Privacy Policy for the 100 Day Marathon Plan

Effective Date: 26.september 2025

Thank you for using the 100 Day Marathon Plan. Your privacy is important to us. This Privacy Policy explains how we collect, use, share, and protect your personal information, especially in relation to Garmin integration and workout synchronization.

1. Who We Are

The 100 Day Marathon Plan is operated by Dr. Marius Bakken and team, offering personalized endurance training programs via our website and mobile-friendly platform. We are committed to protecting your data and complying with applicable privacy regulations, including the GDPR (General Data Protection Regulation).

2. What Data We Collect

We may collect the following data when you use our services or connect your Garmin account:

  • Account Information: Name, email address, and basic login credentials.
  • Training Information: Your selected training plan, workout completions, and feedback.
  • Garmin Data (via Garmin Connect/Garmin Health):
    • Workout data (e.g., duration, heart rate, distance, pace, etc.)
    • Health and activity metrics (if you choose to sync them)
    • Device identifiers (e.g., Garmin device type)
    • Health API (if consented): Daily resting heart rate and HRV summary values
    • Garmin device identifiers (watch or bike computer model)
    • We do not access continuous raw HR, GPS, or sensitive health data unless explicitly required and consented to.
    • We only access resting heart rate and heart rate variability (HRV) summary data once per day, and only if you explicitly authorize it via Garmin Connect. We do not collect or store raw, continuous heart rate, GPS, or sensitive biometric data. All Garmin data access is strictly limited to the scope of improving your individual training experience.

Note: We only collect Garmin data if you explicitly authorize access through the Garmin Connect API.

3. How We Use Your Data

We use your data to:

  • Generate and deliver personalized training plans
  • Push structured workouts to your Garmin device (if authorized)
  • Monitor and improve training recommendations
  • Provide customer support and respond to inquiries
  • Maintain compliance with health, fitness, and privacy standards

We do not sell your personal data to third parties. All data is used solely for the purpose of providing and improving our training services.

4. Sharing Your Data

We may share your data with the following entities:

  • Garmin (via Connect API): to push workouts or receive your training metrics
  • Service Providers: trusted third parties who help us host, process, or manage data (e.g., secure hosting services)
  • Legal Authorities: only if required by law or in response to lawful requests

All data sharing is minimized and strictly controlled.

5. How We Protect Your Data

We use appropriate technical and organizational measures to protect your personal data, including:

  • We apply strict technical and organizational measures to protect your personal data:
  • All data transfers occur over HTTPS / TLS 1.2+
  • Garmin OAuth tokens are stored securely server-side
  • Encrypted storage of sensitive data at rest
  • Role-based access control for all staff and systems
  • Audit logging of Garmin connections and sync events
  • Daily encrypted backups and server patching schedule

6. Your Rights

If you are located in the EU/EEA or other applicable jurisdictions, you may have the right to:

  • Access the data we hold about you
  • Request correction or deletion of your data
  • Withdraw consent for Garmin integration at any time
  • Request data portability

7. Legal Basis for Data Processing

We rely on the following lawful bases under Article 6 of the GDPR:

  • Consent: For connecting your Garmin account and accessing Garmin data
  • Contractual necessity: To deliver the training services you’ve subscribed to
  • Legitimate interest: To improve our services, ensure platform security, and support customer queries
  • Legal obligation: When required to comply with laws

You may withdraw consent to Garmin access at any time (see Section 6).

To exercise these rights, please contact us at: support@100daymarathon.com

8. Data Retention

We retain your data only for as long as necessary to provide our services or as required by law. You may request deletion of your account and associated data at any time.

9. Children’s Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children without appropriate parental consent.

10. Updates to This Policy

We may update this policy from time to time. Changes will be posted on this page, and we encourage you to review it periodically.

11. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at:

Email: support@100daymarathon.com
Website: https://www.100daymarathon.com