Privacy Notice

tri-ai is operated from the United Kingdom by an independent developer working in triathlon coaching analytics. For any privacy-related question or request, contact hello@tri-ai.app.

When you sign up:

• Your email address (held by our authentication provider)
• A unique account identifier issued by our authentication provider

When you connect your Garmin account:

• Activities — workouts with heart rate, power, pace, GPS routes, splits, lap-by-lap data, training effect, and other metrics
• Daily wellness — sleep, HRV, body battery, training readiness
• Profile data — weight, height, date of birth, FTP, LTHR, VO₂max, swim CSS, run threshold pace, HR zones, power zones
• Personal records and longest-distance summaries
• Body composition (only if you use a Garmin Index scale)
• Planned workouts on your Garmin calendar

While you use the app:

• Per-workout Coach analyses you generate — both the text returned and the workout context that produced it
• Ask Coach chat conversations — your typed questions and the assistant's responses, stored against your account so you can revisit them
• Race plans and configurations you set (calibration sliders, race selection, fuelling overrides)

Privacy-first product analytics: we use PostHog (EU-hosted at eu.i.posthog.com) to capture anonymised event data — page views and named feature events (e.g. "applied for beta", "ran coach analysis"). IP collection is disabled, session replay is disabled, Do Not Track is respected. We never link these events to your email or training data; only your Clerk user id (a stable opaque token) is used as a distinct identifier.

What we do NOT collect:

• Google Analytics, Facebook Pixel, ad-tech scripts, or any third-party trackers
• Marketing or advertising data
• Session recordings or screen captures
• Anything beyond the categories listed above

Most of your training data — heart rate, HRV, sleep, body composition — is health data, classed as a special category under GDPR Article 9. We process it on the basis of your explicit consent (Art 9(2)(a)).

Consent is captured at the point you connect your Garmin account: the connect form on the Data settings page has an unticked checkbox you must actively tick before we will accept the connection. Pre-ticked or implied consent does not satisfy the GDPR; we will not begin ingesting health data without that affirmative action. The exact UTC instant you ticked the box is stored against your account as a consent receipt.

Withdrawing consent is as easy as giving it (Art 7(3)): clicking Disconnect Garmin on the Data settings page clears the consent receipt and stops all further sync. Wiping or deleting your account also clears it. After withdrawal we will not process any further health data unless you reconnect and re-consent.

Each processing activity we run, with its data and lawful basis, in plain language:

• Render the app you signed in to use — your training history, form curve, race plans, fuel timeline
• Generate per-workout Coach analyses on request (we send the single workout plus your thresholds to a vetted third-party LLM provider for processing)
• Answer Ask Coach chat questions on request (the assistant retrieves on-demand slices of your training data via tool calls and sends them to the same LLM provider alongside your question and recent conversation history — full sub-processor list below)
• Provide weather context for your race location (we send only the race coordinates and date to a public weather-data API — no personal data)
• Operate the service reliably — debug logs, error monitoring, sync run history. These never include your training data verbatim, only metadata such as timestamps and event types.

We do not sell, share, or rent your data to anyone.

All training data, account records, and AI coach analyses are stored in a database hosted in the United Kingdom region. Backups remain in the same region. Data does not leave the EU/UK except where a specific feature (per-workout Coach or Ask Coach) involves an external LLM provider — see the lawful-basis and sub-processor tables for the exact data each flow sends. Neither path sends your email, name, or payment information.

Two sub-processors are located outside the UK/EU: Anthropic (United States, AI coach analysis) and PostHog (the company is US-incorporated, but the analytics instance we use is EU-resident — data stays in Frankfurt). Transfers to Anthropic in the US are covered by the Standard Contractual Clauses (SCCs) published by the European Commission and the UK ICO's International Data Transfer Addendum (IDTA), together with our Data Processing Agreement with Anthropic. What we send Anthropic depends on the feature: for per-workout Coach analysis, a single workout plus your training thresholds; for Ask Coach (chatbot), your typed question plus recent conversation history plus on-demand slices of your training data the assistant requests. Neither path sends your name, email, address, or payment information. Anthropic is contracted on a zero-retention basis for our API key: prompts and responses are not retained beyond the request and are never used to train their models.

We rely on a small set of vetted service providers. Each sees only the slice of data needed for its role, and our contracts with them include the data-protection terms required under UK GDPR Article 28. The full current list:

If we add or replace a sub-processor that handles your personal data, we'll notify signed-up users by email at least 14 days before the change takes effect. Questions? Email hello@tri-ai.app.

Race Scout is an opt-in feature that lets you paste a public race start-list URL and see the published rankings + most-recent comparable race result of the competitors in your age group. It's the only feature on tri-ai that processes named data on people who haven't signed up with us, so it gets its own section here.

What we pull: (a) the public start list from the race organiser's site (names, age groups, clubs as published); (b) for each competitor we can match, their public ranking + last race at the chosen distance from mytriranking.com. We don't pull contact info, health data, location finer than country, or anything else. The data is public-by-design — the race organiser publishes the start list themselves, and mytriranking is a public ranking system searchable by name on their site.

Lawful basis: we ask for your explicit consent before the first scan (UK GDPR Art. 6(1)(a)) — a one-time tick box on the Race Scout page. For our processing of the competitors' published data, we rely on legitimate interest (Art. 6(1)(f)): personal race prep is a normal use of public competitive data, the fields cached are the minimum necessary, and we keep the named contact route below if anyone objects.

How long we keep it: cached competitor rows are deleted automatically after 90 days. You can delete a scout (and its cached data) at any time from the past-scouts list. You can stop using Race Scout entirely from the footer link on the feature page — that withdraws your consent and immediately purges every competitor row your scouts hold.

If you're a competitor and want your data removed: email hello@tri-ai.app with the name we'd have stored. We'll find and delete every row holding your data, usually within 24 hours. We write an audit log entry for every deletion. The 90-day TTL caps how long any row can sit in our cache even if we somehow miss an email.

We use only the session cookies set by our authentication provider (Clerk) to keep you signed in. We don't set any advertising or marketing cookies, and we don't embed third-party tracking scripts in your browser.

Our product analytics (PostHog) stores a small anonymous identifier in your browser's localStorage to link page views in a single session — not a cookie, not transmitted to advertisers, and cleared if you sign out or clear site data. See the "Privacy-first product analytics" section above for the full scope.

Why you don't see a cookie banner: the UK PECR / EU ePrivacy rule that requires a consent banner only applies to non-essential cookies (advertising, third-party tracking, cross-site profiling). We don't set any. The Clerk session cookie is strictly necessary to keep you signed in (PECR Regulation 6(4) exemption) and PostHog stores its identifier in localStorage rather than a cookie, so no banner is legally required.

While your account is active, we retain your data so the app works. If you delete your account or contact us to request deletion, we'll wipe all your training data, AI coach analyses, and account records within 30 days. Backups roll off within 90 days.

You have the right to:

• Access — get a copy of the personal data we hold about you
• Rectification — correct anything that's inaccurate
• Erasure — have all your data deleted
• Portability — receive your data in a machine-readable format
• Restriction — limit how we process your data
• Objection — object to specific processing activities
• Withdraw consent — for any processing that relies on consent

To exercise any of these, email hello@tri-ai.app and we'll respond within 30 days.

You can action erasure and disconnection yourself in the app: sign in and visit Data settings. The page shows a live row count of every category we hold about you, with two self-serve controls — Wipe my data (removes all imported training data, disconnects Garmin, keeps your login so you can reconnect later) and Delete my account (irreversible — wipes all data and removes your tri-ai login). Both actions take effect immediately and require a typed confirmation.

tri-ai isn't intended for users under 16. We don't knowingly collect data from children. If you believe a child has signed up, contact us and we'll delete the account.

If we materially change how we handle your data, we'll update this page and notify signed-up users by email at least 14 days before the change takes effect. Cosmetic edits won't trigger a notification.

If you believe we've handled your data improperly, you can complain to the UK Information Commissioner's Office at ico.org.uk.

hello@tri-ai.app