Privacy Policy

This Privacy Policy applies to Triforge, a performance intelligence platform for endurance athletes, operated by:

Triforge Limited is registered with the UK Information Commissioner's Office (ICO) and operates in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For all data protection enquiries, please contact us at join@triforge.co.

We collect the following categories of personal data:

Account & Identity

• Name and email address provided at registration
• Authentication credentials (managed securely via Clerk)
• Subscription and billing information (processed via Stripe — we do not store payment card details)

Training & Performance Data

• Workout logs entered manually by you, including session type, duration, intensity, and notes
• Training data imported via connected third-party platforms (e.g. Strava, Wahoo Connect) where you have explicitly authorised the connection
• Performance metrics including heart rate, pace, power, and load scores where provided
• AI coaching interactions and session feedback you submit through the platform

Technical & Usage Data

• IP address and approximate location (country/region)
• Browser type, device type, and operating system
• Pages visited, features used, and interaction events within the platform
• Error logs and performance diagnostics

We use your personal data for the following purposes:

• Service delivery: To provide, operate, and personalise the Triforge platform, including generating AI coaching insights and training analytics based on your logged data.
• Account management: To manage your subscription, process payments, and communicate with you about your account.
• Platform improvement: To analyse usage patterns, diagnose technical issues, and improve the platform's features and performance.
• Legal compliance: To meet our obligations under UK law, including data protection, financial record-keeping, and fraud prevention.
• Communications: To send transactional emails related to your account and, where you have opted in, performance-related content updates.

We do not use your personal data for advertising profiling or share it with third parties for marketing purposes.

Under the UK GDPR, we rely on the following legal bases:

Triforge integrates with selected third-party services to deliver its functionality. Each integration is subject to its own privacy policy and terms of service:

We do not sell your personal data to any third party. We do not share your data with advertisers or data brokers. Where third-party processors handle your data, they do so under strict contractual obligations consistent with UK GDPR requirements.

Third-party integrations (such as Strava or Wahoo Connect) are optional. If you choose not to connect them, Triforge remains fully functional via manual data entry.

We retain your personal data for as long as your account is active or as required to deliver the service.

• Account and training data: Retained for the duration of your subscription and for up to 90 days after account deletion, to allow recovery requests.
• Billing records: Retained for 7 years in accordance with UK tax and financial regulation.
• Usage and diagnostic logs: Retained for up to 12 months, then anonymised or deleted.
• AI coaching interactions: Retained for service continuity and retained alongside your training data unless you request deletion.

You may request deletion of your personal data at any time. See Section 8 for your full rights.

We take data security seriously. Triforge employs the following technical and organisational measures to protect your personal data:

• Encryption in transit (TLS/HTTPS) across all platform endpoints
• Encrypted storage via Supabase's managed database infrastructure
• Strict access controls — only authorised personnel can access production systems
• Authentication handled by Clerk with industry-standard security protocols
• Regular security reviews and dependency audits

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected users without undue delay, as required by UK GDPR Article 33 and 34.

Under UK GDPR, you have the following rights regarding your personal data:

To exercise any of these rights, email us at join@triforge.co with the subject line "Data Rights Request". We will respond within 30 days.

Triforge uses a minimal set of cookies and local storage mechanisms necessary to operate the platform:

• Authentication cookies: Set by Clerk to maintain your session securely.
• Functional storage: Local browser storage used to persist UI preferences such as view mode and roadmap state. No personal data is stored in this manner.
• Analytics: We use Vercel Analytics for aggregate, anonymised performance monitoring. No individually identifiable tracking is used.

We do not use advertising cookies, tracking pixels, or behavioural analytics tools.

Triforge is not intended for users under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at join@triforge.co and we will delete it promptly.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email and update the "Last Updated" date at the top of this page.

Continued use of Triforge after changes are published constitutes acceptance of the updated policy.

For any questions, requests, or concerns regarding this Privacy Policy or how we handle your data:

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office: