Privacy Policy

Last updated: 19 June 2026

This policy explains how [LEGAL ENTITY NAME] ("we", "us"), the data controller, processes your personal data when you use the Trinqu app and backend (the "Service"). We are based in Sweden and process personal data under the EU General Data Protection Regulation (GDPR).

1. Who we are

Controller: [LEGAL ENTITY NAME], [REGISTERED ADDRESS], company reg. no. [COMPANY REG. NO.]. Contact: hello@inqu.se.

2. Data we process

• Account data: email address, password (stored only as a salted hash), and optional display name.
• Profile data: sex, height, and date of birth (used to compute your basal metabolic rate), and training preferences.
• Health & fitness data synced from your intervals.icu account: wellness metrics (heart-rate variability, resting heart rate, weight, fatigue/soreness/stress/motivation), completed activities (power, pace, heart rate, training load, calories), and derived training metrics (fitness/fatigue/form, Capability Index, FTP estimates).
• Your intervals.icu API key, which you provide to let us read your training data. It is encrypted at rest.
• Technical data: a session token (stored as a hash) and basic request logs.

3. Why we process it, and our lawful basis

We process the data above to provide the Service — generating and adapting your training plan, computing your Capability Index and nutrition targets, and syncing workouts. The lawful basis is performance of a contract with you (Art. 6(1)(b) GDPR). Health and fitness data is a special category of data (Art. 9); we process it on the basis of your explicit consent, given when you connect intervals.icu, and you may withdraw it at any time by disconnecting or deleting your account.

4. Sources and processors

• intervals.icu is the source of your wellness and activity data; your use of it is governed by their own terms and privacy policy.
• Hosting is provided by Render, which stores the database on our behalf as a processor. [Confirm/update sub-processors as needed.]

We do not sell your data or use it for advertising or third-party tracking.

5. Retention

We keep your data for as long as your account is active. When you delete your account, all associated personal data is permanently removed from our database. Backups, where they exist, are cycled out within [RETENTION WINDOW, e.g. 30 days]. Expired authentication tokens are purged automatically.

6. Your rights

Under the GDPR you have the right to:

• Access and port your data — use Settings → Export my data in the app for a machine-readable copy.
• Erasure — use Settings → Delete account, which permanently removes your data.
• Rectification, restriction, and objection — contact us at hello@inqu.se.
• Lodge a complaint with the Swedish supervisory authority (Integritetsskyddsmyndigheten, IMY).

7. Security

Data is transmitted over HTTPS, passwords are hashed, your intervals.icu key is encrypted at rest, and each request is scoped to your own account.

8. Children

The Service is not directed to children. You must be at least 16 years old (or the age of digital consent in your country) to use it.

9. Changes

We may update this policy; material changes will be reflected by the date above.