MinoAI Endurance Coach

Privacy Policy

Last updated: April 20, 2026

1. Who We Are

Mino ("we", "our", "us") is an AI-powered endurance coaching service available at mino.live. We help runners and endurance athletes train smarter by combining Garmin biometric data, Strava activity data, weather forecasts, and a conversational AI coach. For any privacy-related questions, contact us at hello@mino.live.

2. Data We Collect

We collect only what is necessary to provide the service:

  • Account data — email address and password (managed via Supabase Auth).
  • Profile data — name, sport type, training goals, and timezone you provide during onboarding.
  • Garmin data — HRV, Readiness score, Body Battery, sleep quality, stress levels, and activity details (pace, heart rate, power, laps) synced from your Garmin Connect account. We store Garmin credentials in encrypted form and never log raw tokens.
  • Strava data — activity data (type, distance, duration, pace, heart rate, power, cadence) fetched from your Strava account via OAuth 2.0 with the activity:read_all scope. We store your Strava access and refresh tokens to enable ongoing sync. Tokens are stored server-side and never exposed to the browser. We receive new activities automatically via Strava webhooks. We do not write any data back to Strava.
  • Conversation history — messages exchanged with the AI coach, used to provide personalised and contextual responses.
  • Subscription data — plan status and billing events processed via Stripe. We do not store full card numbers; Stripe handles payment data under their own PCI-compliant infrastructure.
  • Push notification tokens — browser push subscription endpoints, used only to deliver your daily briefings and alerts.
  • Usage data — message counts and feature usage, used to enforce plan limits and improve the service.

3. How We Use Your Data

  • To provide and personalise the AI coaching service.
  • To generate your daily briefing and weekly training report.
  • To process payments and manage your subscription.
  • To send push notifications you have explicitly opted into.
  • To enforce plan limits (e.g. 10 messages/week on Free) and prevent abuse.
  • To improve the service through aggregated, anonymised usage analysis.

We do not sell your data to third parties. We do not use your data for advertising purposes.

4. Third-Party Services

We rely on the following sub-processors to operate the service:

  • Supabase — database, authentication, and file storage (EU region).
  • Google Gemini — AI language model used to generate coaching responses. Your conversation context is sent to Google's API for inference.
  • Garmin Connect — biometric and activity data is fetched from your Garmin account with your explicit authorisation.
  • Strava — activity data is fetched from your Strava account via OAuth 2.0 with your explicit authorisation. Strava also sends real-time activity notifications to our backend via webhooks. Strava's Privacy Policy applies to data held by Strava.
  • Stripe — payment processing. Stripe's privacy policy applies to billing data.
  • Open-Meteo — weather data fetched by location. No personal identifiers are sent.
  • Render / Vercel — cloud hosting for the backend and frontend respectively.

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance reasons (e.g., billing records). Garmin credentials are deleted immediately upon disconnecting your Garmin account.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Object to or restrict certain processing activities.
  • Data portability — receive your data in a structured, machine-readable format.

To exercise any of these rights, email us at hello@mino.live. We will respond within 30 days.

7. Security

We use industry-standard security measures including encrypted connections (HTTPS/TLS), encrypted storage of sensitive credentials, and Row Level Security (RLS) on all database tables to ensure users can only access their own data. No system is perfectly secure; if you discover a vulnerability, please disclose it responsibly to hello@mino.live.

8. Cookies

Mino is a Progressive Web App (PWA). We use only essential session cookies required for authentication (managed by Supabase). We do not use tracking or advertising cookies.

9. Children's Privacy

Mino is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

11. Contact

For any questions about this Privacy Policy or your data, contact us at hello@mino.live.