Privacy Policy

Effective April 15, 2026

Taper ("Taper," "we," "our," or "us") builds an AI training coach that helps athletes plan, adapt, and understand their training. This Privacy Policy describes what information we collect, how we use it, who we share it with, and the choices you have. It applies to tapertraining.com, the Taper iOS and watchOS apps, and all related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

1. Information we collect

Account information

When you sign up we collect your email address and authentication credentials (managed through Supabase Auth). If you sign in via a third party such as Apple or Google, we receive the basic profile information that provider shares.

Athlete and training data

To provide coaching, the Service processes information about your training and physiology, including:

  • Workouts, planned sessions, goals, races, and training history
  • Heart rate, heart-rate variability (HRV), resting heart rate, wrist temperature, sleep, respiratory rate, VO₂ estimates, and similar metrics from Apple Health / HealthKit when you grant permission
  • Activity files and metrics imported from connected services such as Strava, including power, pace, cadence, GPS routes, and session metadata
  • Recovery, sleep, strain, and physiological metrics from wearables such as Whoop and Oura when you connect those accounts
  • Subjective inputs you enter, such as RPE, notes, soreness, mood, and schedule preferences
  • Device and app data such as model, OS version, language, and crash diagnostics

Usage information

We collect basic logs about how the Service is used — feature interactions, request timestamps, error traces, and diagnostic information — so we can keep the Service running and improve it.

Communications

If you email us or sign up for the waitlist, we retain that correspondence and the email address you provide.

2. How we use information

  • Generate personalized training plans, daily recommendations, and explanations
  • Adapt your plan based on recovery, fatigue, and recent performance
  • Operate, maintain, secure, and improve the Service
  • Debug issues and monitor reliability
  • Respond to support requests and send essential account notices
  • Comply with legal obligations and enforce our terms

We do not sell your personal information, and we do not use your health or training data for advertising.

3. AI processing

Taper uses large-language-model providers (including Anthropic, OpenAI, and Google) to generate coaching responses. When you interact with the coach, relevant training context may be sent to these providers solely to produce a response. We contract with providers who commit not to train their general models on your content. Prompts and responses may be retained for a limited period for abuse monitoring and service reliability, subject to each provider's policies.

4. How we share information

We share information only as described here:

  • Service providers that run our infrastructure, including Supabase (database, auth, storage, edge functions), cloud hosting, analytics, error monitoring, and the AI providers listed above. They may only process data on our behalf and under contract.
  • Connected integrations you authorize, such as Strava or Apple Health. Data flows under the permissions you grant; you can disconnect any integration at any time.
  • Legal and safety: if required by law, legal process, or to protect rights, safety, or property.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, with notice where required.

5. Apple Health & HealthKit

Data read from HealthKit is used only to deliver the coaching features you request. HealthKit data is never used for advertising, sold, or shared with third parties for marketing. HealthKit data is not shared with entities that would use it for their own purposes. You can revoke HealthKit access at any time in iOS Settings → Privacy & Security → Health.

6. Strava, Whoop, Oura & other third-party integrations

When you connect a third-party service such as Strava, Whoop, or Oura, we access the activities, recovery metrics, sleep data, and profile information you authorize via OAuth. We use that data solely to display and analyze your training inside Taper. You can disconnect any integration at any time from within the app or from the provider's own settings, and we will stop ingesting new data. Each provider's own privacy policy continues to govern data you hold with them.

7. Data retention

We retain account and training data for as long as your account is active, or as needed to provide the Service. You can request deletion of your account at any time (see Section 9). Some records may be retained longer where required for legal, security, or audit purposes.

8. Security

We use industry-standard measures to protect your data, including encryption in transit (TLS), encryption at rest for our databases, row-level security policies, and access controls. No system is perfectly secure, and we cannot guarantee absolute security.

9. Your rights and choices

  • Access & export: request a copy of the data we hold about you.
  • Correction: update inaccurate information from within the app or by contacting us.
  • Deletion: delete your account and associated data from the app's account settings, or by emailing us.
  • Withdraw consent: revoke HealthKit or Strava permissions at any time.
  • Regional rights: residents of Australia have rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles, including the right to access and correct your personal information and to lodge a complaint with the Office of the Australian Information Commissioner (OAIC). Residents of the EEA, UK, and California may have additional rights under GDPR/UK GDPR/CCPA, including the right to object, restrict processing, and lodge a complaint with a supervisory authority.

10. Children

The Service is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

11. International transfers

Taper is operated from Sydney, Australia. If you access the Service from another region, your information may be transferred to and processed in Australia, the United States, and other countries where our providers operate.

12. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date above and, where appropriate, notify you through the Service or by email. Continued use after changes take effect means you accept the updated policy.

13. Contact

Questions, requests, or concerns? Email us at privacy@tapertraining.com.