Legal

Privacy Policy

Effective date: May 11, 2026

This Privacy Policy ("Policy") describes how Fuelant collects, uses, shares, and otherwise processes personal information when you use our websites, mobile applications, application programming interfaces (APIs), and related offerings available at getfuelant.com (collectively, the "Services"). It also describes your privacy rights and choices. We aim to be direct about what we collect and why—so you can make informed decisions.

Please also read our Terms of Service ("Terms"), which govern your access to and use of the Services.

As used in this Policy, "Fuelant," "we," "us," or "our" means [COMPANY LEGAL NAME], the company that provides the Services to you.

1. Introduction

About Fuelant: Fuelant helps endurance athletes build session-specific fueling plans—carbohydrate, fluid, and electrolyte guidance aligned to the workouts you actually do.

How to reach us: Questions about this Policy or your personal information may be sent to privacy@getfuelant.com.

A quick summary

We collect the information we need to operate the Services for you. We do not sell your personal information. We do not use health, fitness, or Activity Data (as described below) for advertising. For EU/UK and U.S. state-law details, see Section 7.

2. Information We Collect

We collect information you provide to us, information generated when you use the Services, and information from third-party sources you choose to connect (for example, wearable and training platforms).

Information you provide

Account information: Information such as your name, email address, and credentials. Passwords are hashed—we do not store passwords in plain text.
Profile and athlete information: Information you provide about yourself, such as weight (and unit), primary sport, experience level, race goals, training preferences, and related onboarding fields.
Support information: Information you send us when you contact support.
Payment information: If you subscribe, our payment processor (Stripe) collects and processes payment details. We do not receive or store full payment card numbers.

Activity, health, and integration data

Depending on how you use Fuelant, we process workout-related information ("Activity Data") and related health or performance metrics to build and adjust your fueling plans. Activity Data may include session type, duration, intensity cues, heart rate where available, and values such as Training Stress Score (TSS) or Intensity Factor (IF) when supplied by a connected platform.

Connected apps and devices: When you connect a third-party service, we collect information from that integration as described in this Policy and only as permitted by your authorization. If we collect health or fitness information from these integrations, we will not sell it or use it for advertising; we will not disclose it to third parties except as needed to provide the Services or as otherwise described in this Policy; and we will use it only for the purposes described here.

Apple HealthKit

We read workout duration, heart rate, active calories, and distance from Apple HealthKit on iOS. We use this data solely to generate your fueling plans. We never use HealthKit data for advertising, never share it with third parties except as needed to provide the service, and never sell it. HealthKit data is not used for any purpose other than health and fitness features within Fuelant.

Garmin

When you connect Garmin, we receive activity and performance information from Garmin with your consent, using industry-standard authorization (OAuth). That may include activity type, duration, heart rate, and metrics such as TSS and IF as made available through Garmin's developer interfaces. We retain a mapped representation of that information in Fuelant to power planning features—it is not a full archival copy of your Garmin Connect history unless your use of the Services requires broader sync.

Strava

When you connect Strava, we receive activity information you authorize, such as activity type, duration, distance, and heart rate when you choose to share it. If you turn on a write-back feature, we may update an activity field (for example, the activity description) with a short fueling or compliance summary in line with Strava's API rules.

TrainingPeaks

When you connect TrainingPeaks, we may read planned workouts and related metrics (such as duration, workout type, TSS, and IF) as you authorize. If you enable write-back, we may post fueling or compliance information back to your calendar or linked workout records in accordance with TrainingPeaks' API terms.

Manual entry

Information you enter manually—such as session notes, fuel logs, or adjustments you make inside Fuelant.

Information we collect automatically

Device and log data: Technical information from the browser or device you use to access the Services—such as device type, operating system, app or browser version, and similar diagnostic identifiers we need to deliver updates securely.
Usage information: Information about how you interact with the Services (for example, screens viewed and feature usage) collected in support of product analytics.
Diagnostics: Anonymous crash reports through Sentry (sentry.io) to help us maintain app stability.
Network data: IP address and related metadata used for security, fraud prevention, and abuse detection.

What we do not collect

Fuelant is not a continuous location product. We do not collect precise GPS tracks or real-time location for tracking where you go. We do not access your contacts, camera, or microphone to collect data. We do not use cross-app tracking for advertising across unrelated third-party apps or sites.

3. How We Use Your Information

We use personal information for the purposes below. We limit use to what is relevant and proportionate for those purposes.

To provide the Services

Create and maintain your account; authenticate you; sync data when you connect integrations.
Generate, display, and update personalized fueling plans and timelines based on your Activity Data and profile.
Process subscriptions and billing through our payment processor.
Provide customer support and respond to your requests.

To communicate with you

Send transactional and service-related messages (for example, account security, password reset, subscription receipts, and material changes to our terms or this Policy).
Send product tips or updates where permitted; you can opt out of non-transactional messages via unsubscribe links or in-app controls.

To analyze and improve the Services

Measure usage, understand feature engagement, and improve performance and user experience.
Use aggregated or de-identified information where possible.

To protect you, others, and the Services

Monitor for fraud, abuse, and security incidents; enforce our Terms; and protect the integrity of Fuelant.

To meet legal and compliance obligations

Comply with applicable law, regulation, or lawful requests from public authorities.

Health, fitness, and advertising: We do not use your health, fitness, or Activity Data for advertising. We do not sell your personal information.

4. How We Share Information

We share personal information with categories of recipients below. We do not share your information with advertisers, data brokers, or marketing platforms for their independent use, except where you would reasonably expect it to operate a feature you choose (for example, writing a summary back to a connected platform you enabled).

Partner / service	Role	Categories of information
Stripe	Payment processing	Contact and billing details; transaction records (not full card numbers on Fuelant systems)
Apple HealthKit	On-device health metrics (read per your permission)	Workout duration, heart rate, active calories, distance—used only as described in this Policy
Garmin (via API)	Activity sync you authorize	OAuth tokens; activity summaries and performance metrics made available to Fuelant
Strava (via API)	Activity read; optional write-back you enable	OAuth tokens; activity details you authorize; optional summary text written to your activity
TrainingPeaks (via API)	Calendar read; optional write-back you enable	OAuth tokens; planned workout metadata; optional fueling metrics you choose to write back
Sentry (sentry.io)	Anonymous crash reporting	Device/OS and app context; crash stack traces; anonymised user identifier where needed to de-duplicate reports
[EMAIL SERVICE]	Transactional and product email delivery	Email address; name; message metadata

Legal requests and safety: We may disclose information if required by law, regulation, legal process, or a valid governmental request, or when we believe disclosure is necessary to protect the rights, safety, or security of Fuelant, our users, or others.

5. Data Storage and Security

We implement administrative, technical, and organizational safeguards designed to protect personal information commensurate with the risks involved. No method of transmission or storage is completely secure; we work to follow industry practices and periodically review our controls.

Hosting location: We store data using [HOSTING PROVIDER AND REGION].
Encryption in transit: We require TLS 1.2+ for data transmitted between your device and our Services where supported.
Encryption at rest: We use AES-256 or comparable encryption at rest where supported by our cloud providers for databases and backups.
Integration credentials: OAuth tokens for connected platforms are encrypted at rest (AES-256) before storage in our systems.
Passwords: Stored using strong one-way hashing (for example, bcrypt)—not in plain text.
Access: Employee access to personal information is limited to personnel who need it to support the Services, subject to policies and monitoring appropriate to their role.
Incident response: If we confirm a breach affecting your personal information where notification is required, we will notify affected users without undue delay and within applicable legal timelines (for example, where required, within seventy-two (72) hours of becoming aware, together with guidance on protective steps).

6. Data Retention

We retain personal information only as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.

Account information: Retained while your account remains open.
Activity and integration data: Retained while needed to operate features you use and while an integration stays connected, unless you delete it earlier or disconnect the integration.
Account deletion: When you delete your account, we delete or irreversibly de-identify personal information within thirty (30) days, except where we must retain specific records for legal, tax, accounting, or security purposes (for example, billing records held by our payment processor).
Aggregated / de-identified data: May be retained in a form that does not reasonably identify you.
Garmin disconnect: When you disconnect Garmin, we delete Garmin-sourced workout data from our production systems within seven (7) days, subject to standard backup rotation.

7. Your Rights and Choices

Depending on where you live, you may have additional statutory rights. Regardless of location, we provide the following controls:

Access / portability: Request a copy or export of your information, including in a machine-readable form such as JSON where feasible.
Correction: Update profile and athlete information in the Services.
Deletion: Delete your account in settings, subject to lawful exceptions.
Marketing preferences: Opt out via links in emails or in-app settings; operational messages may continue.
Integrations: Disconnect Garmin, Strava, or TrainingPeaks in settings at any time—this revokes our API access on our side and starts the retention clocks described above.
HealthKit: Manage permissions on your iPhone under Settings → Privacy & Security → Health.

Submit privacy requests to privacy@getfuelant.com. We will respond within a reasonable period and, where applicable, within thirty (30) days.

EU / UK users

If you are in the European Economic Area, United Kingdom, or Switzerland, we process personal information under GDPR/UK GDPR as applicable. Legal bases may include contract (providing the Services), legitimate interests (for example, securing our platform, improving the product—balanced against your rights), and consent where required. You may have rights to access, rectify, erase, restrict, object, and port your data, and to lodge a complaint with your supervisory authority. Contact gdpr@getfuelant.com.

U.S. state privacy notices (including California)

Residents of certain U.S. states may have rights to know, delete, and correct personal information, and to opt out of certain types of processing. Fuelant does not "sell" personal information as that term is commonly defined in state privacy laws, and we do not use sensitive health information for targeted advertising. We will not discriminate against you for exercising privacy rights. Submit requests through privacy@getfuelant.com.

8. Children's Privacy

The Services are not directed to children under thirteen (13), and we do not knowingly collect personal information from children under thirteen. If you believe a child has provided us information, contact privacy@getfuelant.com and we will take steps to delete it.

9. Changes to This Policy

We may update this Policy from time to time to reflect changes to our practices or the law. If we make material changes, we will provide notice as required—such as by email, in-product notification, or by posting the updated Policy with a new effective date. Your continued use of the Services after the effective date of an update may constitute acceptance where permitted by law. Prior versions are available on request.

10. Contact Us

General privacy: privacy@getfuelant.com
GDPR / UK requests: gdpr@getfuelant.com
Mailing address: [COMPANY ADDRESS]
Place of formation: [STATE/COUNTRY OF INCORPORATION]