Back to Agoge

Privacy Policy

How we handle your data

Last Updated: January 13, 2026Effective: January 13, 2026

Summary

At Agoge, we take your privacy seriously. Here's the quick version:

  • We collect only what's needed to provide personalized workout recommendations
  • Your data is encrypted and securely stored
  • We never sell your personal information
  • You can export or delete your data at any time

Agoge ("we," "our," or "us") operates the Agoge website and mobile application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

CategoryData CollectedPurpose
Account DataEmail, name, passwordAccount creation & authentication
Profile DataFitness goals, experience level, preferencesPersonalized recommendations
Health DataCheck-in responses (energy, sleep, soreness)Recovery calculations
Workout DataExercises, sets, reps, weightsProgress tracking & AI recommendations
Integration CredentialsThird-party API keys (Hevy)Sync workout history

1.2 Information Collected Automatically

  • Usage Data: Features used, actions taken, session duration
  • Device Data: Device type, operating system, browser type
  • Log Data: IP address, access times, referring URLs

1.3 Information from Third Parties

When you connect third-party services, we receive:

  • Hevy: Workout history, exercise data, routines
  • Whoop: Recovery scores, HRV, sleep data, strain metrics

2. How We Use Your Information

We use your information to:

  1. Provide the Service: Generate AI-powered workout recommendations based on your recovery status and goals
  2. Calculate Recovery: Analyze workout history and check-in data to determine muscle-specific recovery states
  3. Improve Recommendations: Use anonymized, aggregated data to enhance our algorithms
  4. Sync Data: Exchange data with connected third-party services you've authorized
  5. Communicate: Send service updates, security alerts, and support messages
  6. Ensure Security: Detect and prevent fraud, abuse, and security incidents

3. Information Sharing

🔒 We never sell your personal information to third parties.

We may share information in these limited circumstances:

  • Service Providers: With vendors who help operate our Service (hosting, analytics)
  • Third-Party Integrations: With services you explicitly connect (Hevy, Whoop)
  • AI Processing: Workout context sent to Anthropic for generating recommendations (no PII)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

4. Third-Party Services

Our Service integrates with the following third parties:

Anthropic (Claude AI)

Privacy Policy

Powers AI workout generation. Receives anonymized workout context (no personal identifiers).

Hevy

Privacy Policy

Workout tracking integration. Syncs exercise history when you connect your account.

Whoop

Privacy Policy

Recovery tracking integration. Syncs HRV, sleep, and strain data when connected.

Supabase

Privacy Policy

Authentication and database services. Stores your account and workout data.

Vercel

Privacy Policy

Hosting infrastructure. Processes requests and serves the application.

5. Data Security

We implement industry-standard security measures:

🔐 Encryption at Rest

All data encrypted in our database using AES-256

🔒 Encryption in Transit

All communications secured via TLS 1.3

🔑 API Key Protection

Third-party keys encrypted with AES-256-GCM

🛡️ Access Controls

Role-based access with audit logging

6. Data Retention

Data TypeRetention Period
Account DataUntil account deletion
Workout HistoryUntil account deletion
Check-in Data12 months rolling
Log Data90 days
Deleted AccountsPurged within 30 days

7. Your Rights & Choices

You have the following rights regarding your data:

📥

Access & Export

Download a copy of your data from Settings → Export Data

✏️

Correction

Update your information in Settings or contact us

🗑️

Deletion

Request account deletion from Settings or via email

🔌

Disconnect Integrations

Remove third-party connections anytime from Settings

8. Cookies & Tracking Technologies

We use the following technologies:

TypePurposeDuration
Essential CookiesAuthentication, securitySession / 7 days
Preference CookiesTheme, UI settings1 year
AnalyticsUsage patterns (anonymized)30 days

You can manage cookies through your browser settings. Note that disabling essential cookies may affect functionality.

9. Children's Privacy

Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. We ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs) with service providers
  • Data processing agreements with all vendors
  • Compliance with applicable data transfer frameworks

11. California Privacy Rights (CCPA/CPRA)

California residents have additional rights under the CCPA and CPRA:

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of personal information we hold
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt out of "sales" or "sharing" of personal information (we do not sell your data)
  • Right to Non-Discrimination: We will not discriminate against you for exercising these rights

To exercise these rights, email us at privacy@agoge.app or use the tools in Settings.

12. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland:

  • Legal Basis: We process your data based on:
    • Your consent (for optional features)
    • Contract performance (to provide the Service)
    • Legitimate interests (security, fraud prevention)
  • Additional Rights: Data portability, restriction of processing, objection to processing
  • Supervisory Authority: You may lodge a complaint with your local data protection authority

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification for significant changes

Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices:

Email
privacy@agoge.app
GitHub
Open an issue

For GDPR-related inquiries, you may also contact our Data Protection contact at dpo@agoge.app.