Privacy Policy
Your training data is yours. Here's how we handle it.
Our Promise (in Plain English)
We don't sell your data. We don't share it with anyone. We don't use it for anything other than improving your training. Your data is yours.
Last updated: April 11, 2026
1. What Data We Collect
Workout & Training Data
- Workouts you log (exercises, loads, reps, times, scores)
- Readiness scores (how you report feeling)
- RPE ratings (perceived effort)
- Soreness and pain logs
- Injury history and constraints
- Benchmark results
- Goals and targets
Health & Biometric Data (Optional)
- Whoop integration (HRV, sleep, strain) — only if you connect it
- Sleep and stress ratings — if you log them
- Bodyweight and body composition — if you track it
Account & Profile Data
- Name, email, password hash (encrypted)
- Age, sex, experience level
- Training history and current goals
- Equipment you have access to
- Box/gym affiliation (if applicable)
Usage Data
- Login times and frequency
- Pages viewed and time spent
- Features used
- Device type (phone, tablet, desktop)
- IP address (we don't store it long-term)
2. How We Use Your Data
To Build Your Prescriptions (Primary Purpose)
Your data feeds the Banister model, weakness profiling, MRV estimation, and readiness assessment. Everything we use to generate your daily prescriptions comes from YOUR data.
To Improve the Service
- Identify bugs or service issues
- Understand which features are most valuable
- Optimize performance
- Train our models to be more accurate
For Research & Science (Anonymized)
We may use anonymized, aggregated data for research to validate the Banister model, ACWR monitoring, and other training science. You won't be identified.
To Communicate With You
- Account notifications and security alerts
- Weekly reviews and insights
- Product updates and new features
- Support responses to your questions
3. What We DON'T Do With Your Data
We do NOT:
- Sell your data to third parties
- Share your data with advertisers
- Use your data to train AI models for other companies
- License your data to researchers without permission
- Use your data for anything other than improving your WodPilot experience
4. Data Storage & Security
Where Your Data Lives
- Databases hosted on secure servers (Postgres + encrypted backups)
- Primary location: United States
- Daily automated backups
- Encrypted transmission (HTTPS/TLS)
How We Protect It
- Passwords are hashed (we can't read them)
- Sensitive data is encrypted at rest
- Database access is restricted to engineers
- All server access is logged and monitored
- We run regular security audits
Incidents & Breaches
If we discover a security breach affecting your personal information, we will notify you within 30 days via email. We're required to do this under GDPR and other data protection laws, and we take it seriously.
5. Your Rights & Controls
You Can:
- Access your data: Request a complete export of everything we have on you
- Correct your data: Update your profile, delete old logs, etc.
- Delete your account: We'll permanently remove your data within 30 days
- Download your data: Get a machine-readable copy of all your workouts and metrics
- Opt out of emails: Unsubscribe from marketing emails (you'll still get account alerts)
How to Request:
Email [email protected] with your request. We respond within 14 days, typically within 3 days.
6. Cookies & Tracking
We Use:
- Session cookies: To keep you logged in
- Analytics: Understand how people use the app (no personally identifying data)
- No third-party trackers: We don't use Facebook pixel, Google Analytics, or other tracking pixels
You Can:
Disable cookies in your browser settings. You can still use WodPilot, but you'll need to log in more often.
7. Third-Party Services
We Integrate With:
- Whoop: If you connect your Whoop account, we get read-only access to HRV, sleep, and strain data. Whoop's privacy policy applies to their data.
- Stripe: Payment processing. They don't see your workout data, only payment info (which is also encrypted).
We Don't:
- Share your data with Whoop or Stripe unless you explicitly connect them
- Use third-party analytics that track you across the web
- Use advertising pixels
8. International Data Transfers
WodPilot is based in the US. If you're in Europe, your data is governed by GDPR. We comply with all GDPR requirements, including standard data protection clauses for any transfers.
9. Retention & Deletion
How Long We Keep Your Data:
- Active accounts: We keep all your data as long as your account is active
- Deleted accounts: We permanently delete all data within 30 days of account deletion
- Backups: Backups may retain deleted data for up to 90 days for disaster recovery
10. Changes to This Policy
We may update this privacy policy. If we make material changes, we'll email you and ask for consent (or give you 30 days to opt out).
Questions?
Email [email protected] with any privacy questions or concerns. We respond within 24 hours.
Or reach out to our Data Protection Officer at [email protected] if you have complaints or need formal assistance.