ENDURIO

    Privacy Policy

    Last updated: November 3, 2025

    Who we are

    Endurio provides AI powered endurance training plans and related services.

    For privacy concerns contact us at support@endurio.app.

    Overview

    This Privacy Policy explains how Endurio ("we", "us", "our") collects, uses, discloses and safeguards your information when you use our website and services (the "Services"). By using the Services, you consent to the practices described in this Policy.

    What data we collect

    • Account and contact information: such as name and any details you provide when you interact with our waitlist or sign-up forms.
    • Support messages and communications that you send to us.
    • Payment information if applicable. Payments are processed by trusted providers.
    • Usage data: information about how you use the Services, including pages viewed, links clicked and other actions within the site.
    • Device and technical data: IP address, browser type, operating system, referring URLs and identifiers necessary to operate and secure the Services.
    • Plan inputs: event name, event date, training level and weekly availability that you submit to generate a plan.
    • Activity data from third party integrations: workout files, training metrics, schedules and related performance data that you choose to sync from services you connect to the Services.
    • Chatbot and app interactions: messages and in app actions that help us improve the Services.

    How we use your data

    • Provide, operate and improve the Services.
    • Personalize content and measure engagement.
    • Communicate with you, including service updates and support.
    • Maintain safety, security and integrity of the Services.
    • Comply with legal obligations and enforce our terms.
    • Send updates and communications with your consent for marketing.
    • Detect fraud and maintain security.

    Cookies

    Our website uses cookies to enhance your experience. Cookies help us remember your preferences, track website usage and analyze performance.

    We use Mixpanel analytics with autocapture and session recording enabled to analyze usage. Our analytics endpoint is in the EU. You can block analytics in your browser or with content blockers.

    You can disable cookies through your browser settings. Some features may not work without cookies.

    Third party integrations

    You may choose to connect third party services that hold your sport activity data. When you connect a service, we receive the activity data that you authorize and a token that lets us sync that data.

    • Scope: we only request the minimum scopes needed to import workouts, metrics and related training information.
    • Use: we use imported data to generate plans, adapt recommendations and show your history in the Services.
    • Control: you can disconnect an integration at any time in the connected service or in the Services where available. After disconnecting, we stop future syncs.
    • Security: we store access tokens securely and do not share them with other parties.
    • Deletion: you can ask us to delete imported activity data subject to applicable law. Some data may persist in backups for a limited time.

    Examples of third party services include major sport platforms and device providers. Specific integrations may change over time.

    Who we share your data with

    We do not sell your personal information. We may share information with:

    • Service providers who assist us in operating, analyzing or securing the Services (under appropriate confidentiality and data protection obligations).
    • Authorities, regulators or other parties when required by law or to protect our rights, users or the public.
    • Another company in connection with a merger, acquisition or asset sale, subject to standard confidentiality.
    • Our business affiliates where relevant.

    Typical providers include Vercel for hosting, PostgreSQL database for waitlist storage, Mixpanel for analytics, Cloudflare Turnstile for bot protection, Google Cloud for search and document services and other vendors that help us run the Services.

    Data security

    We use industry standard encryption and security measures to protect your data. No online service is completely secure. Keep your password confidential and use unique credentials.

    Sources of data

    • Directly from you when you fill forms or connect services.
    • Automatically from your device when you use the site.
    • From third party services that you choose to connect to the Services.

    Data retention

    We retain personal information for as long as needed to provide the Services, fulfill the purposes outlined in this Policy and comply with legal obligations. Retention periods vary depending on the type of data and our legal/regulatory requirements.

    • Waitlist records: stored in our database until you ask us to delete them or we no longer need them.
    • Plan inputs: kept in logs for a short period for troubleshooting then deleted.
    • Generated PDFs: stored as public files to let you download your plan. You can ask us to remove a link if needed.
    • Analytics data: retained by our analytics provider per their default schedules.

    Your rights

    • Opt out of non-essential cookies via your browser settings.
    • Request access to, correction of or deletion of your personal information, subject to applicable law.
    • Object to or restrict certain processing where applicable by law.
    • Disconnect third party integrations at any time to stop future syncs.
    • You may have additional rights under your local laws. We honor valid requests as required by law.
    • Request your data in a portable format.

    To exercise these rights contact us at [Insert Email Address]. We respond within 30 days.

    International transfers

    If you access the Services from outside the country where our systems are located, your information may be transferred, stored and processed in jurisdictions with different data protection laws. We take steps to ensure appropriate safeguards where required.

    Children's privacy

    Our Services are not directed to children under 13 and we do not knowingly collect personal information from children. If we learn that a child has provided personal information we will take steps to delete such information as required by law.

    Updates to this policy

    We may update this Privacy Policy from time to time. We will post the updated Policy with a new "Last updated" date. Your continued use of the Services after changes become effective constitutes your acceptance of the updated Policy.

    Your legal rights

    We comply with applicable privacy laws including GDPR and CCPA. You may have additional rights under your local laws. You can lodge a complaint with your local data protection authority.

    Other disclosures

    • AI and model providers: when you request event details or plan options we may send limited prompts or labels to external AI or search services to get structured results.
    • CAPTCHA and bot protection: we use Cloudflare Turnstile which may process technical details needed to validate human activity.
    • Security: we use reasonable technical and organizational measures to protect information, but no method is 100% secure.