VerticalCalendar →

Privacy

Privacy Policy

Last updated · May 12, 2026

What We Collect

When you use Vertical we store the following:

  • Account: your email address and authentication identifier.
  • Profile: display name, experience level, weekly mileage goal, max heart rate and HR zones, preferred rest and long-run days.
  • Training: the workouts and races you log or generate (date, sport, planned and actual distance, duration, elevation, heart rate, training-load score, notes).
  • Events: upcoming races you add (name, date, distance, elevation, goal).
  • Strava (if connected): OAuth access and refresh tokens, your athlete id and name, and per-activity date, sport, distance, moving time, elevation, average and max heart rate, suffer score, and recording device name.
  • App preferences: last-sync timestamps and similar settings stored locally in your browser.

We do not access your social feed, friends, photos, GPS streams, segments, or location traces beyond what is needed to display your training.

How We Use It

Your data powers your calendar, weekly summaries, training-load metrics, and the personalized suggestions produced by our AI coach. It is never used for advertising or shared with third parties for marketing.

We Do Not Sell Your Data

Vertical does not sell, rent, or trade your personal data. We do not share it with data brokers or advertising networks under any circumstances.

AI-Generated Content

Workout analyses, training plans, and coaching suggestions in Vertical are generated by large language models. They are produced for informational purposes only, are not medical, physiotherapy, or professional coaching advice, and should not be treated as a substitute for guidance from a qualified professional. You are responsible for how you act on any suggestion. If something hurts, stop and consult a clinician.

Strava Data

Strava activity data is fetched only after you authorize the connection, and only using the activity:read_all scope. We store the OAuth access and refresh tokens, your athlete id and name, and the activity fields needed to populate your training calendar (date, sport, distance, duration, elevation, heart rate, suffer score, and recording device name for partner attribution). We do not store GPS streams, photos, kudos, comments, segments, friends, or any other athlete's data.

You can disconnect at any time from your Profile. Disconnecting calls Strava's /oauth/deauthorize endpoint, deletes the stored tokens, and permanently removes every activity record we imported from Strava for your account within seconds. If you revoke access from strava.com/settings/apps instead, Strava notifies us via webhook and we delete your tokens and Strava-sourced workouts the same way — automatically and within seconds.

Use of Strava data is also governed by Strava's Privacy Policy.

Storage and Security

Your data is stored in our managed backend with row-level security so only you can read or modify your records. Authentication tokens (including Strava OAuth tokens) are stored encrypted at rest.

Your Rights

You can edit your profile or delete individual workouts at any time. To delete your account and all associated data, contact us at the email below.

Contact

Questions or requests: privacy@verticaltraining.app.