Privacy Policy

Effective date: April 12, 2024
Last updated: July 2, 2025

Welcome to Wattathlon. Your privacy is important to us. This Privacy Policy explains how we collect, use, and protect your personal data when you use our services via https://wattathlon.com.

1. Data Controller

Wattathlon
Email: Адрес электронной почты защищен от спам-ботов. Для просмотра адреса в браузере должен быть включен Javascript.
Website: https://wattathlon.com

This Privacy Policy applies to users from the European Union/EEA, the United Kingdom, and other jurisdictions. Where applicable, it also aligns with the California Consumer Privacy Act (CCPA).

2. What Data We Collect

We collect the following types of personal data:

2.1 Account and Contact Data

  • Name, email address, password (hashed)

  • Team or company name (if applicable)

2.2 Training and Health-Related Data

  • Uploaded FIT files and telemetry

  • Metrics such as FTP, VO₂ max, power curves, fatigue, recovery

  • Manually entered or AI-analyzed performance data

2.3 Third-party Integrations

  • Data from platforms like Strava, Intervals.icu, etc.

  • OAuth tokens (not stored in plain text)

2.4 Device and Usage Data

  • IP address, device type, operating system, browser version

  • Cookies and usage analytics (see Section 6)

2.5 Payment Data

  • Billing data for paid plans (Team, Company)

  • Handled securely by third-party processors (e.g., Stripe, PayPal)

3. Purpose of Data Processing

Your personal data is processed for the following purposes:

  • To provide and improve our services

  • To generate AI-based training analytics and recommendations

  • To manage subscriptions and payments

  • To support third-party integrations (e.g., Strava sync)

  • To provide customer support and send service-related messages

  • To comply with legal obligations and prevent fraud

4. Legal Basis (under GDPR)

We rely on the following legal bases:

  • Contractual necessity – to provide our services

  • Consent – for marketing, health data analysis, and cookies

  • Legal obligation – to comply with tax, accounting, or security requirements

  • Legitimate interests – fraud prevention, security, and service improvements

5. Sharing and Disclosure of Data

Your data may be shared only when necessary with:

  • Service providers: hosting (Hetzner, EU), analytics, email, payment

  • Integration partners: e.g., Strava (only if you link accounts)

  • Authorities: if legally required (e.g., court orders, tax audits)

We never sell your personal data to third parties.

6. Cookies and Analytics

We use cookies to enhance your experience:

6.1 Types of Cookies

  • Essential – Required for login and platform functionality

  • Analytics – To understand how users interact with the site

  • Functional – For integrations (e.g., embedded video, maps)

  • Marketing – Only if you opt-in

6.2 Third-party Services

  • Google Analytics

  • Matomo (self-hosted, GDPR-compliant)

  • Cookie banner provided to manage your preferences

You may change your preferences or withdraw consent anytime.

7. Data Retention

We retain your personal data:

  • Account & training data – as long as your account is active

  • Billing records – for 6–10 years as required by German law

  • AI-generated metrics – until deleted by the user or upon request

  • Backups & logs – for up to 90 days for security and recovery

You can delete your account and associated data at any time.

8. Your Rights (under GDPR & CCPA)

You have the right to:

  • Access, correct, or delete your data

  • Restrict or object to processing

  • Request data portability

  • Withdraw consent at any time

  • Lodge a complaint with a supervisory authority

Requests can be made via email: Адрес электронной почты защищен от спам-ботов. Для просмотра адреса в браузере должен быть включен Javascript.. We will respond within 30 days.

9. Data Security

We implement technical and organizational security measures:

  • HTTPS encryption

  • Password hashing (bcrypt or Argon2)

  • Access control and staff confidentiality

  • Regular security audits and monitoring

10. International Transfers

If personal data is transferred outside the EEA (e.g., for processing), we ensure adequate safeguards, such as:

  • Standard Contractual Clauses (SCCs)

  • Processing agreements with third parties

  • Hosting in Europe (Hetzner, Germany)

11. Changes to This Policy

We may update this Privacy Policy from time to time. Major changes will be communicated through the website or via email. Continued use of the platform indicates acceptance of the updated terms.

12. Contact

If you have questions or concerns about your data or this policy, contact us at:

Wattathlon
Email: Адрес электронной почты защищен от спам-ботов. Для просмотра адреса в браузере должен быть включен Javascript.
Web: https://wattathlon.com

You also have the right to contact your local data protection authority (e.g., BfDI in Germany).