Last updated: 7 July 2026
Adaptio ("we", "us") is an AI-powered adaptive training assistant for cyclists, operated from Sofia, Bulgaria. This policy explains what personal data we collect, why we collect it, how we protect it, and the rights you have under the EU General Data Protection Regulation (GDPR).
Adaptio, Sofia, Bulgaria. Contact for all privacy matters: privacy@adaptio.cc.
| Category | Examples | Source |
|---|---|---|
| Account data | Email address, display name, password hash | Provided by you |
| Activity data | Workouts: duration, distance, power, heart rate, cadence, speed, GPS summaries | Garmin Connect and other platforms you connect (e.g. intervals.icu), with your explicit authorization |
| Wellness data | Sleep duration and quality, resting heart rate, HRV, stress and recovery metrics | Garmin Connect, with your explicit authorization |
| Your messages to the coach | Free-text messages such as available time or how you feel | Provided by you in the app |
| Technical data | Log data, device/browser type, approximate region | Generated when you use the service |
| Payment data | Subscription status. Card details are processed by our payment provider (Stripe) and never stored by us. | Stripe |
Adaptio connects to Garmin Connect (and optionally other training platforms) only after you complete that platform's own OAuth authorization flow. We never see or ask for your Garmin password. You control exactly which data types you share, and you can revoke access at any time — either inside Adaptio or from your Garmin Connect account settings. After revocation we stop receiving new data immediately.
Our use of data received from Garmin complies with the Garmin Connect Developer Program requirements. Garmin data is used exclusively to provide the Adaptio service to you, the authorizing user, and is never displayed to other users or disclosed to third parties.
Your data is stored in a Supabase database hosted in the European Union. Transfers to processors outside the EU (e.g. our AI provider) are protected by appropriate safeguards such as the EU Standard Contractual Clauses.
Each processor acts only on our instructions under a data processing agreement. We do not sell personal data, and we do not share it with advertisers.
For as long as you have an account. If you delete your account, your personal data — including all synced activity and wellness data — is permanently deleted within 30 days, except where a longer retention period is required by law (e.g. invoicing records).
Under the GDPR you have the right to access, rectify, delete, or export your data, to restrict or object to processing, and to withdraw consent at any time. To exercise any of these rights, email privacy@adaptio.cc — we respond within 30 days. You also have the right to lodge a complaint with your supervisory authority; in Bulgaria this is the Commission for Personal Data Protection (cpdp.bg).
All data is encrypted in transit (TLS) and at rest. Access tokens for connected platforms are stored encrypted, and access to production systems is limited and logged.
Adaptio is not intended for persons under 16, and we do not knowingly collect their data.
If we make material changes, we will notify you by email or in the app before they take effect. The current version is always available at this page.
Questions? Write to privacy@adaptio.cc.