Privacy Policy
Last updated: 2026-02-01
Information We Collect
We collect information you provide directly, including your name, email address, organization, and account credentials when you register. We also collect health and fitness data that you input or sync through third-party integrations, such as training logs, heart rate variability (HRV), sleep data, workout history, and recovery metrics. Additionally, we automatically collect device information, IP addresses, browser type, and usage analytics when you interact with the Service.
How We Use Your Information
We use your information to provide and improve the Service, including generating recovery scores, calculating workload ratios, producing injury risk assessments, and delivering analytics. We also use your information to communicate with you about your account, respond to support requests, send product updates (with your consent), and improve our algorithms and features. We do not use your health or fitness data for advertising purposes.
Health & Fitness Data
We treat health and fitness data with heightened care. This includes any data synced from wearable devices (such as Garmin, Apple Health, or Strava), manually logged training sessions, and any metrics derived from this data such as recovery scores and ACWR values. This data is used solely to provide the Service's core functionality and is never sold to third parties or used for advertising.
Third-Party Integrations
When you connect third-party services such as Garmin, Apple Health, or Strava, we receive data from those platforms in accordance with the permissions you grant. We only request the minimum data necessary to provide our features. You can disconnect integrations at any time from your account settings, which will stop future data syncing but will not automatically delete previously synced data.
Data Sharing & Disclosure
We do not sell your personal information. We may share your data with third-party service providers who assist us in operating the Service (such as cloud hosting and analytics providers), but only to the extent necessary for them to perform their services. If you are an athlete connected to a coach on SteadyState, your training and recovery data will be visible to that coach. We may also disclose information if required by law or to protect the rights, safety, or property of SteadyState or others.
Data Security
We implement industry-standard security measures to protect your data, including encryption of data in transit (TLS) and at rest, secure authentication practices, and regular security reviews. However, no method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.
Data Retention
We retain your personal and health data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes such as resolving disputes.
Your Rights & Choices
You may access, update, or delete your personal information at any time through your account settings. You may request a copy of your data in a portable format. You may opt out of non-essential communications at any time. If you are located in the European Economic Area, you have additional rights under GDPR, including the right to data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority.
Cookies & Tracking
We use essential cookies to maintain your session and preferences. We may use analytics cookies to understand how the Service is used and to improve the experience. You can manage cookie preferences through your browser settings. We do not use cookies for third-party advertising.
Children's Privacy
The Service is not directed to children under 13. If a coach or organization uses SteadyState with athletes under 18, the coach or organization is responsible for obtaining appropriate parental or guardian consent. We do not knowingly collect personal information from children under 13 without verified parental consent.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.
Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us at privacy@steadystate.fit or through our Contact page at steadystate.fit/contact.