Back to Home

Privacy Policy

Version 1.0 — Effective March 3, 2026

This policy explains what data Endure Labs collects, how we protect it, who can access it, and what rights you have over it. We wrote it in plain English on purpose.

1. What We Collect

Endure is a training platform, so most of the data we collect is athletic and physiological in nature. Specifically:

  • Workout data — duration, power output, heart rate, Training Stress Score (TSS), and structured workout steps
  • Nutrition logs — meals, macronutrients, micronutrients, and daily water intake
  • Body measurements — weight entries logged manually or synced from connected devices
  • Readiness data — sleep duration and quality, subjective energy, and stress survey responses
  • GPS and location data — workout routes recorded or synced from your devices or connected platforms
  • Device data — connected wearables and platforms (Garmin, Wahoo, Strava, etc.) and the data they push to Endure
  • Account information — name, email address, and profile settings

We do not collect data we do not need. If a feature does not require a data type, we do not ask for it.

2. How We Protect Your Data

Athletic and biometric data is sensitive. We treat it that way:

  • Encryption in transit and at rest — all data is encrypted over TLS in transit and encrypted at the database level at rest
  • Row-level security — our database enforces that each user can only read and write their own data, enforced at the database layer, not just the application layer
  • Encrypted local storage on mobile — the Endure mobile app uses MMKV and device Secure Store for any locally cached data, so it cannot be read by other apps
  • Audit logging — all data access events are logged so we can detect and investigate anomalies
  • Regular security reviews — we conduct periodic security audits and apply patches promptly

3. Who Can Access Your Data

  • You — always, with full access to everything you have logged
  • Your coach — only if you explicitly connect a coach relationship on Endure, and only for the training data categories you choose to share. Coaches cannot see nutrition, body measurements, or readiness data unless you grant that access specifically
  • Third-party integrations — platforms like Strava, Garmin, Wahoo, Whoop, Oura, Polar, Suunto, Karoo, and Zwift only receive or send data after you explicitly authorize the connection. You can revoke any integration at any time from Settings
  • Endure Labs staff — only for support purposes when you request help. We never browse user data without cause. Your data is never sold

4. Your Rights

You have meaningful control over your data:

  • Export your data — you can download a full export of your account data (workout history, nutrition logs, readiness entries, settings) in JSON or CSV format from Settings at any time
  • Delete your account — account deletion requests enter a 24-hour grace period in case of accidental submission. After that period, your data is permanently deleted in a cascading operation across all tables. Nothing is retained
  • Revoke consent — you can revoke any specific data-sharing consent at any time via Settings, then Privacy. Revoking a coach connection immediately removes their access
  • Opt out of GPS retention — you can disable GPS route recording and storage from Settings. Existing routes can be deleted individually or in bulk

5. Third-Party Services

Endure relies on these infrastructure and integration partners:

  • Clerk — authentication and session management
  • Supabase — database storage and real-time features
  • Stripe — payment processing (Endure Labs never stores your payment card details)
  • Resend — transactional email delivery
  • Vercel — application hosting and deployment
  • Google Analytics — anonymized usage analytics to understand how the platform is used. No personally identifiable information is sent to Google
  • Sentry — application error tracking (error reports may contain anonymized context, never raw user data)
  • Upstash — API rate limiting infrastructure
  • Integration partners — Strava, Garmin, Wahoo, Whoop, Oura, Polar, Suunto, Karoo, and Zwift. Each integration is authorized by you and governed by that platform's own privacy policy in addition to this one

Each of these services is contractually required to process your data only as needed to deliver their function.

6. Do Not Sell or Share

We do not sell, rent, or share your personal data with third parties for marketing purposes. Period.

We do not run advertising on Endure. We do not provide data to ad networks. We do not participate in data broker markets. Our business model is subscription revenue — your data is not the product.

7. Contact

Questions, requests, or concerns about this policy can be sent to support@endurelabs.app. We will respond within 5 business days.

Policy Changelog

  • v1.0 — March 2026 — Initial policy published
Return to Home