Privacy Policy

Last updated: 13 March 2026

1. Controller

The controller responsible for data processing on this website is:

Email: legal@endurly.app

2. Overview

Endurly is an online platform for planning, generating, and managing training sessions for endurance sports.

When using the platform, personal data may be processed in order to provide user accounts, generate workouts, save training plans, process uploaded activity files, and operate the platform securely.

This Privacy Policy explains what data is processed, for which purposes, on which legal bases, and what rights users have.

3. Data We Collect

We may process the following categories of personal data:

Account data

email address

username

encrypted password

Usage data

generated training sessions

saved training plans

selected training preferences

sport type and equipment settings

Uploaded activity data

training files such as FIT and related workout or activity metadata where available

activity metadata contained in uploaded files, such as duration, distance, pace, speed, heart rate, cadence, and timestamps, where available

derived training-related information generated from uploaded files for display, analysis, or training-planning purposes

Technical data

IP address

browser type

device information

timestamps of requests

basic technical log information required for security and operation of the platform

4. Purpose of Processing

Personal data is processed for the following purposes:

providing and operating the Endurly platform

creating and managing user accounts

generating training sessions and training plans

saving user preferences and training-related settings

processing uploaded activity files and displaying related training information

improving platform stability, functionality, and performance

preventing misuse, maintaining security, and investigating technical incidents

complying with legal obligations where applicable

5. Legal Basis

Processing is carried out on the following legal bases:

Article 6(1)(b) GDPR — processing necessary for the performance of a contract or in order to take steps at the request of the user before entering into a contract

Article 6(1)(f) GDPR — legitimate interests in operating, securing, maintaining, and improving the platform, preventing misuse, and investigating technical incidents

If specific processing activities are based on consent, such processing will be carried out on the basis of Article 6(1)(a) GDPR.

6. Data Storage and Retention

User data is stored on servers located within the European Union.

Account data is retained for as long as the user account remains active and as long as necessary to provide the service.

Technical logs and security-related records may be retained for a limited period where necessary to ensure platform stability, prevent misuse, and investigate incidents.

If a user deletes their account, personal data will be deleted or anonymized within a reasonable period unless retention is required by law or necessary for the establishment, exercise, or defence of legal claims.

Data may also be retained for longer where statutory retention obligations apply.

7. Data Sharing

Endurly does not sell personal data and does not share personal data with third parties for advertising purposes.

Personal data may be processed by carefully selected technical service providers where this is necessary for hosting, infrastructure, email delivery, payment processing, security, or operation of the platform.

Where such providers act as processors, they process personal data only on behalf of Endurly and in accordance with applicable data protection obligations.

Personal data may also be disclosed where required by law or where necessary to establish, exercise, or defend legal claims.

8. Cookies and Similar Technologies

The platform uses essential cookies and similar technical storage where necessary for authentication, session management, security, language preferences, and operation of core platform functions.

These technologies are necessary for the provision of the service requested by the user.

Endurly does not use advertising cookies. If non-essential analytics or similar technologies are introduced in the future, this Privacy Policy will be updated accordingly and, where required, consent will be requested.

9. Health and Medical Use

Endurly is intended for recreational and endurance training planning only.

The platform is not intended for medical diagnosis, treatment, monitoring, or healthcare decision-making.

Where users provide training-related information or upload activity files that may include metrics such as heart rate, Endurly processes such data solely for the purpose of providing training-planning, workout-generation, and related platform functionality.

Users should not use Endurly as a substitute for professional medical advice.

10. User Rights

Under the General Data Protection Regulation (GDPR), users may have the right to:

request access to their personal data

request correction of inaccurate personal data

request deletion of their personal data

request restriction of processing

object to processing based on legitimate interests

request data portability where applicable

withdraw consent at any time where processing is based on consent

Users also have the right to lodge a complaint with a competent data protection supervisory authority.

Requests may be sent to: legal@endurly.app

11. Data Access and Export

Users may request a copy of their personal data stored by Endurly.

Where applicable, Endurly will provide an export of the user's account data and training-related information in a structured, commonly used, and machine-readable format.

12. Security

Endurly implements appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.

These measures may include:

encrypted communication using HTTPS

secure password storage

access controls for production systems

system monitoring and security-related logging

regular maintenance and security updates

However, no method of transmission over the internet or electronic storage can be guaranteed to be completely secure.

13. Changes to This Privacy Policy

This Privacy Policy may be updated from time to time to reflect changes to the platform, applicable law, or data-processing practices.

The latest version will always be made available on this page. Where required by law, users will be informed of material changes by appropriate means.

14. Contact

If you have questions about this Privacy Policy or about the processing of your personal data, you can contact:

Email: legal@endurly.app

Website: https://endurly.app