Privacy Policy

Last updated: 10 April 2026

1. Who we are

Swanny ("we", "our", "us") is an AI-powered cycling coaching application. This policy explains how we collect, use, store, and protect your personal data when you use our mobile app and website.

2. Data we collect

Account data

When you create an account, we collect your name and email address via our authentication provider (Clerk).

Profile data

You may optionally provide: age, weight, height, riding frequency, experience level, cycling goals, and coaching notes (free-text notes about your training situation).

Activity data from Strava

When you connect your Strava account, we access your cycling activities via the Strava API. This includes:

  • Activity summaries: name, date, duration, distance, elevation
  • Performance metrics: average/max power, heart rate, cadence
  • Second-by-second data streams: power, heart rate, cadence, GPS, altitude
  • Lap and segment data
  • Athlete profile: weight and FTP (functional threshold power)

We only access data you explicitly authorise via Strava's OAuth process. We request the minimum scopes required: read,activity:read_all for ongoing use, with profile:read_all added during onboarding to access your weight and FTP.

Activity data from Zwift

If you connect Zwift, we access similar activity data from your Zwift account.

AI-generated data

We generate coaching content based on your activity data: ride assessments, weekly reviews, training plans, and progress metrics. This data is stored alongside your account.

Payment data

Payments are processed by Stripe (web) or Apple/Google (in-app). We do not store your credit card details. We store your subscription status and billing identifiers.

3. How we use your data

We use your data exclusively to provide the coaching service:

  • Analyse your rides and calculate performance metrics (CTL, ATL, TSB, FTP trends)
  • Detect your rider type and primary limiters
  • Generate personalised training plans and ride assessments using AI
  • Deliver weekly coaching reviews
  • Track your progress toward your goals

Your activity data is used as context for AI-generated coaching. We use Anthropic's Claude AI to generate assessments and plans. Your data is sent to the AI model as part of the prompt but is not used to train AI models.

We do not:

  • Sell, license, or share your data with third parties
  • Use your data for advertising or marketing profiling
  • Aggregate your data with other users for analytics or benchmarking
  • Display your data to other users (the app is single-user context only)

4. Data storage and security

Your data is stored in a PostgreSQL database hosted by Neon (cloud database provider). OAuth tokens from Strava and Zwift are encrypted at rest using AES-256-GCM encryption before database storage.

We use HTTPS for all data transmission. Authentication is handled by Clerk using JWT tokens.

5. Third-party services

We use the following third-party services to operate:

  • Clerk — authentication and user management
  • Strava API — activity data sync (with your authorisation)
  • Zwift API — activity data sync (with your authorisation)
  • Anthropic (Claude) — AI coaching content generation
  • Neon — database hosting
  • Stripe — payment processing
  • Resend — transactional emails

Each service processes only the minimum data required for its function. We do not share your full dataset with any third party.

6. Strava data and disconnection

When you disconnect Strava from Swanny (either via our app or via Strava's privacy settings):

  • Your Strava access token is immediately revoked
  • All activities sourced from Strava are permanently deleted from our database
  • Associated data (streams, laps, assessments) is cascade-deleted
  • Your Strava connection record is removed

If you revoke access to an individual activity on Strava, we delete that specific activity from our database via webhook notification.

7. Account deletion

You can delete your entire account from the Profile screen in the app. This permanently deletes:

  • All activities, streams, laps, and assessments
  • All coaching conversations and messages
  • All weekly reviews and training plans
  • Your rider profile and preferences
  • All third-party connection records
  • Your user account

Deletion is immediate and irreversible.

8. Your rights

Under GDPR and UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data (via your profile settings)
  • Erase your data (via account deletion)
  • Restrict processing by disconnecting data sources
  • Data portability — contact us for a data export
  • Withdraw consent at any time by disconnecting services or deleting your account

To exercise any of these rights, contact us at privacy@getswanny.com.

9. Data retention

We retain your data for as long as your account is active. When you delete your account, all data is permanently deleted immediately. We do not retain backups of deleted user data.

10. Children

Swanny is not intended for use by children under 16. We do not knowingly collect data from children.

11. Changes to this policy

We may update this policy from time to time. We'll notify you of significant changes via email or in-app notification. The "last updated" date at the top reflects the most recent revision.

12. Contact

For privacy-related questions or requests:

privacy@getswanny.com