Privacy Policy

Last updated: [DATE]

This Privacy Policy describes how Coach Claw ("we," "us," "our") collects, uses, stores, and shares information when you use our service at app.coachclaw.fitness and the Coach Claw MCP server (collectively, the "Service").

By using the Service, you agree to this Policy.

1. Who We Are

Coach Claw is operated by [YOUR BUSINESS ENTITY]. Contact us at [CONTACT EMAIL].

2. Information We Collect

From you directly

Account information. Email address, name, password (handled by Clerk — we do not see your password).
Profile information. Anything you tell the coach: training goals, race targets, injuries, training history, schedule constraints, etc.
Billing information. When you subscribe, Stripe collects your payment method. We receive a Stripe customer ID and limited metadata (subscription status, billing email). We do not see or store card numbers.

From third-party providers you connect

When you connect a data provider like Garmin, we receive:

Activity data. Run/ride/swim/hike summaries: time, distance, pace, heart rate, GPS tracks, elevation, splits, training load, running dynamics, training effect labels.
Health data. Sleep records, HRV readings, body battery, stress measurements, resting heart rate, VO2 max estimates.
Profile data. Display name, age, weight, max HR, lactate threshold HR, training status — whatever Garmin (or another connected provider) surfaces about you.

Garmin credentials (important)

Garmin Connect does not offer public OAuth access to small developers. To sync your data, we authenticate to your Garmin account on your behalf using your Garmin email and password.

We store your Garmin password. It is encrypted at rest using industry-standard symmetric encryption (Fernet / AES-128 in CBC with HMAC). The encryption key is a server-side secret never exposed to client code. We use these credentials solely to authenticate to Garmin Connect on your behalf. They are stored only as long as the integration is active; when you disconnect Garmin or delete your account, the encrypted credentials are removed.

You should treat your Garmin password as compromised in the unlikely event of a security breach affecting us. We strongly recommend you use a unique password for Garmin Connect (i.e. not the same password as any other service) so that a breach here does not expose other accounts.

Automatically collected

Usage data. Pages you visit, MCP tool calls you make, timestamps. Used for product analytics and debugging.
Technical data. IP address, browser type, device information, log data. Used for security and operational diagnostics.

What we do NOT want you to share

We deliberately do not solicit, and ask you not to submit:

Social Security numbers, government identifiers, or financial account numbers beyond what Stripe collects directly.
Detailed medical diagnoses, prescriptions, or protected health information (PHI) of the type covered by HIPAA.
Information about other people without their consent.
Login credentials for services other than the providers we explicitly support.

If you submit prohibited information through the chat interface or coaching memory, we may delete it without notice.

3. How We Use Your Information

Provide the coaching analysis and AI-powered training recommendations that are the core of the Service.
Sync, store, and analyze your activity and health data.
Authenticate you and manage your account.
Bill you and process subscriptions.
Send service-related communications (account confirmations, billing receipts, security notifications).
Improve the Service via aggregated, de-identified analytics.
Detect and prevent fraud, abuse, and security incidents.
Comply with legal obligations.

We do not sell your personal information. We do not use your data to train third-party AI models.

4. AI Processing — How Your Data Goes to Anthropic

Coach Claw's coaching analysis is powered by Claude, an AI assistant operated by Anthropic. To generate analysis, we send relevant portions of your training and health data to Anthropic's API.

You should understand:

Anthropic processes your data under its commercial terms. As of those terms, Anthropic does not train models on data submitted through the API.
We minimize what we send: a single coaching call typically includes a summary of recent activities, your profile (max HR, RHR, VO2 max), and whatever you ask the coach about. We do not send raw GPS coordinates or precise location data to Anthropic unless explicitly required by an analysis you request.
When you connect Coach Claw to your own Claude account via the MCP, you are using Anthropic's service directly under your relationship with Anthropic. Coach Claw provides the tool surface but does not see those conversations — they go between your Claude client and the MCP server.

5. Who We Share Information With

We share information with the third-party providers we rely on to run the Service. Each is bound by its own privacy practices:

Provider	What they receive	Why
Clerk	Email, password (they store; we never see), session data	Authentication
Stripe	Payment card data (collected by Stripe directly), customer ID, subscription status	Billing
Anthropic	Training data summaries, coaching prompts, MCP tool inputs	AI inference
Garmin Connect	Your Garmin credentials (used to authenticate to your existing Garmin account)	Activity / health data sync
Railway	All Service data (Railway hosts our infrastructure)	Hosting
Tigris	GPX files, chart images, serialized blobs	Object storage

We do not share your personal information with advertisers or marketers. We do not sell your data. We may disclose information when required by law (subpoena, court order, government investigation) or to protect rights, property, or safety.

6. Data Retention

We retain your data while your account is active and for a reasonable period after deletion to comply with legal obligations and resolve disputes.

Account data. Deleted within 30 days of account closure.
Garmin credentials. Deleted immediately when you disconnect Garmin or delete your account.
Activity and health data. Deleted within 30 days of account closure, unless you've requested an export beforehand.
Billing records. Retained as long as required by tax and accounting laws (typically 7 years).
Backups. May persist for up to 90 days after deletion before backup rotation purges them.

7. Your Rights

Depending on where you live, you may have the following rights:

Access. Request a copy of the personal information we hold about you.
Correction. Ask us to correct inaccurate information.
Deletion. Ask us to delete your account and the data associated with it.
Export. Request a machine-readable export of your data.
Object / restrict. Object to certain processing or ask us to restrict how we use your data.
Withdraw consent. If we are processing data based on your consent, you can withdraw it at any time.

To exercise any of these rights, email us at [CONTACT EMAIL]. We will respond within 30 days.

California residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect, the right to delete it, and the right not to be discriminated against for exercising your rights. We do not sell personal information.

EU / UK residents (GDPR / UK GDPR)

If you are in the EU or UK, you have rights under the GDPR including access, rectification, erasure, restriction, portability, and objection. Our lawful bases for processing are: contract (to provide the Service you've signed up for), legitimate interests (to improve and secure the Service), and consent (for any optional processing).

Coach Claw is operated from the United States. Data you submit will be transferred to and stored in the United States. We rely on standard safeguards for international data transfers.

8. Security

Encryption in transit. TLS for all client-server communication.
Encryption at rest. Garmin credentials and other sensitive tokens are encrypted at rest with a server-side key.
Access controls. Database access is restricted; secrets are stored in environment variables, not in source code.
Least privilege. Service accounts (Stripe, Clerk, Anthropic) operate with the minimum scopes needed.

No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you and the relevant authorities as required by law.

9. Children

The Service is not intended for and may not be used by anyone under 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, contact us and we will delete it.

10. Cookies and Similar Technologies

We use a minimal set of cookies necessary to operate the Service:

Authentication cookies set by Clerk to keep you logged in.
Strictly necessary cookies for security and session management.

We do not use third-party advertising cookies or behavioral tracking.

11. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice in the Service at least 30 days before the changes take effect. The "Last updated" date at the top of this policy will always reflect the most recent revision.

12. Contact

For questions or to exercise your privacy rights, email us at [CONTACT EMAIL].