Privacy Policy
Last updated: February 2026
Overview
PLOD is a fitness analytics app that helps runners understand their performance through data visualisation, trend analysis, and AI-powered insights. This policy explains how we collect, use, store, and protect your data.
PLOD is operated by George Gomes ("we", "us", "our"), based in London, United Kingdom.
1. Data We Collect
Activity Data from Connected Services
When you connect a fitness platform, we collect activity data including:
- Activity type, distance, duration, and pace
- Heart rate data (average, maximum, zones)
- Elevation gain
- Activity date, time, and location (city/country)
- Personal records and best efforts
- Start coordinates (for location-based insights)
We access this data through official APIs provided by the connected platform (e.g. Strava API, Garmin Connect API) with your explicit authorisation.
Health and Fitness Data from Device Health Platforms
With your permission, we may read data from Apple HealthKit (iOS) or Health Connect (Android), including:
- Workout summaries (distance, duration, heart rate)
- Resting heart rate and heart rate variability
- Sleep data
- Step count
Health data is read from your device only. We do not write to or modify your health data. HealthKit and Health Connect data is not used for advertising or shared with third parties.
Account and Preferences
- Name and profile information from your connected fitness account
- App preferences (units, goals, notification settings)
- Authentication tokens (stored securely, used only to access your data)
2. How We Use Your Data
| Purpose | Data Used |
|---|---|
| Performance dashboards and charts | Activity metrics (pace, distance, HR, elevation) |
| Trend analysis and progress tracking | Historical activity data |
| Personalised insights and coaching | Aggregated activity summaries |
| Personal record tracking | Best efforts and segment data |
| Training goal progress | Weekly/monthly distance and activity counts |
| Location-based explorer metrics | Activity start coordinates |
We do not use your data for advertising, sell your data to third parties, or share individual activity data with other users.
3. Third-Party Services
We use the following third-party services to operate PLOD:
| Service | Purpose | Data Shared |
|---|---|---|
| Strava | Activity data source | OAuth tokens (to read your activities) |
| Garmin Connect | Activity data source | OAuth tokens (to read your activities) |
| Google Firebase | Authentication, database, cloud functions | Account info, activity data (stored) |
| Apple HealthKit | On-device health data | None (read-only, on-device) |
| Google Health Connect | On-device health data | None (read-only, on-device) |
Each third-party service is governed by its own privacy policy. We only share the minimum data necessary for each service to function.
4. Data Storage and Security
Your data is stored in Google Cloud Firestore, hosted in Google Cloud data centres. We protect your data through:
- Encryption in transit (TLS/HTTPS) and at rest
- Firebase security rules restricting access to authenticated users
- OAuth 2.0 for all third-party service connections
- No storage of passwords (authentication handled by Firebase Auth and OAuth providers)
5. Data Retention
We retain your activity data for as long as your account is active. When you disconnect a data source or delete your account:
- OAuth tokens are immediately revoked
- Activity data is deleted from our database
- Generated insights are deleted
Anonymised, aggregated statistics (e.g. total user counts) may be retained for service improvement.
6. Your Rights
Under UK GDPR and applicable data protection law, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Delete your data ("right to be forgotten")
- Export your data in a portable format
- Withdraw consent at any time by disconnecting services in the app
- Object to processing of your data
To exercise any of these rights, contact us at privacy@plod.run.
7. Apple HealthKit and Google Health Connect
We treat health platform data with additional care:
- HealthKit and Health Connect data is accessed only with your explicit permission
- Health data is used solely to provide fitness analytics within PLOD
- Health data is not used for advertising or marketing
- Health data is not sold or shared with third parties
- Health data is not used to determine insurance eligibility or for any discriminatory purpose
- You can revoke health data access at any time through your device settings
8. Children's Privacy
PLOD is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
9. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of material changes through the app or via email. Continued use of PLOD after changes constitutes acceptance of the updated policy.
10. Contact
If you have questions about this privacy policy or your data, contact us at:
George Gomes
PLOD
London, United Kingdom
privacy@plod.run