Privacy.

• Account. Your email address, a name if you give one, and an authentication record from Supabase (the database and auth provider Good Legs runs on).
• Connection tokens. Either a Strava OAuth access and refresh token, or an intervals.icu API key, depending on which source you connect. These are how we pull your activities.
• Power data. Activities, interval splits, power streams, heart-rate streams, durations, distances, elevation, dates. The raw signal that lets the diagnostic do its job.
• Activity descriptions. The notes you write on your rides on Strava or intervals.icu. The diagnostic reads them to detect context tags like “cut short” or “legs felt dead.” You can turn this off in Settings; when off, the rest of the product still works.
• Profile. Weight, height, age, sex, FTP, training hours, goals. Whatever you fill in during onboarding so the coach can plan around you.
• Generated artifacts. The verdicts, training plans, and check-ins Good Legs produces for you, stored so you can look back at them.

• No precise location or GPS routes. The diagnostic doesn't need them.
• No payment details. Good Legs is free for early riders. If pricing arrives, it'll be handled by Stripe and we won't see card numbers.
• No analytics fingerprinting of you across the web.

• Compute features. Zone distribution, FTP drift, hard-day ratio, power-curve gaps, and the other deterministic signals the diagnostic runs on. These are pure functions of your data.
• Generate narrative. A language model takes the computed features plus your profile and writes the verdict. It is instructed to cite your actual numbers and not invent any. The model never sees your email, your name, or any cross-user data.
• Send email. Check-in reminders, test-week reminders, and overtraining warnings. You can opt out per-event in Settings or via the unsubscribe link in every email.
• Improve the product. Every (prompt, completion) pair the LLM produces is logged against your user id so we can improve the diagnostic over time. This data is internal-only.

• Database.Supabase (managed Postgres). Row-level security is on for every user-owned table, so one user can never read another's rows.
• Tokens are encrypted at rest. Your Strava access and refresh tokens and your intervals.icu API key are encrypted with AES-256-GCM in Node before they touch the database. The encryption key never sits in Postgres; only the application can decrypt. A stolen database dump is, by design, useless for impersonating you against Strava or intervals.icu.
• Logs. Application logs never contain your email, name, or raw activity payloads. Sentry has scrubbers configured for these; the structured logger uses an allowlist.

A small, fixed list. No advertisers. No data brokers. No “partners.”

• Baseten hosts the language model that writes verdict prose. The computed feature dict and your profile are sent in the prompt; raw activity descriptions only when needed and only after the context-tag extractor has stripped them down. Baseten does not retain the content of these calls beyond its short request log.
• Resend sends our email. They see your address, the subject, and the body of any email we send you.
• Supabase is our database and auth provider. Their staff have operational access to the underlying Postgres instance the same way any managed-database vendor does.
• Strava and intervals.icuare the sources for your activity data. We read from them; we don't write back. Disconnecting either in Settings revokes our token immediately.

We have never sold user data. If that ever changes you'll see a notice that's impossible to miss before it happens.

Go to Settings and use the “Delete account” control, or email patrick@goodlegs.app with the subject line delete me. Either path triggers the same flow:

• Your auth.users row is deleted.
• Every row that references your user id cascades out (activities, verdicts, plans, check-ins, connection tokens).
• Your encrypted Strava and intervals.icu tokens are removed; we stop syncing.
• Backup snapshots roll off within 30 days. After that no copy of your data exists on our infrastructure.
• One exception: the de-identified (prompt, completion) training pairs may be retained after deletion with your user link removed, so they can no longer be traced back to you.

You can also export everything we hold on you as JSON from Settings before deleting, if you want a record.

If you're in the EU, UK, or California, GDPR / CCPA give you rights to access, correct, export, and delete your data. The flows above satisfy all of them; email patrick@goodlegs.appif anything doesn't work and we'll handle it manually.

Good Legs is for adults training for adult bike races. You must be at least 16 to create an account. If we learn a minor signed up we'll delete the account.

If this policy changes in a way that affects what we collect or who we share with, the date at the top of this page will update and you'll get an email before the change goes live.

Anything in this page that's unclear or wrong, email patrick@goodlegs.appand you'll hear back from a human.