Privacy Policy

This policy explains what data Velox (operated by [COMPANY]) collects, why, and how we protect it. We aim to collect only what we need to run the Service.

Account data: your email and a password stored only as a bcrypt hash.

Garmin data: your runs and wellness metrics (pace, heart rate, sleep, HRV and similar), synced with your authorisation. We store an encrypted Garmin access token — never your Garmin password.

Billing data: handled by Stripe. We store a Stripe customer/subscription reference and status, not your full card details.

We use your data to provide analytics and AI coaching, to operate your subscription, and to send essential account emails (verification and password reset) via our email provider.

When you generate a plan, prediction or analysis, relevant training data is sent to our AI provider (Anthropic) to produce the result. It is used to fulfil your request and is not used to train their models.

We rely on trusted providers to operate Velox, including Neon (database hosting), Stripe (payments), Anthropic (AI) and Resend (transactional email). Each processes data only as needed to provide their service.

Garmin tokens are encrypted at rest with AES-256-GCM, passwords are hashed with bcrypt, and all traffic is served over HTTPS. No system is perfectly secure, but we take reasonable measures to protect your data.

You can export all your data or delete your account at any time from Settings. Deleting your account removes your stored data, subject to any records we must retain by law.

For any privacy questions or requests, contact us at [CONTACT EMAIL].