Privacy Policy
01 Who we are
Jordi Espanyol ("I", "me", or "Developer"), operating as an independent developer, is the controller of the personal data collected through the Project Summit iOS application ("the App"). The App is an adaptive cycling training platform for iOS.
Contact email: privacy@projectsummit.app
02 Data we collect
The App collects data in the following categories:
| Category | Examples | Source |
|---|---|---|
| Account & identity | Name, email address | Provided by you |
| Training & performance | FTP, power zones, TSS, CTL/ATL, training load metrics | Calculated by the App |
| Activity data | Rides, GPS routes, power output, heart rate, cadence, speed | Strava, Garmin Connect, Apple HealthKit |
| Health & recovery | HRV (RMSSD), resting heart rate, sleep duration and quality | Apple HealthKit |
| Device & usage | iOS version, app version, anonymised crash logs | Device automatically |
03 How we use your data
Data is used solely to provide and improve the App's core functionality:
- Generate and adapt personalised cycling training plans
- Calculate training load, fatigue, and recovery readiness
- Estimate eFTP and power curve via the CP2 model
- Push structured workouts to connected platforms (Garmin, Zwift, intervals.icu)
- Detect skipped sessions and cascade plan adjustments
- Diagnose and fix application errors
We do not use your data for advertising, profiling for commercial purposes, or sale to third parties.
04 Third-party integrations
Project Summit connects to the following external services. Each operates under its own privacy policy.
| Service | Purpose | Data shared |
|---|---|---|
| Strava | Import completed activities | Read-only activity access via OAuth 2.0 |
| Garmin Connect | Distribute workouts; import HRV & health data | Workout files pushed; health metrics read |
| intervals.icu | Workout distribution to Garmin, Zwift, MyWhoosh | Structured workout data |
| Apple HealthKit | Read sleep, HRV, and activity data | No data written back; read-only queries |
| Supabase | Backend database & serverless functions | Training plan data stored securely in EU region |
You may disconnect any integration at any time from the App's settings or directly from the third-party platform.
05 Data storage & security
Your data is stored on Supabase infrastructure hosted in the EU (West Europe) region. Data in transit is encrypted using TLS 1.2+. Data at rest is encrypted at the storage layer by Supabase.
Access to backend services is protected by row-level security policies. Only your authenticated user account can read or modify your personal training data.
HealthKit data is queried locally on-device and transmitted to the backend only as a unique aggregated recovery metric. Raw biometric samples are never uploaded.
06 Data retention
Your data is retained for as long as your account is active. If you request account deletion:
- Your personal data will be permanently deleted within 30 days
- Anonymised, aggregated training statistics that cannot be re-linked to you may be retained for product improvement
- Backup copies are purged within 90 days of account deletion
07 Your rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access — request a copy of the data held about you
- Rectification — correct inaccurate data
- Erasure — request deletion of your data ("right to be forgotten")
- Portability — receive your data in a machine-readable format
- Restriction — limit how your data is processed
- Objection — object to certain types of processing
To exercise any of these rights, contact us at privacy@projectsummit.app. Requests will be responded to within 30 days.
If you are located in the European Economic Area, you have the right to lodge a complaint with your local data protection authority (DPA).
08 Children's privacy
Project Summit is not directed at children under the age of 13 (or 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has provided personal data to the App, please contact us and we will delete it promptly.
09 Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated via in-app notification at least 7 days before taking effect. The "Last updated" date at the top of this page reflects the most recent revision.
Continued use of the App after the effective date constitutes acceptance of the updated policy.
10 Contact
For privacy-related questions, requests, or complaints:
Project Summit — Privacy Enquiries
Email: privacy@projectsummit.app