Privacy Policy
Last updated 7 June 2026
Frankie is a personal running-coach app. This policy explains what data it collects, why, and the control you have over it. It's written in plain language for an early beta and isn't legal advice.
Who's responsible
Frankie is operated by Aurélien Hubert ("I", "me"), the data controller for the purposes of the GDPR. For any question or request about your data, contact privacy@frankie.run.
What I collect
- Account — your name and email address, from Google when you sign in.
- Activity data from Strava — when you connect Strava, I read your activities from the last 12 weeks: runs (distance, time, pace, heart rate, GPS-derived splits and streams, elevation) and other activity types (used as cross-training context). Access is read-only — Frankie never writes to or posts on Strava.
- Goals you set — race targets, distances and dates.
- Data I derive — training-load, fitness and race-time estimates, and the AI coaching commentary generated from the above.
- Weather — historical weather for the time and place of each run, to put efforts in context.
Why I use it, and the legal basis
I use this data only to provide the running analysis and coaching that is the product. The legal bases are your consent (for connecting Strava and processing your activity data) and legitimate interest (operating the app for you). I do not sell your data or use it for advertising.
Who processes it
Your data is stored and processed by a small set of providers, each under their own privacy terms:
- Supabase — database and authentication, hosted in the EU. Privacy
- Vercel — web hosting (EU region). Privacy
- Modal — background compute for syncing and analysis (EU region). Privacy
- Anthropic — generates the AI coaching text. Only numbers and an opaque user identifier are sent — never your name or email. Privacy
- Strava — the source of your activity data. Privacy
- Google — sign-in. Privacy
- Sentry — error diagnostics, EU-hosted and PII-scrubbed (no name or email). Privacy
Where it's stored
In the European Union (Supabase, Paris region). Background compute runs in EU regions.
How long I keep it
- Activities roll on a 12-week window — anything older than 84 days is deleted automatically.
- Goals, derived analysis, AI commentary and fitness history are kept until you delete them or your account.
- Strava tokens are kept (encrypted) only while you're connected, and revoked when you disconnect or delete your account.
Cookies
Only the essential cookies needed to keep you signed in. No advertising or third-party tracking cookies, so there's no cookie banner to click through.
Your rights
At any time you can:
- Access and export your data — Settings → Download my data gives you a full JSON copy (GDPR Article 20).
- Delete everything — Settings → Delete account permanently erases your data and disconnects Strava (GDPR Article 17).
- Correct your data, withdraw consent (by disconnecting Strava or deleting your account), and object to processing.
- Complain to a supervisory authority — in France, the CNIL.
To exercise any right that isn't self-service, contact privacy@frankie.run.
Security
Strava tokens are encrypted at rest. Every database row is protected by row-level security, so you can only ever access your own data.
Changes
I'll update this page if the data practices change, and revise the "last updated" date above.
Contact
Aurélien Hubert — privacy@frankie.run.