ActivityManager

Privacy Policy

Last updated: March 13, 2026

1. Introduction

ActivityManager ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and related services (collectively, the "Service").

2. Information We Collect

Account Information

When you create an account, we collect your email address and name. You can sign up using email and password, passwordless magic link, or third-party providers (Google, Strava) via Firebase Authentication—we do not store passwords directly.

Fitness & Activity Data

When you connect third-party fitness services (Strava, Garmin Connect, COROS), we receive and store activity data such as workout summaries, GPS routes, heart rate data, lap splits, and other metrics provided by those services. We also store any activity files (e.g., .FIT, .GPX, .TCX files) you upload directly. Activities are enriched with weather and air quality data (temperature, humidity, wind, precipitation, and pollutant levels) sourced from OpenWeatherMap.

Billing & Payment Data

If you subscribe to a paid plan, payment processing is handled by Stripe. We store your Stripe customer ID and subscription status but do not store credit card numbers or full payment details directly—these are held securely by Stripe. Please refer to Stripe's Privacy Policy for details on how they handle your payment information.

Usage & Analytics Data

We use PostHog for product analytics. With your consent, we collect anonymized usage data such as page views, feature interactions, and session information. We do not collect analytics data unless you provide explicit consent via our cookie banner.

Technical Data

We automatically collect certain technical information including your IP address, browser type, device type, and operating system. This data is used for security, debugging, and service improvement purposes.

3. How We Use Your Information

  • To provide, operate, and maintain the Service
  • To sync and display your fitness activities from connected platforms
  • To enrich activities with weather and air quality data
  • To apply automation rules you configure (e.g., auto-matching workouts to activities)
  • To process payments and manage your subscription
  • To render maps displaying your GPS routes and activity data
  • To generate heatmaps and sharing cards when you opt in to those features
  • To send transactional emails related to your account and connected services
  • To analyze usage patterns and improve the Service (with your consent)
  • To detect, prevent, and address technical issues and security threats
  • To respond to your support requests and inquiries

4. Third-Party Integrations & Data Sharing

We integrate with the following third-party services to provide our core functionality:

  • Strava — We access your Strava activities via their API using OAuth authorization. Data flows are governed by Strava's Privacy Policy.
  • Garmin Connect — We receive activity data via Garmin's webhook push API. Data flows are governed by Garmin's Privacy Policy.
  • COROS — We receive activity data via COROS API integration.
  • Stripe — Used for payment processing and subscription management. Your payment information is handled directly by Stripe and governed by Stripe's Privacy Policy.
  • Firebase — Used for authentication via Google Identity Platform.
  • Mapbox — Used to render maps and display GPS routes. Your location data is sent to Mapbox for map rendering and is governed by Mapbox's Privacy Policy.
  • OpenWeatherMap — Used to enrich activities with weather and air quality data. Location coordinates and timestamps are sent to retrieve relevant weather information.
  • Resend — Used to deliver transactional emails such as contact form submissions.
  • Cloudflare Turnstile — Used for bot protection on our contact form. Governed by Cloudflare's Privacy Policy.
  • PostHog — Used for consent-based product analytics and error tracking.

We do not sell your personal data to third parties. We only share data with the services listed above as necessary to provide the Service.

5. Cookies & Tracking

We use essential cookies for authentication and session management. Analytics cookies (PostHog) are only activated after you provide explicit consent through our cookie consent banner. You can withdraw your consent at any time by clearing your cookies or adjusting your browser settings.

6. Privacy Zones & Heatmaps

You can create privacy zones to exclude specific geographic areas from heatmaps and to redact the start and end of activity routes. If you opt in to the global heatmap feature, anonymized GPS traces from your activities are contributed to a shared heatmap visible to other users. Privacy zones are always respected when generating heatmaps. You can opt out of the heatmap feature at any time—when you do, your heatmap data is deleted immediately.

7. Data Retention

We retain your account and activity data for as long as your account is active. You can delete your account at any time from the Account settings page. When you delete your account:

  • Deleted immediately: Personal information (name, email, profile image), authentication tokens, gear, rules, workouts, training plans, routes, goals, privacy zones, connected sources, and active subscriptions.
  • Activity and GPS data: By default, all data including activities and GPS data is permanently deleted. You may optionally consent to your activity data being retained in anonymized, non-identifiable form for aggregate features such as global heatmaps.

Backup copies may persist for up to 90 days after deletion.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), encryption at rest, and secure access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Security Vulnerability Reporting

If you discover a security vulnerability in our Service, please report it responsibly by contacting us at support@activitymanager.com.au. We will acknowledge your report within 48 hours and work with you to understand and address the issue.

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate or incomplete data
  • Deletion — Request deletion of your personal data and account
  • Portability — Request your data in a machine-readable format
  • Objection — Object to processing of your personal data for certain purposes
  • Restriction of Processing — Request that we limit the processing of your personal data in certain circumstances, such as while we verify its accuracy or evaluate an objection
  • Withdraw Consent — Withdraw consent for analytics data collection at any time

To exercise any of these rights, please contact us through our contact page.

11. Children's Privacy

The Service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected data from a child under 16, we will take steps to delete that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at support@activitymanager.com.au or visit our contact page.

We use cookies and analytics to improve your experience. You can accept or decline non-essential cookies.