Privacy Policy

Privacy Policy

Controller: Stridient AI LTD ·
Application: Stridient AI (iOS & Android) ·
Effective date: 5 May 2026 ·
Contact: info@stridientai.com

Stridient AI LTD (“Stridient AI”, “we”, “us”) provides the Stridient AI mobile application (the “App”), an AI-assisted running companion. This policy explains what we collect, why, who we share it with, how long we keep it, and the rights you have under the EU/UK GDPR, the California Consumer Privacy Act (CCPA/CPRA) and other applicable laws.

Plain-English summary: We collect only what we need to run the app. We do not use third-party analytics by default — analytics is strictly opt-in. We never sell your data. You can sign in with Apple, Spotify, Google, Amazon, Strava, or Garmin; in each case we only request the minimum scopes needed for the feature you enable, and you can disconnect at any time.

1. What we collect

1.1 Personal information

  • Email address — used to create your account and send essential service notices. Required only if you choose to sign in.
  • Name — optional. Provided by you or relayed from your sign-in provider if you grant it.

1.2 Health & fitness data

  • Heart rate
  • Distance
  • Pace
  • Cadence
  • Calories
  • Route GPS data (the geographic trace of your run)

1.3 Location

  • Real-time GPS while a run is active, used to record your route, calculate pace and distance, and power live audio/coaching features. Background location is only used while you have an active run.

1.4 User content

  • Route names you create
  • Run notes you write
  • Photos you choose to attach to or share from a run

1.5 Identifiers

  • Apple ID hash — opaque user identifier returned by Sign in with Apple
  • Spotify user ID
  • Google user ID
  • Amazon user ID
  • Strava user ID
  • Garmin user ID
  • Per-provider OAuth access & refresh tokens, stored encrypted at rest, used solely to call the third-party APIs you have authorized.

1.6 Usage data

Stridient AI does not use third-party analytics by default. Crash reporting and product analytics are opt-in only; you can enable or disable them at any time in Settings → Privacy. When opt-in is enabled, we collect only aggregated, pseudonymous event and crash data; we never associate it with your identifiers, route data or health data.

2. How we use your data

  • Provide core run-tracking, mapping, coaching and AI features.
  • Authenticate you via your chosen sign-in provider.
  • Sync activities to/from the third-party services you have connected.
  • Send you essential service messages (security, account, legal).
  • Diagnose crashes and improve the app — only if you have opted in to analytics.

We do not use your health, fitness, route or location data for advertising. We do not sell or “share” personal information as defined under CPRA.

3. Legal bases (GDPR/UK GDPR)

Purpose Legal basis
Providing the App and processing runs you record Performance of a contract
Health & fitness, route GPS, photos Explicit consent (Art. 9(2)(a) for health data)
Connecting Apple / Spotify / Google / Amazon / Strava / Garmin Consent — granted via the provider’s OAuth screen
Crash & analytics data Consent (opt-in only)
Service messages, fraud prevention, legal compliance Legitimate interests / Legal obligation

4. Third parties and what we share with each

Provider Purpose Data shared with them Data we receive
Apple — Sign in with Apple Authentication Auth request only (no Stridient AI data is sent) Apple ID hash (opaque), optional relayed email, optional name
Spotify Music control during runs; show currently-playing track OAuth token; playback control commands you initiate Spotify user ID, current playback state
Google Sign-in; optional Google Fit sync OAuth token; if Fit sync enabled, completed workout summaries you choose to export Google user ID, profile email/name, optional Fit data per scopes you grant
Amazon Login with Amazon / optional Alexa skill linking OAuth token Amazon user ID, profile email/name
Strava Activity import/export per scopes you grant OAuth token; activities you choose to upload (route, time, HR, pace) Strava user ID, profile, activities you authorise us to read
Garmin (Garmin Connect) Activity import per scopes you grant OAuth token Garmin user ID, activities, heart rate and route data per scopes you grant

Each provider processes data under its own privacy policy. You can revoke any connection in Stridient AI under Settings → Connections, or directly in the provider’s account dashboard.

We also use the following operational sub-processors strictly for hosting and infrastructure: cloud hosting and database providers under signed Data Processing Agreements. They process data only on our instructions and never for their own purposes. A current sub-processor list is available on request from info@stridientai.com.

5. International transfers

Where personal data leaves the UK/EEA, we rely on the European Commission’s Standard Contractual Clauses (and the UK Addendum) together with supplementary technical and organisational measures.

6. Retention

Data Retention
Account & identifiers Until you delete your account
Runs, routes, health & fitness data, user content Until you delete the item or your account
OAuth tokens Until you disconnect the integration or delete your account
Opt-in crash & analytics events Up to 13 months, then aggregated
Backups Up to 30 days after deletion, then irreversibly purged

7. Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability — receive your data in a machine-readable format
  • Withdraw consent at any time (without affecting prior lawful processing)
  • Lodge a complaint with your supervisory authority (e.g. the UK ICO at ico.org.uk) or, in the EEA, your local DPA

To exercise any right, email info@stridientai.com or use Settings → Privacy → Export / Delete my data in the App. We respond within 30 days.

8. Security

We protect your data with TLS in transit, encryption at rest for credentials and tokens, role-based access control, audit logging, and the principle of least privilege. No system is 100% secure, but we work to follow industry best practice and to notify you and regulators of any qualifying breach within the legally required timeframes.

9. Children

The App is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact info@stridientai.com and we will delete it.

10. Changes to this policy

We will update this page when our practices change and will revise the “Effective date” above. Material changes will also be notified in-app or by email where appropriate.

11. Contact

Stridient AI LTD
Email: info@stridientai.com

© Stridient AI LTD. This policy is provided for your convenience and does not constitute legal advice; please have it reviewed by qualified counsel for your jurisdiction.