Last updated: 6/28/2025

At Transition ("Transition," "we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our AI-powered triathlon training application and related services (the "Service").

1. Information We Collect

Personal Information

When you create an account or use our Service, we collect:

• Account Information: Name, email address, username, password, profile photo
• Profile Data: Age, gender, height, weight, fitness level, training goals
• Contact Information: Email address, phone number (if provided)
• Payment Information: Billing address, payment method details (processed securely by our payment processors)

Training and Fitness Data

We collect comprehensive training and performance data, including:

• Workout Data: Training sessions, exercise types, duration, intensity, frequency
• Performance Metrics: Speed, distance, heart rate, power output, cadence, stroke rate
• Health Information: Resting heart rate, recovery metrics, sleep data (if integrated)
• Training Plans: Your selected programs, progress, completed workouts
• Race Data: Event registrations, race results, goal times
• Biometric Data: Body composition, fitness assessments, performance tests

Device and Technical Information

• Device Information: Device type, operating system, app version, device identifiers
• Usage Data: App interactions, feature usage, session duration, crash reports
• Location Data: GPS coordinates during workouts (with your permission)
• Connected Devices: Data from fitness wearables, heart rate monitors, power meters, smart trainers

Third-Party Integrations

If you connect third-party services, we may collect:

• Data from fitness platforms (Strava, Garmin Connect, TrainingPeaks, etc.)
• Wearable device data (Apple Health, Google Fit, Fitbit, etc.)
• Social media profile information (if you choose to connect social accounts)

2. How We Use Your Information

Service Provision and Personalization

• Generate personalized AI-powered training plans and recommendations
• Track your progress and adjust training plans accordingly
• Provide performance analytics and insights
• Send training reminders and motivational content
• Customize the app interface and user experience

AI Development and Machine Learning

Important: We use your workout data to train and improve our AI models:

• Develop better training algorithms and recommendation systems
• Improve workout generation and periodization models
• Enhance performance prediction capabilities
• Create population-level insights and benchmarks
• Research training effectiveness and optimization

AI Coach and Personalized Recommendations

Important: Our AI coach feature uses third-party AI services to provide personalized training plans and coaching advice:

• We send your workout data, preferences, nutrition information, and training history to OpenAI's services (including ChatGPT models) to generate personalized training plans
• Your data is used as context to provide relevant coaching advice and recommendations
• This processing enables our AI coach to understand your specific needs and provide tailored guidance
• Data sent to OpenAI is processed according to their privacy policy and data usage policies
• We do not store or retain copies of your data within OpenAI's systems beyond the API request

Service Improvement and Analytics

• Analyze app usage patterns to improve features
• Monitor service performance and identify technical issues
• Conduct research on training methodologies and sports science
• Generate anonymized industry reports and insights

Communication and Support

• Send important service updates and notifications
• Provide customer support and respond to inquiries
• Send educational content and training tips
• Notify you about new features and improvements

3. Legal Basis for Processing (GDPR)

If you are in the European Union, we process your data based on:

• Contract: To provide the services you've signed up for
• Consent: When you explicitly agree to data processing (e.g., marketing emails)
• Legitimate Interest: To improve our services, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws and regulations

4. Data Sharing and Disclosure

We Do NOT Sell Your Personal Information

We do not sell, rent, or trade your personal information to third parties for monetary compensation.

When We Share Information

We may share your information in the following limited circumstances:

Service Providers and Partners

• Cloud Infrastructure: AWS, Google Cloud, or similar providers for data storage and processing
• AI Services: OpenAI (including ChatGPT models) for AI coaching features, personalized training plan generation, and coaching advice
• Analytics and Tracking: Mixpanel, Sentry, and other analytics services receive workout data, usage patterns, performance metrics, and error logs to help us understand app usage, monitor performance, and improve our services
• Cloud Logging Services: Google Cloud Platform receives application logs, error reports, and system data for service monitoring and debugging
• Mobile Platform Crash Reporting: Apple (iOS) and Google (Android) automatically receive crash reports and diagnostic data when the app experiences errors
• Fitness Platform Integrations: When you connect third-party fitness platforms (Strava, Garmin Connect, TrainingPeaks, Apple Health, Google Fit), your workout data may be shared with these platforms according to your sync settings
• Payment Processors: Stripe, PayPal, or similar services for subscription billing
• Customer Support: Help desk and communication platforms
• Marketing Tools: Email service providers and marketing platforms (with consent)

Workout Data Sharing

Important: Your workout data (including power, heart rate, cadence, duration, and performance metrics) is shared with third-party services as follows:

• Analytics Services: Workout data is sent to Mixpanel, Sentry, and similar analytics platforms to track app usage, identify popular features, monitor errors, and improve our service
• Connected Fitness Platforms: When you enable sync with Garmin, Apple Health, Strava, or other platforms, your completed workout data is automatically shared with these services
• Strava Integration: Users can manually post indoor bike workouts to Strava, which shares your workout data including power, duration, and performance metrics with the Strava platform
• AI Processing: Workout data is sent to OpenAI services to generate personalized coaching advice and training recommendations
• Performance Analytics: Aggregated workout statistics may be shared with our analytics and business intelligence providers

Research and Academic Partnerships

• Anonymized, aggregated data with research institutions
• Sports science studies and training effectiveness research
• Population health and fitness trend analysis

Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Prevent fraud or abuse of our services
• Enforce our Terms of Service

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity.

5. Data Retention

We retain your information for different periods depending on the type of data:

• Account Information: Until you delete your account
• Workout Data: For the life of your account plus 30 days after deletion
• Anonymized Data: Indefinitely for research and service improvement
• Legal Records: As required by applicable laws (typically 7 years)
• Marketing Data: Until you opt-out or request deletion

6. Data Security

We implement industry-standard security measures to protect your information:

Technical Safeguards

• Encryption in transit (TLS/SSL) and at rest (AES-256)
• Secure cloud infrastructure with access controls
• Regular security audits and penetration testing
• Multi-factor authentication for admin access
• Automated backup and disaster recovery systems

Organizational Safeguards

• Employee privacy training and confidentiality agreements
• Principle of least privilege access
• Regular security awareness training
• Incident response and breach notification procedures

7. Your Privacy Rights

Universal Rights

All users have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data
• Portability: Export your data in a common format
• Opt-out: Unsubscribe from marketing communications

GDPR Rights (EU Residents)

If you are in the European Union, you also have the right to:

• Restrict Processing: Limit how we process your data
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for specific processing activities
• Complaint: File a complaint with your local data protection authority

CCPA Rights (California Residents)

California residents have additional rights under the CCPA:

• Right to know what personal information we collect and how it's used
• Right to delete personal information (with certain exceptions)
• Right to opt-out of the sale of personal information (we don't sell data)
• Right to non-discrimination for exercising privacy rights

How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@transition.com
• In-app: Use the "Privacy Settings" or "Data Rights" section
• Support: support@transition.fun

8. Cookies and Tracking Technologies

We use various technologies to collect information:

Essential Cookies

• Authentication and session management
• Security and fraud prevention
• Core app functionality

Analytics Cookies

• App usage and performance analytics
• Feature usage tracking
• Crash reporting and debugging

Marketing Cookies (With Consent)

• Personalized advertising
• Social media integration
• Campaign effectiveness measurement

9. International Data Transfers

Your information may be processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Adequacy decisions by the European Commission
• Privacy Shield or similar certification programs
• Your explicit consent for specific transfers

10. Children's Privacy

Our Service is not intended for children under 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will delete it promptly.

For users aged 16-18, parental consent may be required depending on local laws.

11. Third-Party Services

Our Service may integrate with third-party platforms and services:

Fitness Platforms

• Strava, Garmin Connect, TrainingPeaks
• Apple Health, Google Fit, Samsung Health
• Fitbit, Polar, Suunto, Wahoo

AI Services

• OpenAI: ChatGPT and other models for AI coaching, training plan generation, and personalized recommendations

Social Media

• Social login (Google, Apple, Facebook)
• Sharing workout achievements
• Community features and forums

Important: These integrations are governed by the third-party's privacy policies. We encourage you to review their policies before connecting these services. For OpenAI services, please review OpenAI's Privacy Policy and Terms of Use to understand how your data is processed when using our AI coaching features.

12. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours of discovery
• Report to relevant authorities as required by law
• Provide details about the breach and our response
• Offer guidance on protective steps you can take
• Implement additional security measures to prevent future breaches

13. Privacy Policy Updates

We may update this Privacy Policy to reflect changes in our practices or applicable laws. When we make material changes:

• We will notify you via email or in-app notification
• We will post the updated policy with a new "Last Updated" date
• We may request your consent for significant changes
• Your continued use constitutes acceptance of minor updates

14. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

15. Jurisdiction-Specific Information

European Union (GDPR)

We are a US-based company that serves EU residents. As we grow our EU user base, we will appoint an EU representative as required by GDPR.
EU users can contact their local Data Protection Authority with any privacy concerns.

California (CCPA)

California residents can contact us for CCPA requests at the email addresses above. We do not sell personal information and have not sold personal information in the past 12 months.