Privacy Policy

Last updated: May 6, 2026

1. Introduction

BEINA ("we", "our", or "us") is operated by Veipha SAS, a French société par actions simplifiée registered under SIREN 993 855 154. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI coaching platform and websites at beina.ai and app.beina.ai.

2. Information We Collect

We collect account information (email address, optional name, account preferences and settings, and the target event(s) you are training for). With your permission, we collect Strava data when you connect your Strava account — your athlete profile (name, ID), activity data (rides, runs, workouts), activity metrics (distance, duration, elevation, heart rate, power), and activity timestamps and locations. With your permission, we collect Garmin Connect data when you connect your account — activity data and metrics (workouts, rides, runs), daily health metrics (resting heart rate, HRV, body battery, stress), sleep data, and recovery and fitness indicators. We also collect training data: training plans and session completion, race goals and preferences, AI coaching analysis results, predictions, and conversation history with the BEINA Coach, and race history and past results you choose to share.

3. How We Use Your Information

We use your information to provide personalised, event-specific training plans; generate AI-powered race readiness predictions and coaching insights; analyse your training history to identify gaps, fatigue, and progression; send you updates about your training and race preparation (with your consent); and improve our services and develop new features.

4. Third-Party Services

We use the following third-party services to deliver BEINA. Strava: we integrate with Strava's API to import your activity data; you can disconnect at any time from your account settings (see Strava's Privacy Policy at strava.com). Garmin Connect: we integrate with the Garmin Connect Developer Program APIs to import your activity, health, and (where applicable) women's health data, collected via webhook push from Garmin's servers (Activity, Health, and Women's Health APIs, plus User Deregistration and User Permissions endpoints); it is used solely to deliver personalised coaching to the individual user who connected the account, processed on our own infrastructure and, for AI analysis, by Anthropic's Claude API as a sub-processor (Anthropic does not train models on user data via their API), stored in our Railway PostgreSQL database in the Netherlands (EU) with TLS in transit and restricted access, and retained until you disconnect Garmin or delete your account, after which it is deleted within 30 days except where retention is required by law; we do not sell it, share it beyond the named sub-processors, or aggregate it for resale, and you can disconnect at any time. Anthropic (Claude AI): we use Claude to generate training analysis, predictions, and coaching conversations; Anthropic does not train models on your data when used via their API. Supabase: user authentication. Hosting (Railway and Vercel): our application is hosted on Railway (database and API) and Vercel (web app and marketing site), each processing your data only as required to deliver the service.

5. Data Storage and Security

Your data is stored securely on servers hosted by Railway (PostgreSQL database, Europe — Netherlands) and Vercel (web). We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal purposes (e.g., financial records under French and EU law).

7. Your Rights

Under the GDPR, you have the right to access (request a copy of your personal data), correction (request correction of inaccurate data), deletion (delete your account and associated data), disconnect (disconnect third-party services like Strava or Garmin at any time), export (request an export of your data), and object (object to processing or request restriction). You may also lodge a complaint with the CNIL (French data protection authority) at cnil.fr. To exercise these rights, visit your account settings or contact us at the email below.

8. Cookies

We use essential cookies for authentication and session management. We do not use tracking cookies or sell your data to advertisers.

9. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal information from children under 16.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy, please contact us at angus@veipha.com.
Data Controller: Veipha SAS, 39 Chemin de l'Indiennerie, 69450 Saint-Cyr-au-Mont-d'Or, France. SIREN 993 855 154.