Privacy Policy

Last updated: 30 May 2026

1. Controller

The controller responsible for data processing on this website is:

Email: legal@endurly.app

2. Overview

Endurly is an online platform for planning, generating, and managing training sessions for endurance sports.

When using the platform, personal data may be processed in order to provide user accounts, generate workouts, save training plans, process uploaded activity files, and operate the platform securely.

This Privacy Policy explains what data is processed, for which purposes, on which legal bases, and what rights users have.

3. Data We Collect

We may process the following categories of personal data:

Account data

email address

username

encrypted password

Performance anchors and training zones

swim critical swim speed (CSS), expressed as seconds per 100 m

run threshold pace, expressed as seconds per kilometre

cycling functional threshold power (FTP), expressed in watts

strength one-rep-maximum estimates per exercise, used to drive percentage-based load prescriptions

heart-rate zones and derived training intensities computed from the anchors above

Usage data

generated training sessions

saved training plans

selected training preferences

sport type and equipment settings

Uploaded activity data

training files such as FIT, TCX, and GPX, including related workout or activity metadata where available

activity metrics contained in uploaded files, such as duration, distance, pace, speed, heart rate, cadence, power, calories, lap segmentation, elevation, GPS / route data, and timestamps, where present in the file

derived training-related information generated from uploaded files for display, analysis, or training-planning purposes

where uploaded files contain biometric or health-related metrics (for example heart rate or pace at a given perceived effort), such metrics are treated as health-related data and processed only for training-planning, workout-generation, and progress-tracking purposes

Acquisition and signup signals

first-touch attribution parameters captured from the URL on your first visit (utm_source, utm_medium, utm_campaign, utm_term, utm_content, click identifiers such as gclid / fbclid, referrer, and landing path) and stored in your browser's local storage before being attached to your account at registration

IP address and user-agent string recorded at the moment of account registration for anti-abuse purposes and multi-account detection

an optional browser fingerprint identifier captured at registration where the user agent supplies it, used solely for duplicate-account detection

Technical data

IP address

browser type

device information

timestamps of requests

basic technical log information required for security and operation of the platform

browser local-storage entries used to keep you signed in, remember your language and theme preferences, and persist the first-touch attribution snapshot described above until your next sign-up

4. Purpose of Processing

Personal data is processed for the following purposes:

providing and operating the Endurly platform

creating and managing user accounts

generating training sessions and training plans

saving user preferences and training-related settings

processing uploaded activity files and displaying related training information

improving platform stability, functionality, and performance

preventing misuse, maintaining security, and investigating technical incidents

complying with legal obligations where applicable

5. Legal Basis

Processing is carried out on the following legal bases:

Article 6(1)(b) GDPR — processing necessary for the performance of a contract or in order to take steps at the request of the user before entering into a contract

Article 6(1)(f) GDPR — legitimate interests in operating, securing, maintaining, and improving the platform, preventing misuse, and investigating technical incidents

Article 9(2)(a) GDPR — explicit consent of the user for the processing of health-related metrics (for example heart-rate data) provided through the athlete profile or uploaded activity files, where such data is considered a special category of personal data

If specific processing activities are based on consent, such processing will be carried out on the basis of Article 6(1)(a) GDPR. Consent may be withdrawn at any time by deleting the relevant data from the athlete profile, removing the relevant uploaded files, or contacting us at the address below.

6. Data Storage and Retention

User data is stored on servers located within the European Union.

Account data is retained for as long as the user account remains active and as long as necessary to provide the service.

Technical logs and security-related records may be retained for a limited period where necessary to ensure platform stability, prevent misuse, and investigate incidents.

If a user deletes their account, personal data will be deleted or anonymized within a reasonable period unless retention is required by law or necessary for the establishment, exercise, or defence of legal claims.

Data may also be retained for longer where statutory retention obligations apply.

7. Data Sharing

Endurly does not sell personal data and does not share personal data with third parties for advertising purposes.

Personal data may be processed by carefully selected technical service providers where this is necessary for hosting, infrastructure, email delivery, payment processing, security, or operation of the platform.

Current categories of processors:

cloud infrastructure and database hosting within the European Union, used to operate the application and store user data

object storage for uploaded activity files and user-provided documents, hosted in the European Union region

transactional and notification email delivery (for example for account verification and security messages)

in-app purchase and subscription management on mobile platforms, including communication with the relevant app-store providers as required to validate and renew purchases

Where such providers act as processors, they process personal data only on behalf of Endurly and in accordance with applicable data protection obligations. A current list of subprocessors is available on request at the contact address below.

Personal data may also be disclosed where required by law or where necessary to establish, exercise, or defend legal claims.

8. Cookies and Similar Technologies

The platform uses essential cookies, browser local storage, and similar technical mechanisms where necessary for authentication, session management, security, language and theme preferences, the first-touch attribution snapshot described in Section 3, and operation of core platform functions.

These technologies are necessary for the provision of the service requested by the user. No advertising or tracking identifiers are stored on the device, and no advertising network is loaded on the platform.

Endurly does not use advertising cookies. If non-essential analytics or similar technologies are introduced in the future, this Privacy Policy will be updated accordingly and, where required, consent will be requested.

9. Health and Medical Use

Endurly is intended for recreational and endurance training planning only.

The platform is not intended for medical diagnosis, treatment, monitoring, or healthcare decision-making.

Where users provide training-related information or upload activity files that may include health-related metrics such as heart rate, Endurly processes such data only with the user's explicit consent under Article 9(2)(a) GDPR and solely for the purpose of providing training-planning, workout-generation, progress-tracking, and related platform functionality.

Such consent can be withdrawn at any time by removing the relevant data from the athlete profile, deleting the relevant uploaded activity files, or contacting us at the address in Section 14. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

Users should not use Endurly as a substitute for professional medical advice.

10. User Rights

Under the General Data Protection Regulation (GDPR), users may have the right to:

request access to their personal data

request correction of inaccurate personal data

request deletion of their personal data

request restriction of processing

object to processing based on legitimate interests

request data portability where applicable

withdraw consent at any time where processing is based on consent

Users also have the right to lodge a complaint with a competent data protection supervisory authority.

Requests may be sent to: legal@endurly.app

11. Data Access and Export

Users may request a copy of their personal data stored by Endurly.

Where applicable, Endurly will provide an export of the user's account data and training-related information in a structured, commonly used, and machine-readable format.

12. Security

Endurly implements appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.

These measures may include:

encrypted communication using HTTPS

secure password storage

access controls for production systems

system monitoring and security-related logging

regular maintenance and security updates

However, no method of transmission over the internet or electronic storage can be guaranteed to be completely secure.

13. Changes to This Privacy Policy

This Privacy Policy may be updated from time to time to reflect changes to the platform, applicable law, or data-processing practices.

The latest version will always be made available on this page. Where required by law, users will be informed of material changes by appropriate means.

14. Contact

If you have questions about this Privacy Policy or about the processing of your personal data, you can contact:

Email: legal@endurly.app

Website: https://www.endurly.app