delete your data and account at any time
• Revoke Garmin API access at any time
• Export your training data upon request

8. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this page periodically.

9. Contact Us