← Back to sign in

Privacy Policy

Last updated: 17 June 2026

Surrey Cycling Club Limited
Registered in England and Wales. Company number 13984966.
The Old Engineering Works, 47 Queens Road, Weybridge, KT13 9UH
hello@surreycyclingclub.co.uk

This Privacy Policy explains how Surrey Cycling Club Limited ("we", "us") processes personal data when you use our AI cycling coach and training platform ("the Platform"). The Platform is currently available to Surrey Cycling Club members only.

1. Data controller and Strava

Surrey Cycling Club Limited is the data controller for personal data you provide directly to us.

Where personal data is supplied via Strava, we and Strava may act as joint controllers for that data, in line with Strava's terms and UK GDPR. Strava authenticates your login; we do not store your Strava password.

Contact: hello@surreycyclingclub.co.uk (include "Personal Data Request" in the subject line for faster handling).

2. Read-only Strava access

We request read-only Strava permissions to download activities and profile fields. We do not write to, edit, or delete anything on your Strava account. We store and analyse copies on our Platform only.

3. Information we collect

  • From Strava (with your consent via OAuth): name, profile image, athlete ID, activities, power, heart rate, distance, elevation, and related metrics. Health-related fields (for example heart rate, weight, or age from Strava) are only processed if Strava shares them under your Strava settings.
  • From you on the Platform: email, year of birth, sex, weight, height, goals, and coaching preferences.
  • Coaching data: AI coach conversations, plans, and memory linked to your profile.
  • Technical data: session cookies, sync logs, IP address in server logs, and diagnostics needed to secure and operate the service.

We do not collect special category data directly from you beyond health-related metrics received from Strava where you have allowed Strava to share them.

4. How we use your data

  • Provide coaching, performance analysis, dashboards, and goals.
  • Estimate metrics such as eFTP, training load, and heart rate context.
  • Power AI coaching with Google Gemini, scoped to your profile only.
  • Improve the Platform and develop new analysis features.
  • Respond to support requests and secure the service.

Legal bases include performance of our service to you, legitimate interests in improving the Platform, and consent where required (for example Strava OAuth and optional features).

5. Who can access your data

Other members: Your detailed activity data and coach conversations are private and not shared with other members.

Surrey Cycling Club Limited: Authorised staff and contractors may access databases and infrastructure only to operate, secure, and improve the Platform. Access is limited to legitimate business purposes.

Processors: Hosting providers, Strava, and Google (Gemini API) process data under contract and their terms. We do not sell personal data.

6. Club comparisons

You may appear in aggregated club rankings (for example monthly riding or power) as a position or rank, not with your full activity details exposed to others. An opt-out is in development. Email us to exclude you in the meantime.

7. International transfers

Data is primarily processed in the UK. Some processors (including Google for Gemini) may process data outside the UK. Where required, we rely on appropriate safeguards such as UK adequacy regulations or standard contractual clauses.

8. Retention, erasure, and your rights

From your Profile you may:

  • Wipe data: delete synced activities and coaching data we hold while keeping your account.
  • Wipe & disconnect: delete your Platform data and revoke this app's Strava access.

We retain data while your account is active and as needed for legal, security, or operational purposes. When no longer needed, we delete or anonymise it securely.

Under UK GDPR you may have rights to access, rectify, erase, restrict, object, and data portability. Contact hello@surreycyclingclub.co.uk. You may complain to the Information Commissioner's Office (ICO).

9. Cookies

We use essential session cookies to keep you signed in and to complete Strava OAuth. We do not use advertising or third-party tracking cookies on the Platform.

10. Security

We use access controls, encryption in transit, and secured hosting. No service is completely secure; protect your Strava credentials and report suspected misuse.

11. Accuracy disclaimer

Analytics and AI outputs may be wrong or incomplete. Do not rely on them as medical or professional advice. Report concerns to hello@surreycyclingclub.co.uk.

12. Changes

We may update this Privacy Policy. The "Last updated" date will change when we do. Please review this page regularly.

13. Contact

hello@surreycyclingclub.co.uk