Privacy Policy

Last updated: February 8, 2026

1. Introduction

Pairform Running ("we", "our", "us") operates the pairform.io website and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2. Information We Collect

Account Information

When you create an account, we collect your email address, name, and timezone preference.

Fitness & Health Data

We collect fitness and health data from third-party services you connect, including:

  • Strava: Workout activities, distance, duration, heart rate, cadence, power, elevation
  • WHOOP: Sleep data, recovery scores, strain, HRV, resting heart rate
  • Withings: Weight, body composition (body fat, muscle mass, water percentage)
  • Garmin: Activities, sleep, daily summaries, body composition, VO2max
  • Oura: Sleep stages, readiness, HRV, temperature deviation, SpO2
  • Fitbit: Sleep, heart rate, weight, SpO2, breathing rate
  • Intervals.icu: Training stress scores, planned workouts, wellness data

We only access data you explicitly authorize through each provider's OAuth consent flow. You can disconnect any integration at any time.

Manually Entered Data

You may manually log nutrition (calories, macros), perceived exertion (RPE), and workout notes.

Payment Information

Payment processing is handled by Stripe. We store your Stripe customer ID and subscription status but never store credit card numbers or payment details directly.

3. How We Use Your Data

  • Personal dashboard: Display your aggregated fitness data in one place
  • AI coaching access: Expose your data via API so AI agents (ChatGPT, Claude, etc.) you authorize can provide coaching insights
  • Training load computation: Calculate CTL, ATL, and TSB from your workout data
  • Account management: Process subscriptions, send transactional emails

4. API Access & AI Agents

Pairform Running provides API keys and an MCP endpoint that allow external AI agents to query your fitness data. Key points:

  • You control API key creation and revocation from your profile
  • API keys are stored as one-way hashes; we cannot recover your raw key
  • Free tier limits API access to 30 days of history and 50 calls/day
  • Pro tier ($9/mo) provides full history and unlimited calls
  • We do not share your data with AI providers unless you configure an API key

5. Data Sharing

We do not sell your personal data. We share data only in these cases:

  • Service providers: Supabase (database hosting), Stripe (payments), AWS SES (transactional email)
  • At your direction: When you create an API key for AI agent access
  • Legal requirements: If required by law or to protect our rights

6. Data Security

We use industry-standard security measures including encrypted connections (TLS), hashed API keys, row-level security on our database, and secure OAuth token storage. Integration tokens are stored encrypted and only accessed server-side.

7. Data Retention & Deletion

We retain your data as long as your account is active. You can request account deletion by contacting us, which will permanently remove all your data including fitness metrics, workouts, integration tokens, and API keys.

8. Your Rights

You have the right to:

  • Access your data (via the dashboard and API)
  • Disconnect any integration at any time
  • Revoke API keys
  • Request account deletion

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date.

10. Contact

If you have questions about this Privacy Policy, contact us at privacy@pairform.io.