Privacy Policy
Effective date: February 28, 2026
Quick summary
- We collect only what's needed to generate and track your training plan
- Your health and workout data stays on your device and in your private Firebase account
- We do not sell, rent, or share your personal data with third parties
- You can delete your account and all associated data at any time
1. Introduction
TriTracker ("TR3", "we", "us", or "our") is a triathlon training application for iOS. This Privacy Policy explains how we collect, use, store, and protect your information when you use the TriTracker app (the "App").
By using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the App.
2. Information We Collect
We collect the following categories of information:
2.1 Account Information
- Email address (when you sign up with email)
- Display name (optional)
- Google account identifier (if you sign in with Google)
2.2 Training Plan Data
- Race information you provide (race name, date, location, distance)
- Training preferences (experience level, training frequency, rest day preferences, indoor/outdoor preferences)
- Generated training plan details (planned workouts, dates, distances, durations)
- Plan modifications you make
2.3 Workout Data
- Completed workout records (date, duration, distance, sport type)
- Workout splits and pace data
- Workout completion status
2.4 Health & Fitness Data (with your permission)
If you grant access, we read the following from Apple HealthKit:
- Workout records (swimming, cycling, running)
- Workout route data and distance
- Workout duration and calories burned
- Heart rate data associated with workouts
Important: HealthKit data is read from your device only. We do not store raw HealthKit data on our servers. We use it solely to match completed workouts against your training plan. HealthKit data is never sold, shared with third parties, or used for advertising purposes, in compliance with Apple's HealthKit guidelines.
2.5 Third-Party Fitness Service Data (with your permission)
If you choose to connect your account, we may access data from:
- Strava: Activity summaries, workout details, and lap/split data via the Strava API. We access only the data needed to sync your workouts. You authorize this access through Strava's OAuth flow and can revoke it at any time from your Strava settings.
- Garmin Connect: Activity summaries and workout details via the Garmin Connect Developer API. You authorize this access through Garmin's OAuth flow and can revoke it at any time from your Garmin Connect settings.
2.6 Device & Usage Information
- Device type and iOS version (for compatibility and debugging)
- App version
- Anonymous usage analytics (e.g., which features are used most frequently)
We do not collect precise location data, contacts, photos, or any data unrelated to your triathlon training.
3. How We Use Your Information
We use your information exclusively to:
- Generate training plans tailored to your race, experience level, and schedule
- Track your progress by matching completed workouts against planned ones
- Sync workouts from Apple Health, Strava, or Garmin to your training plan
- Display statistics such as total distance, weekly volume, and progress trends
- Provide the service including authentication, data persistence, and offline support
- Improve the App through anonymized, aggregated usage analytics
We do not use your data for advertising, profiling, or sale to third parties.
4. Data Storage & Security
4.1 Where your data is stored
Your training plan and workout data is stored in Google Firebase (Firestore), a secure cloud database. Data is organized under your authenticated user account and protected by Firestore security rules that ensure only you can read and write your own data.
4.2 Security measures
- All data in transit is encrypted via TLS/HTTPS
- All data at rest in Firebase is encrypted by Google Cloud
- Firestore security rules enforce per-user data isolation (
request.auth.uid == userId) - Authentication tokens are stored securely on your device
- Third-party API tokens (Strava, Garmin) are stored securely in the iOS Keychain
4.3 Data retention
We retain your data for as long as your account is active. If you delete your account, all associated data (training plans, workout records, and preferences) will be permanently deleted from our servers within 30 days.
5. Third-Party Services
The App integrates with the following third-party services:
- Google Firebase (Authentication and Firestore database) — Firebase Privacy Policy
- Apple HealthKit — Data stays on-device per Apple's requirements
- Strava API (optional) — Strava Privacy Policy
- Garmin Connect API (optional) — Garmin Privacy Policy
Each third-party integration is opt-in. You choose which services to connect during onboarding and can disconnect them at any time in the App's settings.
6. Your Rights & Choices
You have the following rights regarding your data:
- Access: You can view all your data within the App at any time
- Correction: You can edit your training plan, race details, and preferences
- Deletion: You can delete your account and all associated data from the Settings screen
- Revoke permissions: You can revoke HealthKit access in iOS Settings, and disconnect Strava/Garmin from the App's settings
- Data portability: Contact us to request an export of your data
7. Children's Privacy
The App is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover we have collected data from a child under 13, we will delete it promptly.
8. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Effective date" at the top of this page and notify you through the App. Your continued use of the App after any changes constitutes acceptance of the updated policy.
9. Contact Us
If you have questions about this Privacy Policy, your data, or wish to exercise your rights, contact us at: