Theron Triathlon - Privacy Statement
Effective Date: 2025-11-14
Theron ("Theron," "we," "us," or "our") is committed to protecting the privacy of your personal and sensitive training data. As an EU-based company, we process all data in compliance with the General Data Protection Regulation (GDPR) and local Dutch law. This statement explains what data we collect, how we use it, and your rights concerning your information.
1. Data Controller & Contact Information
Data Controller: Theron B.V.
Email for Privacy Enquiries: hello@theron.app
2. The Data We Collect and Why (Purpose and Legal Basis)
We collect data only as necessary to provide, maintain, and improve the Theron Triathlon Training Service.
| Data Category | Specific Data Collected | Purpose of Collection | Legal Basis (GDPR) |
|---|---|---|---|
| Identity Data | Name, Email Address, Password (encrypted) | To create and secure your user account. | Contract (Processing necessary for the performance of the service agreement) |
| Health & Fitness Data (Sensitive) | From Apple Health, Garmin Connect, and Strava: Activity data (e.g., swim, bike, run), duration, distance, pace, power, heart rate, GPS routes, resting heart rate, sleep data, FTP/threshold values. | To generate, customize, and display your personalized triathlon training plans and performance analytics. | Consent (Explicit consent is required for processing sensitive health data) |
| Configuration Data | Training preferences, current fitness level, goal races, app settings. | To configure the service to your specific needs. | Contract |
| Technical Data | IP address, device type, operating system, app version, time zone. | To ensure the app functions correctly and for security and debugging. | Legitimate Interest (Necessary for operational security and service maintenance) |
3. How We Get Your Data (Third-Party Integrations)
Theron relies on your explicit consent to access data from the following third-party services:
- Apple Health: We request permission to read your workouts, heart rate, and other relevant health metrics.
- Garmin Connect: We connect via the Garmin API to import your completed activities and relevant physiological data.
- Strava: We connect via the Strava API to import your completed activities and related data.
You can revoke Theron's access to your data through the settings of these respective third-party platforms at any time. Revoking access may prevent the Theron app from functioning as intended.
4. How We Use and Share Your Data
4.1 Use of Data (Purpose Limitation)
We use your personal data only for the following purposes:
- Service Provision: To deliver your customized training plans and performance analysis.
- Communication: To send you service-related notifications, updates, and essential alerts about your account.
- Product Improvement (Future): We may use aggregated and anonymized data (data where all identifying information has been stripped) for internal research, analytics, and to develop and improve our services and features.
- Marketing: We will only send you marketing communications (e.g., email newsletters) if you have provided explicit, separate consent for that purpose. You can withdraw this consent at any time.
4.2 Sharing of Data (No Third-Party Access)
We do not sell, rent, or share your personal training data with any third parties for commercial or marketing purposes. Your data is not shown to any other user, as Theron does not have social features (e.g., leaderboards or public profiles).
We may only disclose data if legally required to do so by law enforcement or government authorities.
5. Data Security and Location
Security: We implement appropriate technical and organizational measures (e.g., encryption, access controls) to protect your data against unauthorized access, alteration, disclosure, or destruction.
Location: As an EU-based company, all your personal and training data is stored on servers located within the European Union (EU) or the European Economic Area (EEA), ensuring compliance with GDPR data protection standards.
6. Data Retention and Deletion (Your Rights)
We do not intend to keep your data longer than is necessary.
Account Deletion: If you delete your Theron account, we will immediately initiate the deletion of all identifiable personal data.
Anonymization Policy: To support service analytics and legal auditing requirements, we will anonymize your core training data upon account deletion and retain this anonymized data for an allowed period as per our internal retention policy. Anonymized data cannot be linked back to you.
7. Your Rights Under GDPR
As a user of Theron, you have the following rights concerning your personal data:
| GDPR Right | Description |
|---|---|
| Right of Access | You have the right to request a copy of the personal data we hold about you. |
| Right to Rectification | You have the right to have inaccurate or incomplete data corrected. |
| Right to Erasure ('Right to be Forgotten') | You have the right to request the deletion of your personal data. |
| Right to Restriction of Processing | You have the right to request that we limit the way we use your data. |
| Right to Data Portability | You have the right to receive your data in a structured, commonly used, machine-readable format. |
| Right to Object | You have the right to object to the processing of your data, including processing for marketing purposes. |
To exercise any of these rights, please contact us at hello@theron.app.
8. Age Restriction (Children's Privacy)
Theron is not intended for children. We do not knowingly collect or solicit any information from anyone under the age of 16. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly.
9. Changes to This Privacy Statement
We may update this Privacy Statement periodically to reflect changes in our data practices or legal requirements. We will notify you of any material changes by posting the new statement on the app or by sending an email notification.