Privacy Policy

Last updated: 7 July 2026

Adaptio ("we", "us") is an AI-powered adaptive training assistant for cyclists, operated from Sofia, Bulgaria. This policy explains what personal data we collect, why we collect it, how we protect it, and the rights you have under the EU General Data Protection Regulation (GDPR).

In short: we only collect the training and wellness data you explicitly authorize (e.g. via Garmin Connect), we use it solely to generate your personal training recommendations, we never sell it or share it with third parties for their own purposes, and you can disconnect and delete everything at any time.

1. Data controller

Adaptio, Sofia, Bulgaria. Contact for all privacy matters: privacy@adaptio.cc.

2. What data we collect

CategoryExamplesSource
Account dataEmail address, display name, password hashProvided by you
Activity dataWorkouts: duration, distance, power, heart rate, cadence, speed, GPS summariesGarmin Connect and other platforms you connect (e.g. intervals.icu), with your explicit authorization
Wellness dataSleep duration and quality, resting heart rate, HRV, stress and recovery metricsGarmin Connect, with your explicit authorization
Your messages to the coachFree-text messages such as available time or how you feelProvided by you in the app
Technical dataLog data, device/browser type, approximate regionGenerated when you use the service
Payment dataSubscription status. Card details are processed by our payment provider (Stripe) and never stored by us.Stripe

3. How third-party platform connections work

Adaptio connects to Garmin Connect (and optionally other training platforms) only after you complete that platform's own OAuth authorization flow. We never see or ask for your Garmin password. You control exactly which data types you share, and you can revoke access at any time — either inside Adaptio or from your Garmin Connect account settings. After revocation we stop receiving new data immediately.

Our use of data received from Garmin complies with the Garmin Connect Developer Program requirements. Garmin data is used exclusively to provide the Adaptio service to you, the authorizing user, and is never displayed to other users or disclosed to third parties.

4. Why we process your data (purposes and legal bases)

5. Where your data is stored

Your data is stored in a Supabase database hosted in the European Union. Transfers to processors outside the EU (e.g. our AI provider) are protected by appropriate safeguards such as the EU Standard Contractual Clauses.

6. Our processors

Each processor acts only on our instructions under a data processing agreement. We do not sell personal data, and we do not share it with advertisers.

7. How long we keep your data

For as long as you have an account. If you delete your account, your personal data — including all synced activity and wellness data — is permanently deleted within 30 days, except where a longer retention period is required by law (e.g. invoicing records).

8. Your rights

Under the GDPR you have the right to access, rectify, delete, or export your data, to restrict or object to processing, and to withdraw consent at any time. To exercise any of these rights, email privacy@adaptio.cc — we respond within 30 days. You also have the right to lodge a complaint with your supervisory authority; in Bulgaria this is the Commission for Personal Data Protection (cpdp.bg).

9. Security

All data is encrypted in transit (TLS) and at rest. Access tokens for connected platforms are stored encrypted, and access to production systems is limited and logged.

10. Children

Adaptio is not intended for persons under 16, and we do not knowingly collect their data.

11. Changes to this policy

If we make material changes, we will notify you by email or in the app before they take effect. The current version is always available at this page.

Questions? Write to privacy@adaptio.cc.