Privacy Statement

Your privacy is our priority. Here's exactly how we protect your information.

Privacy Controls

Manage your data and privacy settings

What We Protect

✅ AI Coaching Conversations - Temporary & Protected

  • Encrypted in transit: All conversations use HTTPS encryption
  • Temporary storage only: Conversations are stored for 2 hours to enable follow-up questions
  • Automatic deletion: All conversation data is permanently deleted after 2 hours
  • Token-protected: Every message requires your personal access token
  • Session-based: Each conversation session has a unique ID that expires
  • No permanent records: We never keep conversation history beyond the 2-hour window

✅ Personal Access Tokens

  • Secure validation: Tokens are verified server-side against a hardcoded list
  • Local storage only: Your token is encrypted and stored only on your device
  • No server logging: We don't log or track which tokens are used
  • User control: You can clear your token anytime using privacy controls above

What Runs Locally (On Your Device)

🔧 Training Calculators - 100% Local Processing

Our six calculators process all data locally in your browser:

  • Training Zones Calculator: HR, power, and pace zones
  • Fueling Calculator: Race nutrition and hydration planning
  • Pace Calculator: Time, distance, and pace conversions
  • Grade Adjusted Pace: Hill-adjusted effort calculations
  • Race Time Predictor: Performance predictions across distances
  • VDOT Calculator: Effective VO₂max from race results

Benefits:

  • Speed: Instant calculations without server delays
  • Privacy: Your training data never leaves your device
  • Offline access: Works without internet connection
  • No tracking: Calculator usage is never reported to our servers

Security Measures

  • HTTPS encryption for all communications
  • Token-based authentication with server-side validation
  • SQLite database with Write-Ahead Logging for data integrity
  • Prepared statements to prevent SQL injection
  • Input sanitization with 2000 character limit and HTML stripping
  • Rate limiting: 60 requests per hour per IP address
  • Automatic cleanup: Expired data deleted every hour
  • Secure headers: X-Frame-Options, CSP, and XSS protection

What We Don't Do

  • No permanent conversation storage: All chats deleted after 2 hours
  • No user accounts or profiles: We don't track individual users
  • No data selling: Your information is never shared or sold
  • No behavioral tracking: No analytics or advertising trackers
  • No cookies for tracking: Only essential session management
  • No third-party data sharing: Your data stays within our AI pipeline
  • No email collection: We don't ask for or store email addresses

How Conversations Work

Our conversational AI uses temporary storage to enable natural dialogue:

  • Session Creation: When you start chatting, a unique session ID is generated
  • 2-Hour Memory: Your conversation is stored in our SQLite database for exactly 2 hours
  • Context Awareness: This allows the AI to remember your previous questions and provide relevant follow-ups
  • Automatic Deletion: After 2 hours, your entire conversation is permanently deleted
  • Manual Deletion: You can end and delete your chat anytime using the "End Chat" button
  • No History Access: Once deleted, conversations cannot be recovered by anyone

Third-Party AI Services

To provide AI coaching, we use these services (they process but don't retain your data):

  • OpenAI: Converts your questions into searchable vectors (embeddings)
  • Pinecone: Searches our knowledge base for relevant articles
  • Anthropic Claude: Generates coaching responses based on retrieved articles

Important: These services process your questions in real-time but do not retain or store your data. Each service has committed to not using customer API data for training their models.

Data Retention Policy

  • Conversations: Automatically deleted after 2 hours
  • Calculator inputs: Stored locally on your device only (you control retention)
  • Access tokens: Encrypted local storage on your device only
  • Server logs: Basic error logs only (no conversation content), deleted after 30 days
  • Knowledge base: Static articles updated periodically (no user data)
  • Session IDs: Expire and are purged after 2 hours

Your Privacy Rights

You have complete control over your data:

  • Access: View all locally stored data using the controls above
  • Deletion: Clear local data anytime or end server conversations immediately
  • Portability: Export your calculator history in JSON format
  • Transparency: This privacy statement details all data handling
  • No consent needed: We don't collect personal data requiring consent

Questions About Your Privacy?

Contact us at privacy@alpfitness.com.

Last Updated: August 2025