Privacy and data handling

What we collect

• Account: email and credentials you use to sign in.
• Integrations: when you connect Oura, Strava, Garmin, HEVY, or similar sources, we keep your tokens or API keys in protected secret storage and sync the health and activity data you authorize.
• What you enter: meals, goals, questionnaire answers, and messages to the Coach.
• Technical data: logs and diagnostics needed to run the service.

Self-host option

If you do not want hosted infrastructure, you can run this stack yourself with your own Supabase project, provider apps, and deployment. Start at Self-host Phronesis. If you are signed in, the same guidance is also in the Trust Center.

How we use it

We use this information to provide Phronesis: display your data, run syncs, and answer coaching questions. We do not sell your health data to data brokers. We use infrastructure providers (hosting, database, authentication) to operate the app. Where the Coach uses AI, your messages and relevant context are sent to our AI providers to generate responses.

Strava and other APIs

When you connect Strava, your use of Strava is also governed by Strava's terms and privacy policy. Strava may collect and use information related to your use of the Strava API in connection with Phronesis, as described in the Strava API Agreement. You can review and revoke access in your Strava account settings. Other integrations you enable are subject to those providers' terms as well.

Security

Everything moves over HTTPS. Provider tokens and API keys get extra protection in secret storage. No method of storage or transmission is perfect; use a strong password and contact us if you suspect unauthorized access.

Your choices

• Disconnect integrations under Settings, then Connect devices. That stops new syncs from that source.
• To delete your account or ask for a copy or erasure of personal data, contact us using the same channel you use for product support, when available.