Privacy Policy
Last Updated: April 23, 2026
ATHLIVIA LLC ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including OptiRun BASE and related applications.
Third-Party Integrations
Our services may integrate with third-party fitness platforms including Apple HealthKit, Garmin Connect, Strava, Polar Flow, and COROS Training Hub. When you connect these services, we access certain data as described below. You can disconnect these integrations at any time through your account settings.
1. Information We Collect
1.1 Account Information
- Name and email address
- Password (encrypted)
- Profile information (team affiliation, role)
1.2 Health and Fitness Data
When you connect your wearable device or fitness platform, we may collect:
| Data Type |
Examples |
Purpose |
| Activity Data |
Workouts, running distance, pace, steps |
Training load analysis |
| Heart Rate Data |
Resting HR, HR zones, HRV |
Recovery and readiness assessment |
| Sleep Data |
Sleep duration, sleep stages, sleep score |
Recovery monitoring |
| Body Metrics |
Weight, body composition (if available) |
Athlete profile management |
| GPS Data |
Route, elevation, location during activities |
Training analysis |
1.3 Usage Information
- App usage patterns and feature interactions
- Device information (OS version, device model)
- Log data and error reports
2. How We Use Your Information
We use the collected information for the following purposes:
- Service Delivery: To provide training analysis, condition monitoring, and performance insights
- Personalization: To customize recommendations based on your training data
- Communication: To send service-related notifications and updates
- Improvement: To analyze usage patterns and improve our services
- Support: To respond to your inquiries and provide customer support
3. Data Sharing and Disclosure
3.1 We Do NOT:
- Sell your personal data to third parties
- Share your health data with advertisers
- Use your data for purposes unrelated to our services
3.2 We May Share Data With:
- Team Coaches/Staff: If you are part of a team using OptiRun BASE, designated coaches may view your training data as configured by your team administrator
- Service Providers: Third-party services that help us operate our platform (e.g., cloud hosting, analytics) under strict confidentiality agreements
- Legal Requirements: When required by law or to protect our rights
3.3 Aggregated Data
We may use anonymized, aggregated data for research and statistical purposes. This data cannot be used to identify individual users.
4. Third-Party Platform Integrations
4.1 Apple HealthKit
Our iOS apps (OptiRun BASE, OptiRun PERSONAL) may read health data from Apple HealthKit with your explicit permission.
- Data Collected: Steps, heart rate (resting & active), sleep analysis, active energy (calories burned), workout data, body weight
- Purpose: Training load analysis, condition monitoring, energy availability (EA) calculation
- Important: HealthKit data is never used for advertising or marketing. Data is only accessed with your explicit permission and is not stored in iCloud.
4.2 Garmin Connect
We access data through the Garmin Health API (OAuth 2.0 authentication) with your explicit consent.
- Data Collected: Daily summaries (steps, calories, heart rate), activity data (distance, pace, HR zones), sleep data (sleep stages, sleep score), stress level, Body Battery score
- Authentication: OAuth 2.0 consent-based access. You explicitly authorize data sharing via the Garmin Connect authentication screen.
- Purpose: Training load/recovery analysis, condition monitoring, overtraining prevention alerts
- Data Deletion: When you disconnect Garmin, all data obtained from Garmin Connect is deleted from our servers within 30 days.
4.3 Strava
We access data through the Strava API (OAuth 2.0 authentication) with your explicit consent.
- Data Collected: Activity data (distance, pace, average and maximum heart rate, elevation, cadence, power in watts, calories burned, moving time), athlete profile information (name, profile image)
- Authentication: OAuth 2.0 consent-based access. You choose the scope of data to share via the Strava authentication screen. Authentication tokens are securely stored in the device's Keychain (encrypted storage).
- Purpose: Automatic training log import and storage, running data analysis, training load visualization, Energy Availability (EA) calculation
- Data Storage: Imported activity data is stored in the same database table as manually entered training records and is shared between coaches and athletes. Strava-sourced data is identified as "data_source: strava".
- Duplicate Prevention: We record Strava's unique activity ID to prevent duplicate imports of the same activity.
- Data Deletion: When you disconnect Strava, authentication tokens are immediately removed from your device. All data obtained from Strava is deleted from our servers within 30 days.
4.4 Other Fitness Platforms
- Polar Flow: We access training sessions, activity data, and recovery metrics through the Polar AccessLink API.
- COROS Training Hub: We access workout data, training load, and performance metrics through the COROS API.
4.5 Data Handling Principles
We adhere to the following principles for all data obtained from fitness platforms:
- We do not collect or use your data without your explicit consent
- Data is used only for the purposes described in this policy
- We never use fitness data for advertising or marketing purposes
- We never sell or share fitness data with third parties
- You can disconnect integrations and request data deletion at any time
- After disconnection, collected data is deleted from our servers within 30 days
You can revoke access to these integrations at any time through:
- Your OptiRun BASE account settings
- The respective platform's connected apps settings (Garmin Connect, Strava, Polar Flow, or COROS app)
5. Data Storage and Security
5.1 Storage
- Data is stored on secure cloud servers (Supabase / PostgreSQL)
- Servers are located in secure data centers with industry-standard protections
5.2 Security Measures
- SSL/TLS encryption for all data transmission
- Row Level Security (RLS) for database access control
- Encrypted storage for sensitive data
- Secure authentication via Supabase Auth
- Regular security audits
6. Data Retention
- Active Accounts: Data is retained while your account is active
- Deleted Accounts: Data is deleted within 30 days of account deletion, except where retention is required by law
- Backup Data: May be retained in backups for up to 90 days
7. Your Rights
You have the right to:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data
- Portability: Request export of your data in a standard format
- Withdraw Consent: Disconnect third-party integrations at any time
To exercise these rights, please contact us at t.kamikubo@athlivia26.com
8. Children's Privacy
Our services are not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 18, please use our services only with parental consent.
9. International Data Transfers
Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on our website and updating the "Last Updated" date.
11. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
ATHLIVIA LLC
Omiya Marui 7F, 2-3 Sakuragi-cho, Omiya-ku, Saitama City, Saitama 330-0854, Japan
Email: t.kamikubo@athlivia26.com
Phone: +81-90-6280-1648