1. Introduction
CardioCapture ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we handle your information when you use the CardioCapture mobile application (the "App").
By using CardioCapture, you agree to the practices described in this policy. If you do not agree, please do not use our App. Your use of the App is also subject to our Terms of Service.
Privacy at a Glance
- No account required — You remain anonymous
- No data stored on our servers — Your fitness data stays on your device
- You control sharing — Data is only shared when you explicitly choose to export or sync
- Minimal analytics — Privacy-first, anonymous usage statistics only
2. Data We Do Not Collect
CardioCapture is designed with privacy as a core principle. We do not:
- Require you to create an account
- Collect your name, email address, or any personal identifiers
- Store your fitness or health data on our servers
- Track your location
- Sell your personal data to third parties for any purpose
This commitment applies to all data we handle, including any data received from third-party APIs such as the Garmin Connect API.
3. Data Stored Locally on Your Device
Your fitness data is securely stored in a local private database on your device. This includes:
- Workout data captured from gym cardio equipment
- Heart rate information
- Activity duration, calories, and other exercise metrics
Your data never leaves your device unless you explicitly choose to share or export it.
Because your data is stored locally, if you delete the App or clear its data, your fitness information will be permanently removed from your device.
4. Anonymous Usage Analytics
To help improve CardioCapture, we may collect anonymous usage analytics using Matomo, a privacy-focused analytics platform. Our Matomo instance is hosted securely in the European Union on a dedicated and isolated server.
These analytics are:
- Anonymous — No personal identifiers are collected
- Aggregated — We only see general trends, not individual behavior
- Minimal — Limited to basic usage patterns like feature usage and app stability
This data helps us understand how the App is used so we can fix bugs and improve features. It cannot be used to identify you personally.
5. When You Choose to Sync or Share Data
CardioCapture allows you to both import data from fitness wearables and export your workout data to external platforms. In all cases, data only moves when you explicitly choose to do so — nothing happens automatically without your consent.
Your explicit consent is required for all data transfers — both importing data into CardioCapture and exporting data to external services. You are always in control.
5.1 Syncing External Data (Importing)
CardioCapture can sync and import data from fitness wearables and health platforms to enhance your workout records. With your explicit consent, you may import data such as heart rate, activity metrics, and other fitness information from:
- Garmin — Via the Garmin Connect API, subject to Garmin's Privacy Policy
- Coros — Subject to Coros's Privacy Policy
- Apple Health — Subject to Apple's Privacy Policy
- Other wearables and devices — As supported by the App
When you authorize a connection, data is imported from these services and stored locally on your device. We do not store this imported data on our servers.
5.2 Sharing with Training Platforms (Exporting)
CardioCapture allows you to export and share your captured workout data with training and fitness platforms. With your explicit consent, you may export data to services such as:
- Strava — Subject to Strava's Privacy Policy
- TrainingPeaks — Subject to TrainingPeaks' Privacy Policy
- Garmin Connect — Subject to Garmin Connect's Privacy Policy
- Other training platforms — As supported by the App
Garmin Connect Notice: When you choose to upload data to Garmin Connect, your data will be transferred to and processed by Garmin International, Inc. and its affiliates in accordance with Garmin's Privacy Policy. You should not upload data to Garmin Connect if you are restricted from doing so under applicable law or any agreement with Garmin.
Important: Any data you import from or export to external services becomes subject to those services' privacy policies and any agreements you have with them. We encourage you to review their policies before connecting.
5.3 Consent and Authorization
All connections to external platforms require your explicit authorization through an OAuth consent flow. Each data transfer must be explicitly initiated by you. No data is transferred in the background without your knowledge.
You can withdraw your consent at any time by:
- Revoking the connection through the App's settings
- Revoking access through the third-party platform's connected apps settings (e.g., Garmin Connect, Strava, or TrainingPeaks)
Withdrawing consent immediately stops any further data transfers to or from that service.
5.4 Manual File Exports
You can also export your workout data in standard formats (such as FIT, TCX, or GPX files) to use with any compatible service or for your own records. Once exported, that data is under your control.
6. Artificial Intelligence Processing
CardioCapture offers an optional AI-powered feature that allows you to describe a workout in natural language, which is then converted into a structured FIT file. This feature is entirely opt-in and requires your explicit consent before any data is processed.
How It Works
When you choose to use the AI workout builder, your workout description is sent to Anthropic's Claude API for analysis and conversion. This means your workout description is transmitted to Anthropic's servers for processing.
What You Should Know
- Opt-in only — AI processing only occurs when you explicitly choose to use this feature
- Inference only — Your data is not used to train AI models; it is processed solely to generate your workout file
- You can stop at any time — You can choose not to use the AI feature without affecting any other functionality of the App
- Third-party processing — Workout descriptions are processed by Anthropic in accordance with Anthropic's Privacy Policy
7. Your Data Rights
You have the following rights regarding your personal data:
- Right of Access — You can request a copy of any personal data we hold about you
- Right to Rectification — You can request correction of inaccurate data
- Right to Erasure — You can request deletion of your personal data
- Right to Object — You can object to processing of your personal data
- Right to Restriction of Processing — You can request that we limit how we process your data
- Right to Data Portability — You can request your data in a portable, machine-readable format
Local storage advantage: Because CardioCapture stores your fitness data locally on your device, most of your data is already entirely under your control. You can view, modify, export, or delete it at any time directly within the App.
To exercise any of these rights regarding data we may process (such as anonymous analytics), please contact us at rory.duffy@cardiocaptureapp.xyz. We will respond to your request within 30 days.
8. You Are in Control
You have full control over your data at all times:
- Disconnect integrations: At any time, you can disconnect any linked fitness platform through the App's settings, immediately stopping any further data sharing with that service.
- Withdraw consent for specific transfers: You can revoke authorization for any individual platform connection at any time, either through the App's settings or through the third-party platform's connected apps settings.
- Delete your data: You can delete your locally stored workout data from within the App at any time.
- Revoke permissions: You can manage or revoke CardioCapture's permissions through your device's system settings.
- Stop AI processing: You can choose not to use the AI workout builder at any time without affecting other App functionality.
Since we do not store your data on our servers, deleting the App or your local data removes it completely — there is nothing for us to delete on our end.
9. Data Security
We take reasonable measures to protect the App and your locally stored data:
- Data stored on your device uses your device's built-in security and encryption
- Any data transmitted during export or sync uses secure, encrypted connections (TLS/SSL)
- Our analytics platform is hosted on a secure, isolated server
10. Children's Privacy
CardioCapture is not intended for use by children under the age of 13. We do not knowingly collect any information from children. Since the App does not collect personal information, no such data can be inadvertently gathered.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify you via an in-app notice for significant changes
We encourage you to review this policy periodically.
12. Contact Us
If you have any questions or concerns about this Privacy Policy, please contact us:
CardioCapture
You may also use this contact information to report any misuse or abuse of the CardioCapture application.
13. Third-Party Privacy Policies
When you choose to connect CardioCapture with external platforms, your data is governed by their respective privacy policies: