Peakora processes information needed to connect your training data sources, display activities, create training plans, and provide AI-assisted coaching.
Information we process
We process account identifiers, email address, profile details, connected-provider identifiers, OAuth tokens when you connect Strava, training plans, AI analyses, optional marketing consent, subscription or trial status, service-usage counters, and activity data such as workout type, date, duration, distance, pace, elevation, heart rate, cadence, power, calories, splits, and similar training metrics.
If you connect Apple HealthKit, Google Health Connect, or another health source, Peakora processes only the workout and fitness data needed to import activities and generate coaching features. We do not request clinical health records.
How information is used
Your information is used to operate the service, authenticate your account, refresh connected-provider access, import and deduplicate activities, generate requested coaching content, maintain plan history, prevent abuse, enforce free-trial limits, provide support, and send transactional notifications you configure.
We do not use health or fitness activity data for advertising, ad targeting, data-broker activity, or sale to third parties. Optional marketing emails are based on your consent and account contact details, not on sensitive health data.
Legal basis and sensitive data
Where applicable, including under LGPD, fitness and health-related activity data is processed with your consent for the specific purpose of providing Peakora coaching features. You may withdraw that consent by disconnecting a provider, disabling optional settings, or deleting your account.
Service providers
Peakora uses Strava for activity data when you connect Strava, Apple HealthKit and Google Health Connect through the mobile app when you enable those sources, Supabase for server-side storage, Google Gemini for AI processing, Vercel for hosting, Sentry for error monitoring, and Resend for transactional and opted-in emails. Data sent to these providers is limited to what is needed for the feature being used.
AI prompts may include relevant activity metrics, plan context, and recent training history so the model can produce analysis and recommendations. We instruct AI systems to treat athlete data as data, not commands.
Security and retention
OAuth tokens are encrypted before storage and session cookies are encrypted, HTTP-only, and secure in production. Analyses, activities, and plans remain stored until replaced or deleted. Operational logs may be retained temporarily for security, debugging, abuse prevention, and reliability.
Your choices
You can disconnect Strava, disable optional email notifications, withdraw marketing consent, replace or remove a training plan, or permanently delete your account and associated stored data from Settings. We may retain limited anti-fraud records, such as whether a trial has already been granted, to prevent repeated free-trial abuse.
International use
Peakora and its service providers may process data in countries other than your own, including the United States and Canada, subject to appropriate provider safeguards and contractual protections.
Contact
Privacy questions or deletion requests can be sent to hello@peakora.app.