Privacy Policy
Last updated: March 1, 2026
Athlio is a training platform designed for endurance and multisport athletes. This Privacy Policy explains how Athlio collects, uses, stores, and protects personal and fitness data, and how we comply with applicable international data protection regulations including GDPR and CCPA.
Athlio connects to third-party services — such as Garmin Connect, Strava, and other fitness platforms — exclusively after the user grants explicit authorization through the official OAuth flow of each provider. Users may revoke this access at any time from their Athlio account settings or directly from the third-party platform.
When a user connects a third-party account (e.g., Garmin Connect), Athlio accesses only the data categories permitted by the user during the authorization process. This may include activity data (workouts, distances, heart rate, power, pace), health metrics (sleep, HRV, resting heart rate), and device information. This data is used exclusively to provide the features of the Athlio platform: training dashboards, performance analytics, AI coaching, and race preparation tools. We do not sell, share, or transfer user data to any third party for advertising, profiling, or commercial purposes.
Athlio integrates with the following third-party services to import training and health data:
- Garmin Connect — activity data, health metrics, and device readings imported via the official Garmin Health API, subject to Garmin's own privacy terms (https://www.garmin.com/en-GB/privacy/app-privacy/)
- Strava — activity data imported via the official Strava API, subject to Strava's privacy policy
- Manual entries — users may also log workouts and health data directly in Athlio without connecting any external service
Each integration is opt-in. Athlio only requests the minimum data scope required for the features offered.
- Users may disconnect any third-party integration at any time from account settings.
- Users may request deletion of all personal data stored by Athlio.
- Users may request a full export of their data in a portable format.
Athlio retains user data only for as long as necessary to deliver the requested services or meet legal obligations. When a user revokes a third-party integration or deletes their Athlio account, all associated data is permanently removed from our systems within 30 days.
Athlio applies industry-standard security measures including TLS encryption for all data in transit, encrypted storage, and access controls limited to authorized personnel. We use Supabase as our database infrastructure provider, which undergoes regular security audits. While no system is completely infallible, we are committed to continuously improving the security of our services.
If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):
- Right of access — you may request a copy of the personal data we hold about you
- Right to rectification — you may request correction of inaccurate or incomplete data
- Right to erasure — you may request deletion of your personal data
- Right to data portability — you may request your data in a structured, machine-readable format
To exercise any of these rights, please contact us using the information below. We will respond within the timeframes required by GDPR (typically 30 days).
Under the California Consumer Privacy Act (CCPA), California residents have the following rights:
- Right to know what personal information is collected and how it is used
- Right to request deletion of personal information
- Right to opt out of the sale of personal information — Athlio does not sell user data
Athlio does not discriminate against users who exercise their rights under CCPA.
Athlio may update this Privacy Policy to reflect changes in our services, legal requirements, or data practices. We will notify registered users of significant changes via email or in-app notification. Continued use of Athlio after a policy update constitutes acceptance of the revised terms.
For questions about this Privacy Policy, requests to exercise your data rights, or any other privacy-related concerns, please contact us at: