Privacy Policy

1. Introduction

Synka is a mobile app for ultra-personalized running coaching. Training plans adapt to your physiological profile (age, heart rate, performance history, training load) and, for users who choose to, to their menstrual cycle.

This policy explains, clearly and transparently, how we collect, use, store, and protect your personal data.

Synka is currently in beta. The project is in the process of being incorporated as a company. This policy will be updated upon the company's official formation.

Data controller contact: Synka, company in formation Email: hello@synka.fit

2. What data we collect

2.1 Identification data

• Email address
• Password (stored hashed and secured)
• Username (optional)
• Declared gender (used to adapt the interface and features)

2.2 Physiological and health data

• Age / year of birth
• Maximum heart rate (HRmax)
• Resting heart rate
• Menstrual cycle data (optional): period dates, reported pain, energy levels, cycle phase

Menstrual cycle tracking is entirely optional. You can use Synka without providing this data. If you enable cycle tracking, the data collected is treated as health data under Article 9 of the GDPR and is subject to enhanced protection.

2.3 Training data

• Running sessions: distance, duration, pace, elevation
• Heart rate during effort (average and maximum)
• Estimated calories
• Session start location (latitude, longitude)
• GPS track of the session (encoded polyline)
• Personal notes

2.4 Data from connected third-party services

If you choose to connect your Strava or Garmin account, we collect:

• Authentication token (encrypted)
• Third-party service user ID
• Imported sports activities (running only)

2.5 Virtual coach conversations

• History of your questions to the virtual coach
• Responses generated by the artificial intelligence
• Training context transmitted with each conversation

3. Why we use your data (purposes)

Your data is processed solely to:

1. Provide the coaching service: generate a personalized training plan adapted to your physiological profile (age, heart rate, performance) and, where applicable, to your cycle phase
2. Analyze your performance: calculate your estimated VO2max, your training load (ATL/CTL/TSB), your personal records
3. Provide you with a virtual coach: answer your training questions via artificial intelligence
4. Improve the service: research and development of our training algorithms (on anonymized data only)
5. Contact you: send notifications about your activity (only with your consent)

4. Legal basis for processing (Article 6 GDPR)

You may withdraw your consent at any time from the app settings or by contacting us.

5. Who we share your data with (processors)

We never sell your data. We share it only with technical providers necessary to operate the service:

5.1 Supabase (database hosting)

• Company: Supabase Inc.
• Data location: European Union (EU-West region)
• Compliance: GDPR, SOC 2, ISO 27001
• Important note (beta phase): Synka is currently in beta. At this stage, your data is hosted on Supabase, which is not certified as a Health Data Host (HDS) under French law. A migration to an HDS-certified host is planned before commercial launch. By using the beta version, you acknowledge and accept this transitional situation.

5.2 Anthropic (Claude artificial intelligence)

• Company: Anthropic, PBC (United States)
• Service: Claude API used for the virtual coach
• Transfer outside the EU: Your data is transferred to the United States when you use the virtual coach
• Safeguards: European Commission Standard Contractual Clauses (SCCs), EU-US Data Privacy Framework (DPF)
• Data transmitted: your question + minimal context (cycle phase where applicable, experience level, aggregated statistics). We do not transmit your raw identifying data (email, name).
• Retention at Anthropic: Anthropic retains API requests for up to 30 days for operational reasons, then deletes them. Anthropic does not use your data to train its models.

5.3 Strava and Garmin (connected third-party services, optional)

• Connection only if you explicitly authorize it
• We retrieve your activity data via their official APIs
• You can revoke access at any time from Synka's settings or directly with Strava/Garmin

6. How long we keep your data

6.1 Anonymization upon deletion

When you delete your account: 1. Your identifying personal data (email, name, tokens, Strava/Garmin IDs) is deleted immediately 2. Your training and cycle data is anonymized: we remove any link to your personal identity, keeping only aggregated values in a format that allows no re-identification 3. This anonymized data is retained for up to 3 years for:

• Research and improvement of our training algorithms
• Development of artificial intelligence features (profile clustering, personalized recommendations)

Truly anonymized data falls outside the scope of the GDPR and is no longer considered personal data.

7. Your rights

In accordance with the GDPR, you have the following rights:

• Right of access: obtain a copy of your data
• Right to rectification: correct inaccurate data
• Right to erasure ("right to be forgotten"): delete your account and your data
• Right to restriction of processing
• Right to data portability: receive your data in a structured format
• Right to object to processing, including profiling
• Right to withdraw your consent at any time
• Right to lodge a complaint with the CNIL (www.cnil.fr) or your local data protection authority

To exercise these rights:

• In the app: Settings → My account → Manage my data
• By email: hello@synka.fit
• Maximum response time: 1 month

8. Security

We implement the following technical and organizational measures:

• Encryption of data in transit (HTTPS/TLS 1.3)
• Password encryption (bcrypt)
• Encryption of third-party authentication tokens
• Hosting on certified infrastructure (Supabase, ISO 27001 / SOC 2)
• Daily automatic backups
• Data access limited to strictly necessary personnel

In the event of a data breach affecting your rights, we undertake to notify you within 72 hours in accordance with the GDPR.

9. AI Transparency Statement

Synka uses artificial intelligence technologies and automated algorithms. This section clearly describes how they work.

9.1 Current algorithms (deterministic, non-AI)

Most of Synka's features rely on deterministic algorithms (non-AI):

• Generation of the personalized training plan based on physiological profile and, where applicable, cycle phase
• Estimated VO2max calculation (HR-based formula)
• Calculation of TSS, ATL, CTL, TSB (standard scientific methods)
• Detection of menstrual cycle phases
• Matching of Strava sessions with planned sessions

The user's age is used to calibrate several calculations: HRmax estimation (220 − age formula), training-load adjustment, and adaptation of recommendations to the user's age range.

These algorithms are based on published, reproducible scientific formulas. They are not considered artificial intelligence in the strict sense.

9.2 Generative artificial intelligence (virtual coach)

The virtual coach uses a large language model (LLM) provided by Anthropic Claude. When you interact with the coach:

• We transmit your question and minimal context (cycle phase where applicable, experience level, aggregated training statistics)
• We do not transmit your raw identifying data
• The response is generated by Anthropic's AI model
• Conversations are stored in your account to ensure continuity of experience
• You can disable the virtual coach at any time from settings

Limitations: the virtual coach's responses are AI-generated. They may contain errors or approximations. The virtual coach does not replace the advice of a healthcare professional or a human coach. For any medical question, consult a qualified healthcare professional.

9.3 Future developments (automated profiling and AI personalization)

We plan to develop more advanced AI features over time:

• User profile clustering: grouping similar profiles to optimize recommendations
• Predictive personalization: automatic plan adaptation based on your history and age range
• Pattern detection: identifying trends in your performance

These features constitute automated profiling within the meaning of Article 22 of the GDPR. Before their deployment:

• We will inform you explicitly
• You will need to give specific consent to enable these features
• You may object at any time without losing essential functionality
• A human decision will always remain possible (intervention by a human coach)

9.4 Data used to improve our AI

Anonymized data from deleted accounts (see section 6.1) may be used to train and improve our future AI models. As this data is anonymized, it cannot be traced back to you personally.

10. Minors

Synka is intended for adults (18 and over), of any gender. If you are under 18, you must obtain the consent of your legal guardian before using our services. For users between 15 and 18, under French law, parental consent may be required in certain cases.

If we discover that an account belongs to a minor without parental consent, we will delete the data.

11. Cookies and trackers

Synka is a mobile application and does not use cookies in the traditional web sense.

We currently use no third-party behavioral analytics tools (no Google Analytics, Mixpanel, Amplitude, PostHog, etc.).

If we integrate any in the future, this policy will be updated and your consent will be requested.

12. Changes to this policy

We may modify this privacy policy. In the event of a material change, we will notify you by email and in the app at least 30 days before it takes effect. At that point you may refuse the new terms and delete your account.

13. Contact

For any question about this policy or your personal data:

• Email: hello@synka.fit

You may also contact the CNIL (French data protection authority):

• Website: www.cnil.fr
• Address: 3 Place de Fontenoy, 75007 Paris, France
• Phone: +33 1 53 73 22 22

This privacy policy is written in English. Synka operates primarily under French and EU data protection law (GDPR).