Capriroso — Biological Intelligence Engine

Home

Privacy Policy

Effective Date: August 18, 2025

At Capriroso, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how Capriroso (“we,” “us,” or “our”) collects, uses, discloses, and safeguards your information when you use our services (the “Service”), including our website at https://capriroso.com and any related applications or integrations.

Our Service is designed to provide adaptive training plans for athletes and currently supports cyclists, runners, swimmers, and triathletes. We integrate with third-party platforms like Garmin and WHOOP to access fitness and health data with your consent. By using our Service, you agree to the collection and use of information in accordance with this policy.

If you connect your Garmin account to our Service, please also review Garmin’s privacy policy at https://www.garmin.com/en-US/privacy/connect/, as it applies to data processed by Garmin.

If you connect your WHOOP account, please review WHOOP’s privacy policy at https://www.whoop.com/us/en/full-privacy-policy, as it applies to data processed by WHOOP.

Below you will find important details about what information we collect, how we use and share it, and your rights regarding your data.

1. Information We Collect

We collect information that you provide directly to us, as well as data from integrated third-party services (such as Garmin and WHOOP) and automatically collected data. The types of information include:

• Personal Information
- Account and Profile Information: When you create an account or profile, we collect details such as your name, email address, age, sex, height, weight, experience level, training history, discipline focus (e.g., road, gravel, MTB), and physiological profile (e.g., aerobic vs. anaerobic strength balance).
- Event and Lifestyle Information: Target events (e.g., type and date), training availability (hours per week, preferred times), logistical constraints, and reports of recent illness or injury.

• Health and Fitness Data
- Performance Metrics: Power output (watts), cadence (RPM), speed, distance, elevation gain, and gradient from devices like power meters and GPS.
- Physiological Metrics: Heart rate (BPM), HRV, RHR, sleep duration and quality, aerobic decoupling, power duration curve changes, and W’ balance.
- Environmental Data: Temperature, humidity, wind, and weather forecasts.
- Nutritional Inputs: Caloric intake, macronutrient distribution, and hydration metrics.
- Subjective Feedback: RPE, muscle soreness, fatigue ratings, and motivation levels collected post-session.

We access this data via API integrations with services like Garmin and WHOOP only after you explicitly authorize the connection. We do not collect sensitive health data beyond what is necessary for providing adaptive training plans.

• Automatically Collected Information
- Usage Data: Information about how you interact with our Service, such as IP address, browser type, device identifiers, session duration, and pages viewed.
- Cookies and Similar Technologies: We use cookies to enhance user experience, remember preferences, and analyze usage. You can manage cookie preferences through your browser settings.

We do not collect information from children under 13, and our Service is not intended for them.

2. How We Use Your Information

We use the collected information to provide, improve, and personalize our Service, including:
• Generating adaptive training plans based on your readiness, performance trends, and recovery status.
• Assessing readiness through metrics like CTL, ATL, TSB, HRV, and subjective inputs.
• Refining training prescriptions, such as intensity scaling, phase progression/regression, and dynamic recovery insertion.

• Improving our models through anonymized, aggregated data across users (e.g., to calibrate predictive accuracy for similar athlete profiles without identifying individuals).
• Communicating with you about your account, updates, or support.
• Analyzing usage to enhance the Service and detect issues like overtraining or data anomalies.

We process data on a nightly basis for real-time adjustments and maintain a continuously evolving athlete profile for better personalization over time.

3. How We Share Your Information

We do not sell your personal data. We may share information in these limited circumstances:
• Service Providers: With trusted third-party vendors assisting us in operating the Service, bound by confidentiality and data protection agreements.
• Legal Requirements: If required by law, such as subpoena or regulatory request.
• Business Transfers: In the event of merger, acquisition, or sale of assets.
• With Your Consent: For other purposes with your explicit approval.

For population-level learning, we use only anonymized data that cannot be linked back to you.

4. Data Storage and Security

Your data is stored on secure servers in the United States (AWS us-east-1a, 1b, 1c). We implement industry-standard security measures, including encryption in transit and at rest, access controls, security audits, and measures to prevent unauthorized access, loss, or disclosure.

We retain your data as long as necessary to provide the Service and fulfill our legal obligations (e.g., up to 7 years for accounting). Upon account deletion, we securely delete or anonymize your data within 30 days.

In case of a data breach, we will notify you and authorities as required by law.

5. Your Rights and Choices

Depending on your location, you may have rights under laws such as GDPR or CCPA:
• Access: Request a copy of your data.
• Correction: Update inaccurate or incomplete data.
• Deletion: Request erasure of your data (with legal exceptions).
• Objection/Restriction: Object or restrict certain processing.
• Portability: Receive your data in a structured format.
• Withdraw Consent: Revoke consent at any time (disconnect Garmin or WHOOP), though it may limit Service functionality.
• Opt-Out of Sale: We do not sell data, but you can opt out of future sharing if applicable.

Contact and International Data Transfers

To exercise these rights, contact us at privacy@capriroso.com. We respond within 30 days (extendable as permitted). California residents may designate an authorized agent. You can also manage your data by updating your profile or disconnecting integrations directly in the Service.

If you are in the EU/UK or another region with data transfer rules, we ensure transfers are compliant with laws via Standard Contractual Clauses or adequacy decisions.

We may update this policy over time to reflect legal or operational changes. We will notify you of material updates. For any questions, contact us at privacy@capriroso.com.

Thank you for trusting Capriroso with your data.