Privacy Policy

Last Updated: May 13, 2026

ATHLIVIA LLC ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including OptiRun BASE and related applications.

Third-Party Integrations

Our services may integrate with third-party fitness platforms including Apple HealthKit, Garmin Connect, Strava, Polar Flow, and COROS Training Hub. When you connect these services, we access certain data as described below. You can disconnect these integrations at any time through your account settings.

1. Information We Collect

1.1 Account Information

Name and email address
Password (encrypted)
Profile information (team affiliation, role)

1.2 Health and Fitness Data

When you connect your wearable device or fitness platform, we may collect:

Data Type	Examples	Source	Purpose
Activity Data	Workouts, running distance, pace, steps	Apple HealthKit, Garmin Connect, Strava, Polar Flow, COROS, manual entry	Training load analysis
Heart Rate Data	Resting HR, HR zones, HRV	Apple HealthKit, Garmin Connect, Strava, Polar Flow, COROS	Recovery and readiness assessment
Sleep Data	Sleep duration, sleep stages, sleep score	Apple HealthKit, Garmin Connect, Polar Flow, COROS	Recovery monitoring
Body Metrics	Weight, body composition (if available)	Apple HealthKit, Garmin Connect, manual entry	Athlete profile management
GPS / Route Data	Route summary, elevation gain, distance (raw GPS coordinates are NOT collected by us)	Garmin Connect, Strava, COROS	Training analysis (summary level only)

1.3 Usage Information

App usage patterns and feature interactions
Device information (OS version, device model)
Log data and error reports

2. How We Use Your Information

We use the collected information for the following purposes:

Service Delivery: To provide training analysis, condition monitoring, and performance insights
Personalization: To customize recommendations based on your training data
Communication: To send service-related notifications and updates
Improvement: To analyze usage patterns and improve our services
Support: To respond to your inquiries and provide customer support

3. Data Sharing and Disclosure

3.1 We Do NOT:

Sell your personal data to third parties
Share your health data with advertisers
Use your data for purposes unrelated to our services

3.2 We May Share Data With:

Team Coaches/Staff: If you are part of a team using OptiRun BASE, data sharing with designated team coaches is enabled only after the athlete explicitly opts in during team enrollment. Athletes may revoke team sharing at any time via Account → Privacy settings. Data from third-party APIs (Garmin, Strava, etc.) is shared under the same opt-in consent.
Service Providers: Third-party services that help us operate our platform (e.g., cloud hosting, analytics) under strict confidentiality agreements
Legal Requirements: When required by law or to protect our rights

3.3 Aggregated Data

We may use anonymized, aggregated data for research and statistical purposes. This data cannot be used to identify individual users.

4. Third-Party Platform Integrations

4.1 Apple HealthKit

Our iOS apps (OptiRun BASE, OptiRun PERSONAL) may read health data from Apple HealthKit with your explicit permission.

Data Collected: Steps, heart rate (resting & active), sleep analysis, active energy (calories burned), workout data, body weight
Purpose: Training load analysis, condition monitoring, energy availability (EA) calculation
Important: HealthKit data is never used for advertising or marketing. Data is only accessed with your explicit permission and is not stored in iCloud.

4.2 Garmin Connect (planned — pending Garmin Health API approval)

OptiRun BASE has applied for Garmin Health API access and will integrate Garmin Connect upon approval by Garmin Ltd. The Garmin integration is not yet active in the current production build. Upon launch of the integration, the following terms will apply:

Data to be Collected: Daily summaries (steps, calories, heart rate), activity data (distance, pace, HR zones), sleep data (sleep stages, sleep score), stress level, Body Battery score
Authentication: OAuth 2.0 consent-based access. You will explicitly authorize data sharing via the official Garmin Connect authentication screen. Authentication tokens will be stored encrypted on our servers and on your device's secure Keychain.
Purpose: Training load/recovery analysis, condition monitoring, overtraining prevention alerts, Energy Availability (EA) calculation
Data Deletion: When you disconnect Garmin, authentication tokens will be immediately revoked and all data obtained from Garmin Connect will be deleted from our servers within 30 days.
License Compliance: Our use of Garmin Connect data will be governed by the Garmin Health API License Agreement. We will not use Garmin data to train machine-learning models for resale, build competing fitness products, or share with advertisers, brokers, or analytics partners.
"Powered by Garmin" Attribution: Wherever Garmin-sourced data is displayed in our app, we will display the official "Powered by Garmin Connect" attribution in accordance with Garmin Brand Guidelines.

Until the integration is launched, no Garmin Connect data is accessed, stored, or processed by OptiRun BASE. This section will be updated to remove the "planned" notice once the integration goes live.

4.3 Strava

We access data through the Strava API (OAuth 2.0 authentication) with your explicit consent.

Data Collected: Activity data (distance, pace, average and maximum heart rate, elevation, cadence, power in watts, calories burned, moving time), athlete profile information (name, profile image)
Authentication: OAuth 2.0 consent-based access. You choose the scope of data to share via the Strava authentication screen. Authentication tokens are securely stored in the device's Keychain (encrypted storage).
Purpose: Automatic training log import and storage, running data analysis, training load visualization, Energy Availability (EA) calculation
Data Storage: Imported activity data is stored in the same database table as manually entered training records and is shared between coaches and athletes. Strava-sourced data is identified as "data_source: strava".
Duplicate Prevention: We record Strava's unique activity ID to prevent duplicate imports of the same activity.
Data Deletion: When you disconnect Strava, authentication tokens are immediately removed from your device. All data obtained from Strava is deleted from our servers within 30 days.

            4.4 Other Fitness Platforms
            Polar Flow: We access training sessions, activity data, and recovery metrics through the Polar AccessLink API.
COROS Training Hub: We access workout data, training load, and performance metrics through the COROS API.

        

4.5 Data Handling Principles

We adhere to the following principles for all data obtained from fitness platforms:

We do not collect or use your data without your explicit consent
Data is used only for the purposes described in this policy
We never use fitness data for advertising or marketing purposes
We never sell or share fitness data with third parties
You can disconnect integrations and request data deletion at any time
After disconnection, collected data is deleted from our servers within 30 days

You can revoke access to these integrations at any time through:

Your OptiRun BASE account settings
The respective platform's connected apps settings (Garmin Connect, Strava, Polar Flow, or COROS app)

5. Data Storage and Security

5.1 Storage

Data is stored on secure cloud servers (Supabase / PostgreSQL) hosted on AWS infrastructure in the Tokyo region (ap-northeast-1)
Servers are located in ISO 27001 / SOC 2-certified data centers with industry-standard physical and network protections
Data is encrypted at rest (AES-256) and in transit (TLS 1.2+)
Backups are stored within the same Tokyo region and are subject to the same security controls

5.2 Security Measures

SSL/TLS encryption for all data transmission
Row Level Security (RLS) for database access control
Encrypted storage for sensitive data
Secure authentication via Supabase Auth
Regular security audits

6. Data Retention

Active Accounts: Data is retained while your account is active
Deleted Accounts: Data is deleted within 30 days of account deletion, except where retention is required by law
Backup Data: May be retained in backups for up to 90 days

7. Your Rights

You have the right to:

Access: Request a copy of your personal data
Correction: Request correction of inaccurate data
Deletion: Request deletion of your data
Portability: Request export of your data in a standard format
Withdraw Consent: Disconnect third-party integrations at any time

To exercise these rights, please contact us at t.kamikubo@athlivia26.com

8. Children's Privacy

Our services are not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 18, please use our services only with parental consent.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers.

10. Cookies and Tracking Technologies

On our website (athlivia26.com), we use only the minimum cookies and similar technologies required to operate the site:

Strictly Necessary: Session cookies for authentication and form submission.
Analytics: Aggregated, anonymized page-view analytics. No personally identifying tracking, cross-site tracking, or advertising IDs are used.

Our mobile apps (OptiRun BASE for iOS and Android) do not use third-party advertising SDKs, cross-app tracking, or IDFA/AAID-based profiling. Fitness data obtained from Apple HealthKit, Garmin Connect, Strava, Polar Flow, or COROS is never used for advertising or shared with any advertising network.

11. Trademarks

The following are trademarks or registered trademarks of their respective owners and are used here for descriptive purposes only:

Garmin® and Garmin Connect® are registered trademarks of Garmin Ltd. or its subsidiaries.
Strava® is a registered trademark of Strava, Inc.
Polar® and Polar Flow® are registered trademarks of Polar Electro Oy.
COROS™ is a trademark of COROS Wearables, Inc.
Apple®, Apple HealthKit®, HealthKit®, and Apple Watch® are registered trademarks of Apple Inc.

ATHLIVIA and OptiRun BASE are trademarks of ATHLIVIA LLC. All other trademarks are the property of their respective owners. No endorsement by, sponsorship of, or affiliation with any third-party trademark holder is implied.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on our website and updating the "Last Updated" date.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

ATHLIVIA LLC
Omiya Marui 7F, 2-3 Sakuragi-cho, Omiya-ku, Saitama City, Saitama 330-0854, Japan
Email: t.kamikubo@athlivia26.com
Phone: +81-90-6280-1648