← Drifa

Privacy Policy

Last updated: April 2026

Overview

Drifa ("we", "us", "our") is an AI-powered athlete coaching platform. This policy explains what data we collect, how we use it, and your rights. We take your privacy seriously and will never sell your personal data to third parties.

Data We Collect

  • Account data — your email address and password (stored securely via Supabase Auth)
  • Profile data — optional information you provide such as name, date of birth, height, weight, gender, and training goals
  • Activity data — training sessions synced from connected integrations (Strava, Oura, WHOOP, Polar) or logged manually in the app
  • Wellness data — recovery metrics such as sleep scores, HRV, and readiness scores from connected devices
  • Chat data — messages you send to the AI coach and responses generated

How We Use Your Data

  • To provide the Drifa service — displaying your training data and powering AI coaching recommendations
  • Your activity and wellness data is used exclusively to generate coaching insights for you personally — it is never shared with other users or third parties
  • AI coaching responses are generated using the Anthropic API. Your data is sent to Anthropic solely to generate your response and is not used to train their models
  • We do not sell, rent, or share your personal data with advertisers or data brokers

Third-Party Integrations

When you connect a third-party service (Strava, Oura, WHOOP, Polar), you authorise Drifa to access your data from that service on your behalf. We only read data — we never write to or modify your data on any connected platform.

You can disconnect any integration at any time from the Integrations page. Upon disconnection we stop syncing new data. You can request deletion of all synced data by contacting us.

Strava Data

Drifa uses the Strava API to sync your activity history. Strava data accessed through our application is used only to display your activities within Drifa and to provide personalised coaching insights. We do not share Strava data with any third parties, and we only request the minimum permissions necessary to provide the service. You can revoke Drifa's access to your Strava account at any time via your Strava settings.

Data Storage & Security

Your data is stored securely using Supabase, hosted on AWS infrastructure in the EU. We use row-level security to ensure users can only access their own data. All data is transmitted over HTTPS.

Data Retention & Deletion

We retain your data for as long as your account is active. You can request deletion of your account and all associated data at any time by emailing us. We will process deletion requests within 30 days.

Your Rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Data portability — receive your data in a machine-readable format

Medical Disclaimer

Drifa provides AI-generated coaching insights for informational purposes only. Nothing within the app constitutes medical advice. Always consult a qualified healthcare professional before making changes to your training, especially if you experience pain, injury, or have an underlying health condition.

Contact

For any privacy-related queries or data deletion requests, contact us at privacy@drifa.ai