Privacy Policy
Stryxs ("we", "our", "us") operates stryxs.com (the "Service"). This Privacy Policy explains what personal information we collect, how we use it, and your rights regarding your data.
1. Who we are
Stryxs is an AI-powered endurance training platform that builds personalized training plans for runners, cyclists, swimmers, and triathletes.
The Service is operated by Nathalie Barbier as a sole proprietor.
Contact:
- Email: support@stryxs.com
- Operator: Nathalie Barbier
- Address: 298 Montelluna Dr, Venice, FL 34292, United States
If you reside in the European Economic Area (EEA), United Kingdom, or Switzerland, the data controller for your personal data is the operator listed above.
2. Information we collect
2.1 Information you provide directly
When you create an account and use the Service, we collect:
- Account information: name, email address, password (stored as a hash, never in plaintext)
- Profile information: profile photo (optional), date of birth, gender, height, weight, country, time zone
- Athletic intake data: primary sport, training goal (e.g., 5K, marathon, Ironman), goal race date, current weekly training hours, available training days, race history, personal bests, injury history, equipment, and similar information needed to build a personalized plan
- Heart rate data: Lactate Threshold Heart Rate (LTHR) for run and bike, resting heart rate, and zone configurations
- Coach chat history: messages you send to the AI coach and the responses returned
- Subscription information: plan tier (Free or Pro) and Stripe customer ID, we do not store your full payment card details
2.2 Information collected automatically
When you use the Service, we automatically collect:
- Workout data: distance, duration, pace, heart rate, GPS trace, cadence, power, elevation, perceived exertion, and other metrics from training sessions you log
- Device information: browser type, operating system, IP address, device identifiers
- Usage data: pages viewed, features used, timestamps of activity, error logs
2.3 Information from third-party services
If you connect your Strava account, we receive data from Strava through their API, including:
- Your Strava user ID
- Your past activities (workouts, including all metrics they expose)
- Activities created after the connection (via webhook)
If you upload workout files (CSV, FIT, GPX, TCX), we extract the metrics within them. We do not receive payment information from Stripe, Stripe processes payments directly and shares only a customer ID with us.
3. How we use your information
We use your information to:
- Build and update your personalized training plan
- Power the AI coach chat that answers your questions
- Detect patterns in your training data (drift, volume changes, fitness markers, recovery signals)
- Send you transactional emails (account confirmation, password reset, subscription receipts)
- Process your subscription payments
- Provide customer support
- Improve the Service (analyze aggregated, de-identified usage patterns)
- Comply with legal obligations
- Detect, prevent, and address fraud, security, and technical issues
3.1 Use of AI/LLM models
To provide the AI coach and plan generation features, we send your training data and intake information to Anthropic (the provider of the Claude AI models) for inference processing. We:
- Send only the minimum data necessary for the feature in use
- Do not allow Anthropic to use your data to train their models (zero-data-retention configuration where available)
- Never send your name, email, or other directly identifying information unless required for the feature
By using the Service, you consent to this processing.
3.2 We do not:
- Sell your personal data to anyone, ever
- Use your training data for advertising
- Share your individual workout data with other Stryxs users without your explicit action
4. Payments
We use Stripe as our payment processor. When you subscribe to Stryxs Pro:
- You enter your payment details directly on Stripe's secure form (we never see or store your full card number, CVV, or bank account details)
- Stripe sends us only a customer identifier and subscription status
- Stripe's privacy policy applies: stripe.com/privacy
We retain your Stripe customer ID and subscription status to provide the Pro features you've paid for and to process refunds, cancellations, or billing inquiries.
5. Sharing your information
We share your information only as described below:
| Recipient | Purpose | What we share |
|---|---|---|
| Supabase | Database, authentication, file storage | All data stored by the Service |
| Anthropic | Powering AI coach and plan generation | Training data and intake; never name/email |
| Stripe | Processing subscriptions | Email, name, customer ID |
| Strava (if connected) | Pulling workout data on your behalf | OAuth, you authorize Strava |
| Vercel | Serving the Stryxs web app | Browser/IP via normal HTTP requests |
| Email provider | Transactional emails | Email address, name |
We may also share information to comply with legal obligations (subpoena, court order), to protect our rights or your safety, or in connection with a business transaction (acquisition, merger), with notice to you.
6. International data transfers
Stryxs is operated from the United States. Your data is stored in our database hosted by Supabase in the United States (US East region). If you access the Service from the EEA, UK, or Switzerland, your data will be transferred to and processed in the United States and other countries where our service providers operate. For users in the EEA/UK, we rely on Standard Contractual Clauses (SCCs) where applicable.
7. Data retention
We retain your personal data for as long as your account is active.
- If you delete your account, we permanently delete your data within 30 days from our active databases. Some information may persist in encrypted backups for up to 90 days, after which it is fully erased.
- We retain certain limited records (e.g., transaction logs, billing history) for as long as required by law or to resolve disputes, typically up to 7 years for financial records.
- AI coach chat history, workout data, training plans, and personal profile are deleted with the rest of your account.
8. Your rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: request a copy of the personal data we hold about you
- Correction: ask us to correct inaccurate data
- Deletion: ask us to delete your account and personal data (you can do this directly from Settings → Account → Delete Account)
- Portability: request a machine-readable export of your data
- Objection: object to certain processing
- Withdraw consent: where we rely on consent, you can withdraw it at any time
To exercise any of these rights, email support@stryxs.com. We will respond within 30 days. You can also lodge a complaint with your local data protection authority.
8.1 California residents (CCPA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act including the right to know, the right to delete, and the right to non-discrimination. We do not "sell" personal information as defined under the CCPA.
9. Children's privacy
Stryxs is not intended for users under 16 years of age (or under 13 in the United States). We do not knowingly collect personal information from children under these ages. If you believe a child has provided us with personal information, contact us at support@stryxs.com and we will delete it promptly. If you are aged 16-17, you may use the Service only with the consent of a parent or legal guardian.
10. Security
We take reasonable steps to protect your personal data:
- All connections to the Service use HTTPS/TLS encryption
- Passwords are stored as hashes (never in plaintext)
- Database access is restricted via row-level security policies
- We use industry-standard hosting providers (Supabase, Vercel) with their own security certifications
No system is 100% secure. If a data breach occurs that affects your personal data, we will notify you and any required regulatory authorities as required by applicable law.
11. Cookies and tracking
We use a minimal set of cookies and similar technologies:
- Essential cookies: required for the Service to function (authentication session, preferences)
- Local storage: used to cache your training plan and reduce database calls
We do not use third-party advertising or tracking cookies. We do not run advertising on the Service.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date at the top. If we make material changes, we'll notify you via email or a prominent notice in the Service before the changes take effect.
13. Contact us
Questions about this Privacy Policy? Reach us at:
- Email: support@stryxs.com
- Service: stryxs.com