Privacy Policy
Last updated: April 24, 2026·Effective: April 24, 2026
Who we are
Muscle-up is a single-user personal training tool built and operated by Koen Goovaerts. This policy describes how data is collected, processed, and protected.
Contact: goovaertskoen@gmail.com
Data we collect
From you directly
- Goal definitions and training context (named goal, target date, methodology preferences)
- Venue profiles (home, hotel, outdoor locations with kit inventory, ceiling height, floor type, access hours)
- Gear inventory (kettlebell sizes, bands, shoes with mileage)
- Niggle Ledger entries (body part, severity, onset date, notes, optional physio outcomes)
- Morning check-ins (energy, soreness, mood, optional pain symptoms)
- Session logs (weight, reps, RPE per set)
- Post-session debriefs (slider values, optional voice transcripts)
- Peaking Contract versions and audit trail
From Google (via OAuth)
- Email address and display name (for authentication)
- Calendar events in a configured look-ahead window (read-only; scope:
calendar.events.readonly); used for next-morning scheduling-conflict detection.
From Garmin (via Garmin Health API, with explicit user consent)
- Heart-rate variability (HRV)
- Sleep duration and stages
- Resting heart rate (RHR)
- Body battery readings
- Activity / workout summaries (optional, via Activity API)
From Open-Meteo (no user data sent)
Weather forecasts for the user's configured outdoor venue coordinates; retrieved anonymously.
How we use your data
All collected data is used exclusively to:
- Generate personalized training session proposals
- Apply safety guardrails (refuse prescriptions that violate active injury constraints, ramp limits, tonnage deltas, or red-flag symptom patterns)
- Compute drift-from-baseline for recovery signals
- Render a historical view of training
Data is never used for advertising, marketing, third-party sharing, analytics profiling, or AI model training by us or by third parties on our behalf.
Third-party processors
Your data is transmitted to the following services for the stated purposes:
| Processor | Purpose | Data sent | Retention |
|---|---|---|---|
| Anthropic | Coaching inference via the Claude API | Prompts including training context, recent sessions, niggles, and body-signal summaries | 30 days (Anthropic default at time of writing) |
| Garmin | Source of body-signal data | OAuth grant only; no user data flows back to Garmin | N/A (source, not sink) |
| Authentication + Calendar read | OAuth grants; no user data flows back beyond the OAuth handshake | N/A | |
| Convex | Application backend hosting | All application data listed above | Indefinite, until user deletion |
| Vercel | Frontend hosting | Aggregate page-request logs only | Vercel-managed operational period |
| Telegram | Operator alerts only | Aggregate operational metrics (cache-hit, cost, safety anomalies); never user health data | Telegram-managed |
| Open-Meteo | Weather forecasts | Outdoor venue coordinates only (no personal identifiers) | N/A |
Data retention
- Your training data is retained indefinitely in the Convex database so historical context compounds coaching quality over time. Any specific entry can be deleted on demand.
- Anthropic's default retention is 30 days after which prompt and response data is purged from their systems per their published policy.
- Aggregate access logsat Vercel and Convex are retained per those services' standard operational periods.
Your rights
You may at any time:
- Access your data — every piece is visible in the app.
- Export your data — full JSON export on demand; PDF summary on demand (see the Export page).
- Delete any specific entry — individual niggles, session logs, Peaking Contract versions, check-ins, and debriefs are independently deletable. Deletions propagate to future LLM context within one cache-invalidation cycle (≤1 hour).
- Delete your entire account — contact goovaertskoen@gmail.com; all data in Convex is purged within 7 days; data at Anthropic follows their 30-day retention.
- Withdraw consent for any integration (Garmin, Google) — disconnect on the settings page; data from that source stops flowing immediately; historical data remains unless separately deleted.
Security
- All transport is TLS (HTTPS and WebSockets over TLS).
- API keys (Anthropic, Garmin, Google) are stored in backend environment variables and never exposed to the browser.
- Garmin webhook payloads are verified via HMAC-SHA256 constant-time comparison before ingestion.
- Every backend function enforces authentication; client-supplied user identifiers are never trusted.
- A Content Security Policy restricts outbound connections to the named processors above.
Cookies and tracking
Muscle-up uses no advertising cookies, no analytics trackers, and no tracking pixels. The only cookies used are session cookies required for authentication.
International data transfers
Data is processed in the regions where Anthropic, Convex, Vercel, and Google operate (typically the United States and the European Union). You consent to this transfer when you use the service.
Children’s data
Muscle-up is not directed at children under 18 and does not knowingly collect data from minors.
Changes to this policy
Material changes will be announced in the app and, where affected, by email. The “Last updated” date above reflects any revision.
Contact
Koen Goovaerts
goovaertskoen@gmail.com