Logo Running Workout
Français ← Back
shield Data & Privacy

Privacy
Policy

Last updated: April 7, 2026

Table of Contents

  1. 1. Data Controller Identity
  2. 2. Data Collected
  3. 3. Purposes of Processing
  4. 4. Data from the Garmin Connect API
  5. 5. No Transmission to Third Parties or External AI
  6. 6. Data Retention
  7. 7. Hosting
  8. 8. Your Rights
  9. 9. Contact

1. Data Controller Identity

The data controller for personal data collected through the Running Workout AI Coach application is Euclide Ltd, a company registered in the United Kingdom.

For any questions about this policy, you may contact us at the address indicated in the Contact section.

2. Data Collected

In the course of operating the application, we collect and process the following categories of data:

  • Garmin Connect account data: Garmin User ID, OAuth authentication tokens required for login.
  • Training data: workout sessions and programmes generated or sent to your Garmin watch.
  • Personal settings: MAS (Maximum Aerobic Speed) and Maximum Heart Rate entered by the user to personalise sessions.
  • Session data: technical information required to maintain your session (session cookies).

We do not collect any sensitive health data within the meaning of the GDPR (Article 9) beyond the sports data voluntarily shared.

3. Purposes of Processing

Your data is processed for the following purposes:

  • Authentication via Garmin Connect OAuth and session maintenance.
  • Generation of personalised training plans using embedded artificial intelligence.
  • Synchronisation of generated sessions with your Garmin Connect account.
  • Continuous improvement of the user experience.

The legal basis for processing is the performance of the contract (use of the service) as well as your explicit consent when logging in via Garmin Connect.

4. Data from the Garmin Connect API

The application uses the official Garmin Connect API under the Garmin Connect Developer Program. We access your Garmin user ID and the workout creation features.

These accesses are limited to the strict minimum necessary for the operation of the service: no wellness data, continuous heart rate data, or biometric data beyond what you manually enter (MAS, Max HR) is extracted or stored.

5. No Transmission to Third Parties or External AI

lock

Protection of Data from the Garmin Connect API

In accordance with the requirements of the Garmin Connect Developer Program, data obtained via the Garmin Connect API is not shared, transmitted, or made accessible to any third party, whether external service providers, data processing services, or external artificial intelligence service providers.

In particular, data from the Garmin Connect API is not transmitted to any external AI service (including third-party AI APIs, cloud analytics services, or any other external automated processing provider).

The entire workout generation process takes place within the context of the user's request, without any data linked to your Garmin Connect account being communicated to third-party AI providers or any external data processing subcontractor.

In general, your personal data is never sold, rented, or transferred to third parties for commercial purposes. No transfer of personal data is carried out outside the European Union without appropriate safeguards compliant with the GDPR.

Technical Subcontractors

The application may use technical subcontractors for hosting and infrastructure. These partners have access to data only to the extent strictly necessary for the performance of their services and are bound by confidentiality obligations.

6. Data Retention

Session data (OAuth tokens) is retained for the duration of your active session and deleted upon logout. Personal settings (MAS, Max HR) are retained on our servers for the duration of your use of the service.

You may request deletion of all your data at any time by contacting us (see Contact section).

7. Hosting

The application is hosted on servers located in the European Union. All communications between your browser and our servers are encrypted via the HTTPS/TLS protocol.

8. Your Rights

In accordance with the General Data Protection Regulation (GDPR – EU Regulation 2016/679), you have the following rights:

  • Right of access: obtain a copy of your personal data.
  • Right to rectification: have inaccurate data corrected.
  • Right to erasure: request deletion of your data ("right to be forgotten").
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: object to the processing of your data.
  • Right to restriction of processing: request temporary suspension of processing.

To exercise these rights, contact us at the address below. You also have the right to lodge a complaint with a competent supervisory authority (in the UK: the ICO, ico.org.uk).

9. Contact

For any questions relating to this privacy policy or to exercise your rights, please contact us:

Euclide Ltd

Data Protection Officer

United Kingdom