Privacy Policy

Welcome to myDOMESTIQ, an AI-powered cycling coaching platform operated by Gregor Augustin, Sole Proprietor (s.p.), based in Slovenia, European Union.

We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Slovenian data protection law.

Data Controller:
Gregor Augustin s.p.
Slovenia, EU
support@mydomestiq.app

To provide personalised AI coaching, we collect the following categories of data:

• Identity & Contact: Name and email address, collected at registration.
• Fitness & Health Data: Training activities, heart rate, power output, distance, elevation, and related physiological metrics — synced via connected platforms (Strava, Garmin Connect) or entered manually.
• Profile Data: Age, gender, weight, FTP (Functional Threshold Power), training history, food preferences, and lifestyle information provided during onboarding or in settings.
• Calendar Data (optional): If you connect Google Calendar, we read event titles and times to detect schedule conflicts with planned workouts. We do not store or modify calendar content.
• Usage Data: Log-in timestamps, feature interactions, and error logs — used for platform stability and improvement.

We process your data on the following legal bases under Article 6 GDPR:

• Contract performance (Art. 6(1)(b)): Processing your fitness and profile data is necessary to deliver the AI coaching service you signed up for.
• Consent (Art. 6(1)(a)): Connecting third-party platforms (Strava, Garmin, Google Calendar) and processing special category health data (Art. 9(2)(a)) requires your explicit consent, given during onboarding or in Settings.
• Legitimate interests (Art. 6(1)(f)): We process usage and error logs to maintain platform security and performance.

Your data is used exclusively to:

• Generate and adapt personalised weekly training plans via our AI engine.
• Calculate training load, fitness trends, and recovery metrics.
• Provide AI coach feedback on completed workouts.
• Detect schedule conflicts and adjust plans to your availability.
• Improve platform reliability (anonymised usage logs only).

We never sell, rent, or share your data with third parties for marketing purposes.

myDOMESTIQ connects to the following platforms when you explicitly authorise the connection:

• Strava: Activity history is synced via the official Strava API. We store activity metrics (power, heart rate, duration, distance) in our database. Raw Strava data remains owned by you and Strava.
• Garmin Connect (coming soon): Direct integration via the Garmin Health API is under development.
• Google Calendar (optional): We read event data to detect training conflicts. No calendar data is stored on our servers beyond the current session.

We use the following sub-processors to operate myDOMESTIQ. All are GDPR-compliant and bound by data processing agreements:

• Supabase (Supabase Inc.): Database and authentication. Data stored in the EU (Stockholm, Sweden).
• Railway (Railway Corp.): Backend API hosting. Deployed in the EU (Amsterdam, Netherlands).
• Vercel Inc.: Frontend hosting and CDN.
• OpenAI (OpenAI, LLC): AI language models (GPT-4o) used to generate training plans, coaching feedback, and meal suggestions. Anonymised training metrics and coaching prompts are sent to OpenAI's API for processing. No directly identifiable personal information (name, email) is included in these requests.

myDOMESTIQ uses automated processing, including AI-generated training plans and workout feedback, as described in Article 22 GDPR. These automated outputs are recommendations only — you are never required to follow them, and no decisions with legal or similarly significant effect are made solely by automated means.

You can always contact us to request a human review of any AI-generated recommendation.

Your identity (name/email) is stored separately from your physiological and activity data, linked only by an internal UUID. This means that in the event of a technical breach, your health metrics cannot be directly linked to your personal identity.

All data is transmitted over encrypted HTTPS connections. Access to production databases is restricted to authorised personnel only.

We retain your data for as long as your account is active. Specifically:

• Account & profile data: Retained until you delete your account.
• Activity & training data: Retained until you delete your account or request deletion.
• Usage logs: Retained for up to 90 days for security and debugging purposes.

After account deletion, all personal data is permanently purged within 30 days.

As an EU data subject, you have the following rights:

• Right of access — request a copy of your data.
• Right to rectification — correct inaccurate data.
• Right to erasure — delete all your data (available directly in Settings).
• Right to restrict processing — limit how we use your data.
• Right to data portability — receive your data in a machine-readable format.
• Right to object — object to processing based on legitimate interests.
• Right to withdraw consent — disconnect any integration at any time in Settings.

To exercise any of these rights, contact us at: support@mydomestiq.app

You can permanently delete your account and all associated data at any time via Settings → My Data → Delete Account. This action is irreversible and removes all activity history, training plans, coach messages, and connected integrations from our servers.

If you believe we have not handled your data in accordance with GDPR, you have the right to lodge a complaint with the competent supervisory authority:

Information Commissioner of the Republic of Slovenia (IP RS)
Dunajska cesta 22, 1000 Ljubljana, Slovenia
www.ip-rs.si

We may update this policy from time to time. Material changes will be communicated via email or an in-app notification. The date at the top of this page always reflects the most recent revision.