Last updated: 2026-03-19

This privacy policy applies to the public Strava Coach Custom GPT project and its related repository assets.

Overview

We follow a data minimization approach and only use data that is needed to answer the user’s request during an active session.

This GPT is designed for session-based processing only. It does not provide background tracking, continuous monitoring, or ongoing access to Strava data when you are not actively using the tool.

No Data Storage

This GPT does not store, save, or retain personal data, workout history, or activity information beyond the current session.

Once the session ends, no activity data is retained by this GPT as part of its intended design.

Secure Authentication

Users connect their Strava account through secure OAuth authentication.

Your Strava email address and password are never seen, accessed, or stored by this GPT.

Authentication is handled by Strava and the platform components that support the connection flow.

Limited Data Usage

During an active session, the GPT may temporarily access workout-related data needed to answer your request, such as:

  • pace
  • heart rate
  • cadence
  • power
  • activity summaries and related metadata

This data is used only to generate analysis, summaries, and coaching guidance for the current session.

Data is not used for training this GPT, profiling users, or tracking users over time.

Data Sharing

Your data is not shared, sold, or transferred to third parties except as technically necessary to complete the Strava connection or fulfill the active request through the configured platform and approved action flow.

We do not sell personal data.

Session-Based Processing

All data access is temporary and session-bound.

The GPT has no access to your Strava information when you are not actively using the tool.

There is no background tracking or continuous monitoring.

Security

We use reasonable efforts to avoid exposing sensitive information in prompts, repository contents, and Action definitions.

No method of storage or transmission is completely secure.

User Control

You can revoke access at any time through your Strava account settings.

Transparency of Limitations

If certain data is unavailable, such as heart rate streams, power streams, or other missing activity details, the GPT should clearly state that the analysis may be limited.

What We Access During a Session

Depending on the GPT configuration and your request, the project may temporarily process:

  • prompts and chat inputs submitted by users
  • activity-related context a user chooses to share
  • Strava-derived workout metrics needed for analysis during the active session
  • action request and response payloads required to fulfill the request

Third-Party Services

This project may rely on third-party platforms such as:

  • OpenAI for GPT functionality
  • Strava for account authentication and activity data access
  • GitHub for source control and public hosting of repository materials

Those services may have their own terms and privacy practices.

Changes to This Policy

We may update this policy from time to time.

Material changes should be committed in version control so the history remains public.

Contact

Use the repository issue tracker as the public contact channel.