Privacy Policy

Effective Date: December 5, 2025

This Privacy Policy describes how fullgazz ("we," "us," or "our") processes your Personal Data when you use the fullgazz website and coaching platform (the "Service").

We are committed to the security and privacy of your activity data. By using the Service, you consent to the data practices described in this policy.

1. Definitions

• Service: The fullgazz website and coaching platform.
• Personal Data: Data that can identify an individual (e.g., Name, Email Address).
• Activity Data: Data derived from your fitness activities (e.g., GPS, Heart Rate, Power, Distance, Duration, Pace, and Training Load metrics) collected from authorized third parties.
• Wellness Data: Data concerning your health (e.g., Weight, Resting Heart Rate, HRV, Sleep Data).
• Source Data Providers: Third-party services, including Garmin Connect, Intervals.icu, and others, from which you authorize us to collect Activity Data.
• Data Controller: fullgazz.

2. Information Collection and Use

We collect several types of information to provide, maintain, and improve our Service.

A. Data Provided Directly by You

We collect information you voluntarily provide upon registration and during use of the Service:

• Registration Data: Email address and authentication via Google Sign-In.
• Profile Data: Name, training zones, lactate thresholds, pace zones, and information regarding any authorized coaching relationship.

B. Activity and Wellness Data from Source Data Providers

We collect your Activity and Wellness Data exclusively from Source Data Providers that you explicitly authorize.

• Source of Data: Includes Garmin Connect, Intervals.icu, and direct FIT file uploads.
• Types of Data: Fitness activities, GPS routes, heart rate, power metrics, pace, elevation, sleep logs, HRV, and recovery scores.
• Purpose: This data is collected solely to provide you with personalized fitness analytics, track your training progress, and facilitate coaching services.

C. Usage Data

We automatically collect information on how the Service is accessed and used. This data is non-personally identifiable and helps us diagnose issues and improve features:

• IP address, browser type, device type, pages visited, and system diagnostic data.

3. Use of Data

We use the collected Activity and Wellness Data exclusively for the following purposes:

• Service Provision: To process your activities, calculate training metrics (load, recovery, performance trends), display charts, and populate your training calendar.
• Coaching Services: To enable coaches you authorize to view your data and provide guidance.
• Service Improvement: To conduct statistical analysis on aggregated, non-identifiable usage patterns to develop new features.
• Customer Support: To assist you with account and technical issues.

4. Disclosure and Sharing of Activity Data

• No Selling or Trading: We do not sell, rent, or trade your Personally Identifiable Information or Activity Data to unaffiliated third parties for marketing or advertising purposes.
• Disclosure to Linked Users (User-Authorized): Your Activity Data will only be shared with other users (e.g., a coach) if you explicitly grant them access through the Service. You can revoke this access at any time.
• Aggregate Data: We may share Aggregate Information (statistical data that cannot be linked back to any individual user) for business analysis.
• Legal Requirements: We may disclose your data if required to comply with a legal obligation (e.g., court order), protect our rights, or ensure personal safety of users or the public.
• Service Providers: We use third-party Service Providers (e.g., Google Cloud for hosting, Firebase for authentication) to operate the Service. These parties are contractually bound to use your data only for the service we require.

5. Cookies and Technical Mechanisms

We do not use cookies for tracking, advertising, or analytics purposes. The Service uses only essential technical mechanisms required for authentication (Firebase Auth session tokens). We do not use any third-party tracking cookies, advertising pixels, or analytics cookies that collect personal data.

6. AI-Assisted Coaching Features

We may use artificial intelligence (AI) services from third-party providers (such as OpenAI or Google) to enhance coaching capabilities within the Service:

• Purpose: AI is used to generate training summaries, extract insights from workout data, and assist coaches in analyzing athlete performance patterns.
• Data Shared: Only anonymized or aggregated training metrics (e.g., distance, pace, heart rate zones, training load) are shared with AI providers. We do not share personally identifiable information (name, email) or precise GPS location data with AI services.
• Data Processing: AI providers process this data solely to generate insights and do not use it to train their models or for any other purpose, in accordance with their data processing agreements.
• Coach Access: AI-generated insights are provided to your authorized coach to help them better understand your training and provide guidance.

7. Lawful Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), our lawful basis for collecting and using your personal data depends on the data and context:

• Contract: Processing is necessary to provide the Service you requested (e.g., displaying your training data, enabling coach access).
• Consent: You have given explicit consent to connect third-party services (e.g., Garmin Connect, Intervals.icu) and share data with your coach.
• Legitimate Interests: Processing is necessary for our legitimate interests (e.g., improving the Service, ensuring security), provided these interests are not overridden by your rights.
• Legal Obligation: Processing is necessary to comply with applicable laws.

8. Data Security and International Transfer

• Security: We implement technical and organizational security measures, including SSL/TLS encryption for data in transit, secure authentication (Firebase Auth), and role-based access control. However, no method of transmission over the Internet is 100% secure.
• International Transfer: Your data is processed and stored on servers located in the EU (Railway in Amsterdam, Netherlands; Google Cloud in EU). By using the Service, you agree to the transfer of your data to these locations.
• Data Breach Notification: In the event of a data breach that poses a high risk to your rights and freedoms, we will notify the appropriate supervisory authority within 72 hours and inform affected users without undue delay.

9. Data Retention and Deletion

• Retention: We retain your Personal Data and Activity Data only for as long as your account is active.
• Account Deletion: You can request deletion of your account and all associated Activity and Wellness data at any time by contacting us.
• Post-Deletion: After account deletion, data will be retained for 30 days to allow for recovery. If you do not contact us during this 30-day period to restore your account, the deletion becomes permanent and irreversible.

10. Your Rights

You have the following rights regarding your data:

• Access and Correction: You have the right to access and update the information we hold about you.
• Deletion (Right to be Forgotten): You have the right to request the deletion of your Personal Data.
• Data Portability: You have the right to receive a copy of your data in a structured, machine-readable format.
• Withdraw Consent: You have the right to withdraw your consent for processing your data at any time, including revoking authorization from Source Data Providers like Garmin Connect.
• Object: You have the right to object to our processing of your Personal Data.
• Restriction: You have the right to request that we restrict the processing of your personal data.

11. Children's Privacy

Our Service does not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us.

12. Changes to This Privacy Policy

We reserve the right to update this policy from time to time. We will notify you of any material changes via email or a prominent notice on the Service prior to the change becoming effective. The "Effective Date" at the top will be updated accordingly.