← Home
Legal

Privacy Policy

Last updated: February 2025

1. Who We Are

My Cardio ("we", "us", "our") operates the website www.mycardio.me and the web application accessible at app.mycardio.me. We are committed to protecting your personal data and your right to privacy.

2. What Data We Collect

We collect information you provide directly and data generated by your use of the service:

  • Account data: name, email address, and password (stored in hashed form).
  • Workout data: exercise type, duration, distance, heart rate, notes and any other fields you log.
  • Usage data: pages visited, features used, and timestamps — collected via server logs and analytics.
  • Device data: browser type, operating system, and IP address.

3. How We Use Your Data

We use your data solely to operate and improve My Cardio:

  • To provide your workout tracking and visualisation features.
  • To generate AI coaching insights via OpenAI's API — your workout data is sent to OpenAI to produce these insights. We do not use your data to train OpenAI models.
  • To send transactional emails (account confirmation, password reset).
  • To detect and prevent fraud or abuse.
  • To improve our service through aggregated, anonymised analytics.

We do not sell your data, share it with advertisers, or use it for any purpose not listed above.

4. Third-Party Services

We share limited data with the following trusted third parties to operate the service:

  • OpenAI — to generate AI coaching insights from your workout data.
  • Cloudflare — for hosting, CDN and DDoS protection.
  • Email provider — to send transactional emails.

Each of these providers has their own privacy policy and we encourage you to review them.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain it longer.

6. Your Rights

Depending on your location, you may have the right to:

  • Access a copy of the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data ("right to be forgotten").
  • Object to or restrict processing of your data.
  • Data portability — receive your data in a machine-readable format.

To exercise any of these rights, email us at privacy@mycardio.me.

7. Cookies

We use essential cookies only — to keep you logged in and maintain your session. We do not use advertising or tracking cookies.

8. Security

We use industry-standard security measures including HTTPS encryption, hashed passwords, and access controls. No system is completely secure, and we encourage you to use a strong, unique password.

9. Children's Privacy

My Cardio is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has created an account, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time. We will notify you by email or by posting a notice in the app. Continued use of the service after changes constitutes acceptance.

11. Contact Us

For any privacy-related questions, contact us at privacy@mycardio.me.