Privacy Policy

AlpsEpics (“we,” “us,” or “our”) operates the AlpsEpics mobile applications (iOS and Android), web application at app.alpsepics.com, and the public website at alpsepics.com (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using AlpsEpics, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

Account Information

When you sign in via Google or Strava OAuth, we receive your name, email address, and profile photo. We do not store your Google or Strava password.

Activity & Training Data

• Cycling activities synced from Strava (route, distance, elevation, duration, power, heart rate, cadence)
• FIT files uploaded from bike computers (Garmin, Wahoo, etc.)
• TrainingPeaks CSV imports
• Computed training metrics: NP, IF, TSS, CTL, ATL, TSB, MMP, weakness scores
• RPE ratings, wellness scores (energy, sleep, motivation, soreness, stress)
• Daily biometrics: weight, resting HR, HRV, sleep hours, sleep quality
• AI Coach chat conversations and athlete memory (goals, injuries, preferences)

Location Data

During active group rides with live tracking enabled, we collect your real-time GPS position. Location data is shared only with confirmed ride participants. GPS tracks are stored for route reconstruction in Ride Stories. You can disable location sharing at any time.

User-Generated Content

• Photos shared during group rides (with GPS location metadata)
• Voice notes (up to 15 seconds, with automatic transcription and GPS tagging)
• Text messages posted to ride feeds
• Ride Stories generated from the above content

Device & Usage Data

We may collect device type, operating system version, app version, and crash reports to improve the Service. We do not use third-party analytics or advertising SDKs.

2. How We Use Your Information

• Provide AI coaching recommendations based on your training data, fatigue, and goals
• Compute training metrics (CTL, ATL, TSB, weakness scores, power records)
• Enable group ride coordination: creation, RSVP, live tracking, and ride feeds
• Generate automatic Ride Stories, slideshows, and AI summaries
• Send push notifications for ride invitations, reminders, and updates
• Maintain athlete memory so the AI Coach retains context across sessions
• Improve the Service, fix bugs, and respond to support requests

We do not sell your personal data to third parties.

3. Third-Party Services

• Strava API: Activity sync and route data. We read but never modify your Strava account. You can revoke access at any time from your Strava settings.
• Google OAuth: Authentication only. We receive name, email, and profile photo.
• Google Maps: Route display, live tracking maps, and geocoding.
• OpenAI API: AI Coach analysis and chat. Training metrics and anonymized context are sent for coaching responses. No personally identifiable information (name, email) is included in API calls.
• Google Cloud Platform: Infrastructure, storage, and compute. Data hosted in the EU (europe-west1).
• Firebase Cloud Messaging: Push notifications on iOS and Android.

4. Data Storage & Security

Your data is stored securely on Google Cloud Platform in the European Union (europe-west1 region). We use TLS encryption for data in transit and encryption at rest for all stored data. Database access is restricted and authenticated.

While we implement commercially reasonable security measures, no method of electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your data for as long as your account is active. When you delete your account, all associated data is permanently removed from our systems within 30 days, including training data, ride history, photos, voice notes, AI Coach conversations, and athlete memory.

6. Your Rights

You have the right to:

• Access your personal data held by us
• Correct inaccurate or incomplete data
• Export your data in a portable format
• Delete your account and all associated data
• Withdraw consent for data processing at any time
• Object to processing of your personal data

You can delete your account directly from the app (Profile → Settings → Delete Account), or by emailing us. Account deletion is permanent and cannot be undone.

7. Children’s Privacy

AlpsEpics is not intended for children under 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us.

8. International Data Transfers

Your data is processed and stored in the European Union. If you access the Service from outside the EU, your information may be transferred to, stored, and processed in the EU. By using the Service, you consent to this transfer.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last updated” date. Continued use of the Service after changes constitutes acceptance of the updated policy.