Privacy

Privacy Policy

Last updated: April 2026

We've written this policy in plain English. It explains what data we collect, why we collect it, and what you can do about it. If anything is unclear, email us and we'll explain.

1. Who we are

TAPERZONE is a training analytics platform for endurance athletes, operated by TAPERZONE LTD (company number 17145291), registered in England and Wales. TAPERZONE LTD acts as the data controller for all personal data collected through this service. We process your data in accordance with the General Data Protection Regulation (GDPR).

For any questions about this policy or to exercise your rights, contact us at support@taperzone.com.

2. What data we collect and why

Account data

Your name and email address, collected when you register. Used to identify your account and communicate with you.

Garmin Connect data

When you connect your Garmin account via OAuth, we request access to your activity data including heart rate streams, GPS data, training load metrics, and workout history. This connection is entirely opt-in — no Garmin data is collected unless you choose to connect your account. GPS and location data is accessed only through this connection and is not independently collected by TAPERZONE. Your data within Garmin's own systems remains subject to Garmin's privacy policy. Data received by TAPERZONE is processed solely by us — Garmin has no responsibility for how we use it.

Strava data

If you connect Strava instead of or alongside Garmin, we collect equivalent activity data for the same analytical purposes. The same principles apply as described above for Garmin data.

Payment data

Handled entirely by Stripe. We do not store your card details. We receive confirmation of payment status only.

Coach/athlete relationship data

If you are an athlete connected to a coach on TAPERZONE, your training data is visible to your coach. You control this — data is only shared with a coach after you accept their invitation, and you can disconnect at any time via your account settings.

In-app messages

Messages exchanged between coaches and athletes are stored to provide the messaging feature and maintain conversation history. Messages are deleted within 30 days of account deletion.

3. Legal basis for processing

We process your data on the following grounds under GDPR:

  • Contract — to provide the core TAPERZONE service: your account, training analytics, coach connections, and messaging.
  • Consent — connecting your Garmin or Strava account and sharing data with a coach both require your active consent. You can withdraw either at any time via your account settings.
  • Legitimate interests — security logging and fraud prevention, where these do not override your rights and interests.

4. Third-party data processors

We use the following third-party services to operate TAPERZONE. Where these services process personal data on our behalf, we have data processing agreements in place.

  • Google Firebase — authentication, database storage, and hosting. Your data is stored on Firebase servers in London (europe-west2). Google acts as a data processor under our instructions and under Standard Contractual Clauses.
  • Stripe — payment processing. Stripe is an independent data controller for payment data.

Garmin and Strava are data sources, not processors — they provide data to TAPERZONE with your permission. Their respective privacy policies govern data held within their own systems.

We do not sell your data to any third party.

5. Data security

TAPERZONE implements the following technical and organisational measures to protect your personal data:

  • All data is encrypted in transit using TLS.
  • Data at rest is encrypted within Google Firebase infrastructure.
  • Access controls are in place at the infrastructure level to prevent unauthorised access.
  • In the event of a personal data breach, we will notify affected users within 72 hours of becoming aware of it, and report to the relevant supervisory authority as required.

6. How long we keep your data

We retain your account data and activity data for as long as you have an active TAPERZONE account. If you delete your account, we delete your personal data within 30 days. Anonymised, aggregated data (with no link to you personally) may be retained for product improvement purposes, such as understanding feature usage patterns.

7. Your rights

Under GDPR you have the right to:

  • Access — request a copy of the data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data. You can also do this yourself by deleting your account.
  • Portability — request your data in a machine-readable format.
  • Withdraw consent — disconnect your Garmin or Strava account, or disconnect from a coach, at any time via your account settings.
  • Restriction — request that we pause processing of your data, for example while you contest its accuracy or the basis on which we are processing it.
  • Object — you have the right to object to processing carried out under our legitimate interests basis. Contact us at support@taperzone.com to raise an objection.
  • Complain — if you believe we've handled your data incorrectly, you can raise a complaint with the UK's data protection authority, the Information Commissioner's Office (ICO).

8. Cookies

We use essential cookies only — to keep you logged in and maintain your session. We do not use advertising or tracking cookies.

9. Changes to this policy

If we make material changes to this policy we will notify you by email and update the date at the top of this page. We will give you reasonable notice of any material changes before they take effect.

Contact us

For any privacy questions or to exercise your rights, email support@taperzone.com.