Privacy Policy

Last updated: January 2025

1. Who We Are

UTLC Management System ("UTLC", "we", "our") is a triathlon coaching and training platform operated for athletes and coaches. This policy explains what personal data we collect, how we use it, and your rights.

2. Data We Collect
  • Account information — name, email address, role (athlete / coach).
  • Training data — workout logs, test results, lactate values, race events, training notes.
  • Health data — VitaCheck supplement/medication records you voluntarily enter.
  • Device / app data — push notification tokens, PWA install state.
  • Third-party activity data — if you connect Strava or Garmin, we receive activity summaries (distance, duration, sport type) from those platforms.
3. How We Use Your Data
  • Deliver your personalised training plan and workout history.
  • Allow your coach to monitor progress, review sessions, and provide feedback.
  • Send in-app and push notifications about your training.
  • Sync activities automatically from connected platforms (Strava / Garmin).
  • Generate analytics such as Training Load, PMC, and Personal Bests.

We do not sell your data to third parties or use it for advertising.

4. Third-Party Integrations
Strava

When you connect your Strava account, UTLC receives an OAuth 2.0 access token and refresh token stored in our database. We use these to pull activity data on your behalf. You can revoke access at any time from your Strava settings (strava.com/settings/apps) or from the Integrations page.

Garmin

Garmin integration uses OAuth 1.0a. Tokens are stored encrypted and used only to retrieve activity summaries. You can revoke access from your Garmin Connect account settings.

5. Data Retention

Your data is retained for as long as your account is active. If you request account deletion, your personal data and training records are removed within 30 days. Anonymised aggregate statistics may be retained for platform analytics.

6. Your Rights
  • Access — request a copy of the data we hold about you.
  • Correction — ask us to correct inaccurate data.
  • Deletion — request deletion of your account and data (see Data Deletion).
  • Portability — request your training data in a machine-readable format.

To exercise these rights, contact your system administrator or submit a data deletion request.

7. Security

We use HTTPS for all communication, bcrypt-hashed passwords, and parameterised database queries. OAuth tokens are stored with encryption at rest. We do not store raw passwords.

8. Cookies

UTLC uses session cookies for authentication only. We do not use tracking or advertising cookies.

9. Changes to This Policy

We may update this policy periodically. Continued use of the platform after changes constitutes acceptance. Significant changes will be communicated via in-app notification.

10. Contact

Questions about this policy? Contact your UTLC administrator or coach.

Terms of Service Data Deletion