IntraCoach

Privacy Policy

This Privacy Policy describes how IntraCoach (the “Service”) handles information. This project is currently a developer preview. It is intended to help you generate and preview training plans and, optionally, connect to third‑party services to upload plans. We aim to minimize the data we process and store.

Summary

  • We don’t sell your data. We avoid storing personal data wherever possible.
  • Plan content you paste or generate is processed to validate and render previews. We do not persist it to a database.
  • If you connect a third‑party service (e.g., intervals.icu), an access token may be used to call their API. In the current developer setup this token is kept in an HttpOnly cookie on your device; it is not written to our database.
  • Hosting is provided by Vercel. Their systems may log IP addresses and request metadata for operations and security. See Vercel’s privacy policy.

Information we process

  • Plan data you provide: JSON describing your training plan is validated and rendered. It is handled in memory for the duration of the request and not stored by the Service.
  • Connection credentials: If you choose to connect to a third‑party (e.g., intervals.icu), you provide an API token. In the current developer preview, we store this temporarily in an HttpOnly cookie so that server‑side routes can authenticate on your behalf. We do not send this token anywhere other than the selected third‑party API endpoints you invoke.
  • Basic service logs: Our hosting provider may record standard request logs (e.g., IP address, user agent, timestamps) for reliability and security.

What we don’t do

  • No sale of personal data.
  • No ad trackers or third‑party analytics.
  • No persistent server‑side storage of your plan data in this preview.

Cookies

The Service uses minimal cookies:

  • uid – a development session identifier used to gate access to non‑public pages.
  • intervals_token – if you connect to intervals.icu, a development‑only token stored as an HttpOnly cookie so server actions can call their API. This is not accessible to client JavaScript.

In a future production release, tokens will be moved to encrypted server‑side storage and scoped per user.

Third‑party services

  • Hosting: Vercel, Inc. The Service runs on Vercel’s infrastructure. Refer to Vercel’s privacy policy for how they handle logs and operational data: vercel.com/legal/privacy.
  • Optional connections: If you choose to connect and upload a plan to a third‑party (e.g., intervals.icu), your plan data and token will be transmitted to that provider solely to perform the requested action. Please consult the third‑party’s own privacy disclosures.

Security

We use HTTPS and HttpOnly cookies to reduce exposure of credentials. No system is perfectly secure; please avoid sharing sensitive health information. If you believe you’ve found a security issue, please report it via the project’s issue tracker.

Data retention

Plan data is processed transiently and not stored by the Service. Cookies persist until you clear them or revoke the connection. Hosting logs may be retained by Vercel per their policy.

Your choices

  • You can revoke third‑party connections at any time from the Connections page.
  • You can clear cookies in your browser to remove local tokens and session identifiers.

Changes to this policy

We may update this policy as the Service evolves (for example, when moving credentials to encrypted server storage). We will update the date below when changes are made.

Last updated: September 9, 2025