Zone Training Log
Web App

Privacy Policy

Effective date: May 18, 2026
Last updated: May 21, 2026

1. Overview

Zone Training Log (“Zone Trainer,” “we,” “us”) is designed around a local-first training log. Your phone reads health data only with your permission, keeps detailed workout processing on the device, and syncs workout history to the Zone Trainer web backend only when you connect an account or use features that require a backend service.

Some features can still contact our backend before account linking, such as device registration, subscription verification, abuse prevention, optional AI workout suggestions, and rewarded ad verification. This policy explains those cases, what changes after account connection, and how the iOS app, Android app, and website at https://zonetraininglog.com handle data.

2. Who We Are

Controller: Code Marketer s.r.o.
Contact email: ondrej@sevcik.dev
Address: Na Nabrezi 231/6, Havirov, 736 01, Czech Republic

3. Platform Privacy Model

A) iOS Before Connecting to Web

The iOS app reads Apple Health data only after you grant HealthKit permission. It can read workouts, heart rate, workout routes when available, resting heart rate, energy, distance, effort metrics, running and cycling power, and date of birth where needed for zone calculations. It can write manual workouts and effort values back to Apple Health when you choose to create or update them.

Before you connect a Zone Trainer web account, your detailed workout history is not synced to the Zone Trainer account backend. Workout calculations, summaries, tags, zones, colors, and app settings are stored on the device. Some iOS metadata and settings may also sync through your private Apple iCloud account using CloudKit or iCloud key-value storage, governed by Apple's terms.

The iOS app may still register the device with our backend before account linking. Device registration uses an app install identifier stored in the Keychain, App Attest, app version, and token state so we can protect the service, check entitlement and AI availability, and prevent abuse. The backend stores a hashed form of the install identifier rather than the raw value.

B) iOS After Connecting to Web

When you connect the iOS app to a Zone Trainer web account, the app can sync a cross-platform training mirror so your log is available across iOS, Android, and web. Synced data can include zone profiles, tags, activity colors, planned workouts, workout titles and notes, workout type, start and end time, duration, effort, average and maximum heart rate, distance, pace, elevation, energy, zone metrics, and a compact heart-rate preview series.

Account sync does not upload every raw heart-rate sample and does not upload full HealthKit routes as part of the normal cross-platform workout mirror. HealthKit remains the iOS source for health records; the backend stores the account-linked mirror needed for web and cross-device use.

C) Android Before Connecting to Web

The Android app reads Health Connect data only after you grant Health Connect permission. It can read exercise sessions, heart rate, distance, elevation, and calories, including background health data when you allow it. It can write manual exercise sessions to Health Connect when you create them in the app.

Before you connect a Zone Trainer web account, your detailed workout history is not synced to the Zone Trainer account backend. The Android app keeps a local database and preferences for workouts, summaries, zones, tags, colors, metadata, planned workouts, sync state, account state, and subscription cache. Health records remain managed by Health Connect and the source apps that wrote them.

The Android app may still register the device with our backend before account linking. Device registration uses a generated backend install identifier, Play Integrity in production builds, app version, package information, and token state so we can protect the service, check entitlement and AI availability, and prevent abuse. The backend stores a hashed form of the install identifier rather than the raw value.

D) Android After Connecting to Web

When you connect the Android app to a Zone Trainer web account, the app can sync the same cross-platform training mirror used by iOS and web. Synced data can include zone profiles, tags, activity colors, planned workouts, workout titles and notes, workout type, start and end time, duration, effort, average and maximum heart rate, distance, pace, elevation, energy, zone metrics, and a compact heart-rate preview series.

Account sync does not upload every raw heart-rate sample. Health Connect remains the Android source for health records; the backend stores the account-linked mirror needed for web and cross-device use.

E) Web Account and Website

The web app stores account data needed to sign you in, link devices, show synced workouts, manage planned workouts, maintain entitlements, and operate account sync. This can include your email address, linked device records, subscription and entitlement state, training mirror data, planned workouts, metadata overrides, AI consent state, AI usage counters, and generated AI results.

The marketing website uses analytics and advertising pixels only after you accept analytics cookies. Lead signup forms store your email address, consent state, privacy-policy version accepted, page and campaign context, user agent, and a hashed IP address for abuse prevention and attribution.

4. Data We Collect

A) Health Data

With your permission, the iOS app reads and writes Apple HealthKit data and the Android app reads and writes Health Connect data such as:

  • Workouts, exercise sessions, and activity details
  • Heart rate samples
  • Distance, pace, speed, elevation, energy, source app, device name, and related metrics where available
  • Effort ratings and related metrics
  • Route or location data on iOS when available and when route features are used
  • Manual workouts you create in Zone Trainer and choose to write to HealthKit or Health Connect

We use this data to compute training zones, summaries, route displays, and your training log. We do not use HealthKit or Health Connect data for advertising or marketing.

B) App Content You Create

  • Manual workouts
  • Workout titles, descriptions, tags, notes, and labels
  • Activity color preferences
  • Zone definitions and settings
  • Planned workouts and AI prompt inputs you choose to enter

C) Account, Device, Usage & Settings

  • App preferences (e.g., appearance, configuration)
  • Feature state and local settings
  • Account-linking state, email address used for sign-in, and sync status
  • Device identifiers and authentication state used for device registration, account sync, App Attest, Play Integrity, fraud prevention, and abuse prevention
  • Device-linked AI consent status and accepted privacy-policy version
  • Website cookie consent state, lead signup consent, campaign context, referrer, user agent, and hashed IP address when you submit website forms

D) Purchases

We use Apple StoreKit on iOS and Google Play Billing on Android to process purchases. We do not receive or store your payment card information. We may store subscription status, entitlement state, purchase source, expiration dates, and limited purchase verification identifiers returned by Apple or Google.

If you delete your Zone Trainer account through our self-service deletion page, we delete Zone Trainer purchase entitlement and server transaction rows tied to that account. Apple App Store and Google Play purchase records remain managed by Apple and Google for billing, tax, refund, dispute, and fraud handling. If you delete synced server data while keeping your account, we retain minimal purchase entitlement data so your account can still reflect paid access after you relink a device.

E) AI and Rewarded Ad Data

If you accept the current AI privacy terms and use AI workout suggestions, the app may send recent workout context, planned workouts, workout titles, workout descriptions, durations, heart rate summaries, pace, elevation, effort, tags, zone metrics, and the AI prompt text you enter to our backend and to OpenAI to generate a suggestion.

For free-tier AI generations, we also use Google AdMob rewarded ads. AdMob may process ad request data, device and app identifiers, reward verification callback data, and related anti-fraud information to deliver and verify rewarded ads.

5. How We Use Data

  • Sync and display workouts, summaries, and zones
  • Calculate time-in-zone metrics
  • Authenticate devices and linked accounts
  • Mirror account-linked workouts, metadata, settings, and planned workouts across Android, iOS, and web
  • Restore purchases and entitlements
  • Generate AI workout suggestions when you explicitly use AI features
  • Verify rewarded ads required for free-tier AI generations
  • Remember website cookie choices and process lead signup requests
  • Provide customer support
  • Improve app reliability and performance (diagnostics only)

6. Data Sharing

We do not sell your personal data. We only share data with:

  • Apple platform services such as HealthKit, iCloud, StoreKit, App Store services, and App Attest
  • Google platform services such as Health Connect, Google Play services, Google Play Billing, Play Integrity, and AdMob rewarded ads
  • Cloud infrastructure and authentication providers that host, secure, and operate the Zone Trainer backend
  • OpenAI, to generate AI workout suggestions that you request
  • Analytics and advertising measurement providers only after you accept analytics cookies on the website

We may also share data if required by law or to protect our legal rights.

7. Data Storage, Security & Retention

  • Detailed workout processing starts locally on your device.
  • On iOS, some metadata and settings may be stored in your private iCloud account through CloudKit or iCloud key-value storage, governed by Apple's policies.
  • On Android, Health Connect records remain in Health Connect and connected provider apps. Zone Trainer keeps a local app database and preferences for workouts, summaries, zones, tags, colors, metadata, sync state, planned workouts, account state, and subscription cache.
  • If you link an account or use web sync, our backend stores the account-linked training mirror needed for cross-platform use: linked devices, account identifiers, zone profiles, workout mirrors, metadata overrides, tags, activity colors, planned workouts, subscription state, AI consent, AI usage, and generated workout results.
  • Normal account sync does not upload every raw heart-rate sample and does not upload full HealthKit routes as part of the cross-platform workout mirror. It uses summarized workout metrics and a compact heart-rate preview.
  • Device install identifiers are hashed before backend storage where applicable. Device access tokens are short-lived, and refresh tokens are stored server-side as token hashes.
  • We transmit personal and sensitive data using modern cryptography such as HTTPS and limit backend access to what is needed to operate and support the service.
  • Short-lived AI request state and generated results may be retained briefly to finish reward verification, recover interrupted requests, and return the result to your device.
  • AI request events, daily usage counters, and generated result records may be retained as needed to enforce limits, provide the feature, debug failures, and prevent abuse.
  • We retain personal data only as long as needed to provide app functionality, meet legal obligations, resolve disputes, protect the service, and honor your choices.
  • You can delete the app to remove local app data. iCloud data is managed by Apple. Health Connect data is managed in Health Connect or the source app. Account-linked backend data can be removed through the self-service Zone Trainer deletion page.

8. Your Choices

  • HealthKit access: You can grant or revoke iOS access at any time in Settings > Health.
  • Health Connect access: You can grant or revoke Android access in Android Settings or the Health Connect app.
  • Account sync: You can use the app without linking an account. If you link an account, you can use /delete-account to delete your Zone Trainer account and account-linked backend data, or to delete synced server data while keeping your login account.
  • AI consent: You can accept or revoke AI access in the app. If you do not accept the current AI privacy terms, AI features stay disabled.
  • Purchases: Manage iOS subscriptions in Settings > Apple ID > Subscriptions and Android subscriptions in Google Play.
  • Website cookies: You can accept or decline analytics cookies on the website. Essential cookies needed for sign-in and consent storage may still be used.
  • Data deletion: You can delete the app, use local reset tools where available, manage HealthKit or Health Connect data in system settings, or use /delete-account to remove Zone Trainer server-held account, sync, provider, device, AI, and token data.

9. Provider Connections

Apple Health and Health Connect data reaches Zone Trainer through the paired iOS and Android apps after you grant platform permissions. Strava and Garmin provider connections are not currently enabled in the public service. If we enable additional provider connections later, they will require explicit provider authorization and will be governed by the permissions and revocation controls shown during that connection flow.

10. International Users

If you use the app outside your country, your data may be processed in the countries where Apple, Google, our cloud providers, OpenAI, and other service providers operate.

11. Changes to This Policy

We may update this policy periodically. The latest version will always be posted on our website, and the “Last updated” date will reflect changes.

12. Contact

If you have questions or requests, contact us at:
ondrej@sevcik.dev