ThresholdThreshold

Privacy Policy

Last updated: February 20, 2026

1. Information We Collect

Account Information

When you sign in with Google or Apple, we receive your name and email address. We do not receive or store your password.

Health & Fitness Data

With your permission, Threshold reads the following data from Apple Health (HealthKit):

  • Body measurements (weight, body fat percentage)
  • Heart data (heart rate, resting heart rate, heart rate variability, VO2 max)
  • Sleep analysis
  • Blood pressure, respiratory rate, and blood oxygen saturation
  • Workouts and active energy burned

Threshold may also write weight and workout data back to Apple Health so your records stay in sync.

Connected Services

If you connect Garmin or Strava, we sync your activities, biometrics, and training data through their APIs. Garmin credentials are encrypted with AES-256-GCM and stored on our servers solely for syncing. Strava uses OAuth and we only store access tokens.

Data You Enter

This includes workouts, food logs, mood check-ins, body metrics, goals, and any text you provide to the AI coach.

Device Information

We collect a device token for push notifications. We do not collect device identifiers for advertising or tracking.

2. How We Use Your Data

  • Provide personalized training insights, readiness scores, and nutrition tracking
  • Power AI coaching, workout generation, and food estimation features
  • Send push notifications (morning briefings, workout reminders, streak milestones) that you can disable in settings
  • Improve the service and fix bugs

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.

3. Apple Health (HealthKit) Data

Threshold accesses Apple Health data solely to provide fitness tracking and health insights within the app. In accordance with Apple's guidelines:

  • HealthKit data is not sold to advertising platforms, data brokers, or any third party
  • HealthKit data is not used for advertising or marketing
  • HealthKit data is not shared with third parties without your explicit consent
  • HealthKit data is stored securely and transmitted only over HTTPS

You can revoke HealthKit access at any time in iOS Settings > Privacy & Security > Health.

4. AI & Third-Party Services

When you use AI-powered features (coaching advice, workout generation, food estimation), relevant context (recent activities, biometrics, goals, mood) is sent to our AI provider (OpenRouter / OpenAI) to generate a response. This data is:

  • Sent over encrypted connections (HTTPS)
  • Used only to generate your response — not used to train AI models
  • Not stored by the AI provider beyond the duration of the request (per their data processing agreements)

We also integrate with the following services, each governed by their own privacy policies:

  • Garmin Connect — activity and biometric syncing
  • Strava — activity syncing via OAuth
  • USDA FoodData Central and Open Food Facts — food nutrition lookup
  • OpenWeatherMap — running weather conditions

5. Data Storage & Security

Your data is stored on managed PostgreSQL databases hosted by Vercel / Neon. All data is transmitted over HTTPS. Third-party credentials (Garmin) are encrypted using AES-256-GCM at rest. We follow industry-standard security practices to protect your data from unauthorized access.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, all associated data is permanently removed from our servers within 30 days. Backups containing deleted data are purged on a rolling 90-day cycle.

7. Account Deletion

You can delete your account and all associated data directly within the app under Profile > Delete Account. Deletion is immediate and irreversible. This removes all your workouts, food logs, biometrics, goals, and personal information from our servers.

8. Children's Privacy

Threshold is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (see Section 7)
  • Export your data
  • Withdraw consent for optional data processing

To exercise these rights, contact us at [email protected].

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via in-app notification or email. Continued use of the app after changes constitutes acceptance of the updated policy.

11. Contact

For questions or concerns about this privacy policy, contact us at [email protected].

Terms of Service