Privacy Policy

1. Who We Are

ErgManiac is operated by Dominik Dragicevic, based in Croatia. When we say "we", "us", or "our", we mean the operator of ErgManiac. When we say "you" or "your", we mean you as a user of our service.

For any privacy-related questions, contact us via our contact form.

2. What Data We Collect

2.1 Account Information

When you create an account, we collect your email address, name (optional), and password. If you sign in with Google, we receive your Google account ID, name, email, and profile picture from Google.

2.2 Profile Information

You may optionally provide your birth year, gender, weight, height, maximum heart rate, and resting heart rate. This data is used to personalize your training plans and workout analysis.

2.3 Workout Data

We store your rowing workout data, including distance, time, split times, stroke rate, heart rate, calories, drag factor, and interval details. This data may come from:

• Manual entry
• Concept2 Logbook sync (if you connect your C2 account)
• Screen photo scans (images are stored temporarily for processing)

2.4 Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card number, CVV, or full payment details. We only store a Stripe customer ID and subscription ID to manage your plan.

2.5 AI Interaction Data

When you use AI features (training plans, workout analysis, Ask Coach), relevant workout data and profile information is sent to our AI provider to generate personalized responses. We track the number of AI requests and associated costs per month.

2.6 Scan Images

When you scan your Concept2 screen, the uploaded images are stored in AWS S3 (EU region) for processing. Images are associated with your account and used solely for workout data extraction.

2.7 Analytics & Cookies

We use Google Tag Manager for analytics. No tracking cookies are set unless you give explicit consent via our cookie banner. You can accept or reject analytics and advertising cookies at any time. We also store your cookie consent preference in your browser's local storage.

3. How We Use Your Data

We use your data to:

• Provide and maintain the ErgManiac service
• Generate personalized training plans and workout analysis
• Sync workouts from Concept2 Logbook and publish to Strava
• Process payments and manage your subscription
• Send transactional emails (verification, password reset, welcome)
• Calculate personal bests, analytics, and fitness trends
• Improve our service based on aggregated, anonymized usage patterns

We do not sell your personal data. We do not use your data for advertising.

4. Third-Party Services

We share data with the following third-party services only as necessary to provide our service:

5. Data Storage & Security

Your data is stored in a PostgreSQL database hosted on AWS in the EU (Frankfurt, eu-central-1). Scan images are stored in AWS S3 in the same region. All data is transmitted over HTTPS with TLS encryption.

Passwords are hashed before storage. OAuth tokens for third-party services are stored encrypted in our database. We do not store full payment card details - this is handled by Stripe.

6. Data Sharing

If you choose to share a workout, a unique share link is generated. Anyone with the link can view that specific workout's data. You can unshare a workout at any time to revoke public access.

If you enable Strava auto-publish, your workouts are automatically posted to your Strava account. You can disable this at any time from Settings.

We do not sell, rent, or share your personal data with third parties for their marketing purposes.

7. Your Rights (GDPR)

If you are in the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

• Access - request a copy of your personal data
• Rectification - correct inaccurate personal data
• Erasure - request deletion of your personal data
• Restriction - restrict processing of your data
• Portability - receive your data in a machine-readable format
• Objection - object to processing of your data
• Withdraw consent - withdraw consent for analytics cookies at any time

To exercise any of these rights, please contact us. We will respond within 30 days.

8. Data Retention

We retain your account data and workout history for as long as your account is active. You can delete individual workouts and training plans at any time. You can disconnect third-party integrations (Concept2, Strava) at any time, which removes stored access tokens.

If you request account deletion, we will delete all your personal data, workout history, training plans, and associated files within 30 days. Anonymized, aggregated data may be retained for service improvement.

9. International Data Transfers

Your data is primarily stored and processed within the European Union (AWS Frankfurt). When you use AI features, your workout and profile data is sent to Anthropic's servers in the United States for processing. This transfer is necessary to provide the AI coaching service. Anthropic does not retain or use API data for model training.

10. Children's Privacy

ErgManiac is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our website. The "Last updated" date at the top of this page indicates when it was last revised.