Privacy Policy

1. Introduction

Welcome to Trainavo. This Privacy Policy explains how Dahlmann Software ApS, owner and operator of the Trainavo app and service ("we," "us," or "our"), collects, uses, discloses, and protects your personal information when you use our mobile application and related services (collectively, the "Service").

We are committed to protecting your privacy and being clear about how Trainavo handles training, health, and connected-service data. This policy should be read together with any permission prompts, consent screens, and settings shown in the app.

2. Data Controller

The data controller responsible for your personal data is:

3. Personal Information We Collect

Depending on the features you use, the permissions you grant, and the services you connect, we may collect and process the categories of data described below. These categories are intended to describe the types of data Trainavo handles; the examples are not exhaustive and the exact fields may vary by device, platform, connected service, feature, and your account settings.

3.1 Account, Profile, and Service Records

Information used to create, authenticate, secure, personalize, support, and manage your Trainavo account and your relationship with the Service. This may include identifiers and contact details, authentication records, profile information, settings and preferences, notification choices, consent and permission records, subscription or billing references, support messages, security logs, and related account metadata.

3.2 User-Generated, Training, and Activity Data

Information you create, upload, import, edit, or generate through the Service. This may include workouts, routes, courses, training plans, activity history, activity files, sport type, duration, distance, pace, speed, elevation, route and location data, splits, laps, intervals, workout steps, training load, performance calculations, notes, perceived effort, equipment, photos, goals, habits, preferences, and related activity metadata.

3.3 Health, Fitness, and Connected-Service Data

Health, wellness, physiological, wearable, and sensor-derived data when you provide it directly or authorize a connected platform, device, or app to share it with Trainavo. This may include data from Garmin Connect, Apple HealthKit, Strava, or similar services, such as heart rate, heart rate zones, power, cadence, calories, steps, sleep, recovery, readiness, stress, respiration, body metrics, training status, device information, connection identifiers, authorization records, sync status, and files or payloads needed to provide the integration.

3.4 AI Coaching and Conversation Data

If you use optional AI coaching features, we may process prompts, messages, generated responses, conversation history, summaries, and relevant training or health context needed to provide the feature. AI processing of connected activity or health data requires the consent described in this policy and in the app.

3.5 Payment and Transaction Records

If paid features, subscriptions, or purchases are offered, we may process purchase status, subscription identifiers, transaction history, invoices, receipts, tax information, refund status, and related billing metadata. Payment card numbers are handled by payment processors or app-store platforms, not by Trainavo directly.

3.6 Device, Technical, and Security Data

Technical information used to operate, secure, debug, and improve the Service. This may include device type and model, operating system, app version, browser or network information, approximate region, diagnostic logs, crash reports, performance data, security events, fraud-prevention signals, and related technical identifiers.

3.7 Usage, Analytics, Product Feedback, and Inferences

Information about how the Service is used so we can maintain, measure, and improve Trainavo. This may include feature usage, interaction events, preferences, in-app actions, onboarding progress, product feedback, aggregated analytics, service performance measurements, and inferences or calculations derived from your activity, training, health, or usage data.

4. How We Collect Data

We collect personal information from several sources:

• Directly from you: When you create an account, configure your profile, enter training information, contact support, set preferences, or otherwise use the Service.
• From connected services you authorize: When you connect Garmin Connect, Apple HealthKit, Strava, or another supported service, we receive only the data made available by that service and permitted by your authorization.
• Automatically from your use of Trainavo: When the app or website records technical, security, diagnostic, analytics, and usage events needed to operate and improve the Service.
• From calculations and generated outputs: When Trainavo creates training metrics, summaries, recommendations, AI responses, or other derived information based on the data available in your account.
• From service providers: When providers such as hosting, authentication, payment, analytics, support, or app-store platforms send us information needed to provide their part of the Service.

5. Where Data Is Stored and Processed

Trainavo uses secure cloud infrastructure so your account, training history, connected-service data, settings, and generated insights can sync across devices and support the features you request. Some information may also be cached or processed locally on your device for app performance, offline use, or platform integrations.

Health and connected-service data may be stored and processed in Trainavo's systems where needed to provide synchronization, analytics, coaching, planning, backup, support, and account features. We limit access to this data and use it only for the purposes described in this policy.

Optional AI features are powered by OpenAI and may use cloud infrastructure providers needed to operate the Service. When AI processing is enabled, we send only the information reasonably needed to generate the requested response or feature output, and we do not use connected-service health data to train general-purpose AI models for other customers.

6. How We Use Your Data

We use your personal data to:

• Provide the Service: Display your activities, track progress, and enable workout planning
• Sync with connected devices: Import, synchronize, and export data with Garmin, Apple Health, Strava, and other connected services you authorize
• Provide AI coaching features: Analyze your training, activity, health, and connected-service data when you have given the required consent, to offer personalized insights, recovery context, workout planning suggestions, and AI-generated coaching features for your account
• Improve the Service: Analyze usage patterns to enhance features and fix issues
• Communicate with you: Send service-related notifications and respond to support requests
• Ensure security: Detect and prevent fraud, abuse, or unauthorized access
• Comply with obligations: Maintain records, enforce our terms, and meet legal, tax, accounting, security, and platform requirements

7. Connected Services and AI Transparency

If you connect services such as Garmin Connect, Apple HealthKit, or Strava, Trainavo receives data from those services only after you authorize the connection or import. We use connected-service data to provide the features you request, including activity sync, health and recovery context, analytics, training planning, historical imports, and sending workouts or courses to Garmin Connect when you ask Trainavo to do so.

AI transparency: Trainavo asks for your explicit consent before connected activity or health data in your account, including Garmin data, is processed by AI systems. If you give that consent, this data may be processed by AI systems to generate personalized coaching responses, workout suggestions, recovery context, summaries, and related training insights. We do not sell Garmin data, health data, or connected-service data, and we do not use it to train general-purpose AI models for other customers.

Restrictions: We do not use health, fitness, Garmin, Apple HealthKit, or other connected-service data for advertising or marketing. We do not sell this data and do not share it with data brokers, advertising platforms, or information resellers.

Apple HealthKit: HealthKit data is used only for health and fitness features you authorize. We do not use HealthKit data for advertising or marketing, do not sell it, and do not share it with data brokers, advertising platforms, or information resellers.

Garmin Connect: Garmin data is used only for the Trainavo features you authorize, including sync, analysis, planning, coaching, and Garmin workout or course delivery when requested. We do not make Garmin data available to third-party applications or platforms unless you request that feature or we have another lawful basis described in this policy.

You can withdraw AI consent in Trainavo settings at any time. You can also withdraw connected-service access by disconnecting the service in Trainavo or revoking access in the third-party service. After disconnection, Trainavo will stop receiving new data from that service. You may request deletion, export, or restriction of connected-service data already stored in your Trainavo account by contacting us at hello@trainavo.com.

8. Your Choices

You have choices about how Trainavo handles your information:

• Account and profile: You may update account information and preferences in the app, where available, or by contacting us.
• Connected services: You may disconnect Garmin Connect, Apple HealthKit, Strava, or other services in Trainavo or through the third-party service's own settings.
• AI features: You may choose whether to enable AI features and may withdraw AI consent in Trainavo settings.
• Communications: You may opt out of non-essential marketing communications, if offered. We may still send service, account, security, legal, and transactional messages.
• Not providing data: You may choose not to provide certain data or permissions, but some features may be unavailable or less useful.

9. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service you requested when creating an account and using Trainavo
• Consent: Processing of health data and sensitive fitness information, which requires your explicit consent. You may withdraw consent at any time
• Legitimate Interests: Processing for analytics, security, and service improvement, where our interests do not override your rights
• Legal Obligation: Processing required to comply with applicable laws and regulations

10. Data Sharing

We do not sell your personal data, Garmin activity data, Apple HealthKit data, health data, or personal fitness data. We may share your data with:

• Service Providers: Third-party companies that help us operate the Service:
  • Cloud hosting, database, authentication, storage, and infrastructure providers
  • OpenAI, only when you use AI coaching features and the relevant consent has been given
  • Analytics, diagnostics, and product measurement providers, where appropriate using aggregated or de-identified data
  • Payment processors and app-store platforms for purchases, subscriptions, refunds, taxes, and fraud prevention
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets (you would be notified)

All service providers are contractually obligated to protect your data and may only use it for the specific purposes we define. When health or connected-service data is shared with a service provider, we limit it to what is reasonably necessary to provide the relevant feature, security function, support request, or legal obligation.

11. Third-Party Links and Services

Trainavo may link to or integrate with third-party websites, apps, platforms, app stores, device providers, payment services, and connected health or fitness services. We do not control those services and are not responsible for their content, availability, security, terms, or privacy practices. Your use of third-party services is governed by their own terms and privacy policies.

12. International Data Transfers

Your data may be processed and stored in countries outside the European Economic Area (EEA), including the United States, by service providers that help us operate Trainavo:

• Cloud infrastructure providers: Hosting, database, storage, authentication, monitoring, and backup services
• OpenAI: AI coaching and analysis features when enabled by you
• Operational providers: Analytics, diagnostics, support, payment, and app-store services

For transfers outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, to protect your personal data in accordance with GDPR requirements.

13. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes described in this policy:

• Account data: Retained until you request deletion of your account
• Activity data: Retained until you request deletion
• Garmin connection tokens: Retained while your Garmin connection remains active and deleted or deactivated after disconnection
• Analytics data: Anonymized after 24 months
• Backup data: Retained for up to 30 days after deletion for recovery purposes

14. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing at any time (this does not affect the lawfulness of prior processing)

To exercise these rights, contact us at hello@trainavo.com.

You also have the right to lodge a complaint with a supervisory authority. For Denmark, this is the Danish Data Protection Agency (Datatilsynet):www.datatilsynet.dk

15. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication with encrypted passwords
• Regular security assessments and updates
• Access controls limiting data access to authorized personnel
• Secure OAuth connections for third-party integrations

16. Children's Privacy

Trainavo is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal data, please contact us at hello@trainavo.com.

17. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated "Last updated" date. For material changes, we may also send you a notification through the app or via email. We encourage you to review this policy periodically.

18. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: