Privacy Policy

Last updated: March 11, 2026

1. Introduction

Pairform ("we", "our", "us") operates the pairform.io website and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2. Information We Collect

Account Information

When you create an account, we collect your email address, name, and timezone preference. Authentication is handled by Supabase Auth.

Fitness & Health Data

We collect fitness and health data from third-party services you connect:

  • Strava: Workout activities, distance, duration, heart rate, cadence, power, elevation, HR zones
  • WHOOP: Sleep data, recovery scores, strain, HRV, resting heart rate
  • Withings: Weight, body composition (body fat, muscle mass, water percentage)
  • Garmin: Activities, sleep, daily summaries, body composition, VO2max, training status
  • Oura: Sleep stages, readiness, HRV, temperature deviation, SpO2
  • Fitbit: Sleep, heart rate, weight, SpO2, breathing rate, skin temperature
  • Intervals.icu: Training stress scores, planned workouts, wellness data

We only access data you explicitly authorize through each provider's OAuth consent flow (or API key for Intervals.icu). You can disconnect any integration at any time.

Manually Entered Data

You may manually log nutrition (calories, macros), perceived exertion (RPE), workout notes, goals, injuries, and races.

AI Coaching Conversations

When you use the built-in AI coaching feature, we process and store your conversation messages along with the fitness context provided to the AI model. Conversations are tied to your account and are not shared with other users.

Payment Information

Payment processing is handled by Stripe. We store your Stripe customer ID and subscription status but never store credit card numbers or payment details directly.

3. How We Use Your Data

  • Personal dashboard: Display your aggregated fitness data, charts, and trends
  • AI coaching: Provide your fitness context to AI models for personalized coaching via the built-in chat
  • Training analytics: Calculate training load (CTL/ATL/TSB), race predictions, readiness scores, and personal records
  • External AI access: Expose your data via API and MCP endpoint so AI agents you authorize can provide coaching insights
  • Account management: Process subscriptions and send transactional emails

4. AI Coaching & Data Processing

Pairform uses third-party AI models (currently Anthropic's Claude) to power the built-in coaching feature:

  • Your fitness data is sent to AI model providers to generate coaching responses
  • AI providers process this data according to their own privacy policies and data processing terms
  • We send only the fitness context necessary to provide relevant coaching
  • Coaching conversations are stored in our database and associated with your account
  • You can stop using the coaching feature at any time; deleting your account removes all stored conversations

5. API & MCP Access

Pairform provides API keys and an MCP (Model Context Protocol) endpoint that allow external AI agents to query your fitness data:

  • You control API key creation and revocation from your profile
  • API keys are stored as one-way hashes; we cannot recover your raw key
  • We do not share your data with external AI providers unless you configure an API key or MCP connection
  • You are responsible for how third parties use data accessed through your API keys

6. Data Sharing

We do not sell your personal data. We share data only in these cases:

  • Infrastructure providers: Supabase (database and auth hosting), Stripe (payments), AWS SES (transactional email)
  • AI model providers: Anthropic (powers built-in AI coaching feature)
  • At your direction: When you create an API key or MCP connection for external AI agent access
  • Legal requirements: If required by law or to protect our rights

7. Data Security

We use industry-standard security measures including:

  • Encrypted connections (TLS) for all data in transit
  • One-way hashed API keys
  • Row-level security (RLS) on our database ensuring users can only access their own data
  • Encrypted OAuth token storage, accessed only server-side
  • Secure authentication via Supabase Auth

8. Data Retention & Deletion

We retain your data as long as your account is active. You can request account deletion by contacting us at support@pairform.io. Deletion permanently removes all your data including fitness metrics, workouts, coaching conversations, integration tokens, and API keys.

9. Your Rights

You have the right to:

  • Access your data via the dashboard, API, and MCP endpoint
  • Disconnect any integration at any time
  • Revoke API keys
  • Request a copy of your data
  • Request account and data deletion

10. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal information, please contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification and update the "Last updated" date at the top of this page.

12. Contact

If you have questions about this Privacy Policy, contact us at support@pairform.io.