← TMPRD

Privacy Policy

Effective April 9, 2026

TMPRD ("we", "us", "our") is a private AI coaching platform operated as a solo project. This policy explains what personal data we collect, how we use it, how we protect it, and the rights you have over it. We collect only what we need to coach you and we do not sell your data.

1. Who We Are

TMPRD is a personal-use coaching platform built and operated by an individual coach–athlete pair. It is not a commercial service. Access is invitation-only and every athlete account is set up directly by the operator. If you are reading this policy as part of a third-party OAuth flow (e.g. WHOOP, Garmin), you are being asked to connect a wearable so the TMPRD coach can analyze your training data.

2. Data We Collect

We collect and process the following categories of personal data:
  • Account data: name, email address, and authentication credentials managed through our identity provider (Supabase Auth).
  • Profile and intake data: sport, goals, injury history, training availability, and any notes you submit during onboarding or check-ins.
  • Training data: planned and completed workouts, session notes, subjective ratings (RPE, mood, sleep quality), and weekly check-in responses.
  • Wearable data from WHOOP: when you connect your WHOOP account, we request read-only access to your recovery score, strain, sleep stages and duration, heart-rate variability (HRV), resting heart rate, respiratory rate, workout activities, and related cycle data. We only access the scopes you explicitly authorize in the WHOOP OAuth flow.
  • Wearable data from other providers: if you connect Garmin, Apple Health, or another supported device, we collect similar physiological and activity metrics (steps, sleep, HRV, heart rate, workouts, GPS activities).
  • Body composition data: DEXA scan results you upload (total and regional lean mass, fat mass, bone density) and the original PDF files.
  • Nutrition data: daily energy, macronutrient, and hydration data you log or import from connected nutrition tools.
  • Technical data: minimal server and application logs (request timestamps, error traces) used solely to operate and debug the platform.

3. How We Use Your Data

We use your data to:
  • Deliver the core coaching features of the platform (planning, session tracking, check-ins, archive, trends, DEXA analysis).
  • Generate personalized insights, progress reports, and training adjustments using AI models acting on your behalf.
  • Allow your coach to review your data and provide individualized recommendations.
  • Maintain, secure, and improve the platform.
  • Comply with legal obligations where applicable.
We do not use your data for advertising, profiling for marketing, or training public AI models. We do not sell your data to anyone.

4. Legal Basis for Processing

We process your personal data based on your explicit consent, which you provide when you create an account and when you authorize each wearable connection through its OAuth flow. You may withdraw consent at any time by disconnecting the wearable, deleting your account, or contacting us at the address below.

5. WHOOP-Specific Disclosures

When you connect your WHOOP account:
  • We receive an OAuth access token that is stored encrypted and bound to your TMPRD account only.
  • We fetch only the scopes you approved and only for the periods needed to keep your dashboard up to date.
  • We do not share your WHOOP data with any third party.
  • You can revoke TMPRD's access at any time from your WHOOP account settings or by disconnecting the device inside TMPRD. Revoking access stops future syncs immediately.
  • If you ask us to delete your account, all WHOOP-sourced data stored in TMPRD is deleted along with the rest of your data.

6. How We Share Data

We share personal data only with the infrastructure providers strictly required to run the platform:
  • Supabase — database, authentication, and file storage.
  • Railway — application hosting.
  • Anthropic — large-language-model inference used by the AI coaching components. Only the data needed for a given request is sent, and Anthropic does not use this data to train models.
  • Wearable providers (WHOOP, Garmin, etc.) — only as read sources of your own data, via their official APIs.
We do not share data with advertisers, data brokers, or other third parties.

7. Data Retention

We retain your data for as long as your account is active. When you request account deletion or disconnect a wearable, we remove the relevant data from our production database and storage within a reasonable operational window. Backups are overwritten on their normal rotation schedule. Aggregated, fully anonymized metrics that cannot be linked back to you may be retained indefinitely.

8. Security

Data is transmitted over HTTPS and stored in managed infrastructure with access controls, row-level security policies, and encrypted at rest. OAuth tokens for wearable providers are stored encrypted and scoped per athlete. Only the operator has administrative access to the platform. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

9. Your Rights

Depending on where you live, you may have the right to:
  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data ("right to be forgotten").
  • Export your data in a portable format.
  • Withdraw consent for any processing based on consent.
  • Object to or restrict certain kinds of processing.
  • Lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us at the email address below. Most of these actions can also be performed directly from the Settings page of your account.

10. International Transfers

TMPRD's infrastructure providers may process data in the United States and the European Union. By using the platform you acknowledge that your data may be transferred to and processed in these regions under the safeguards provided by those vendors.

11. Children

TMPRD is not directed at children under 16 and we do not knowingly collect data from them. If you believe a child has created an account, contact us and we will delete the data.

12. Changes to This Policy

We may update this policy as the platform evolves. Material changes will be communicated through the app or via email. The "Effective" date at the top of this page always reflects the latest version.

13. Contact

Questions, requests, or complaints about this policy or your data can be sent to [email protected].