Privacy Policy

We do not collect payment information, location data, or any training data itself — your Intervals.icu data is fetched on demand and never stored in our database (except briefly in a short-lived cache to reduce API calls).

AskMyCoach connects to Intervals.icu using either OAuth (recommended) or an API key, both stored AES-GCM encrypted. With OAuth you choose which permission scopes to grant (Activities, Wellness, Calendar, Settings) during the Intervals.icu authorisation screen; AskMyCoach records exactly what you approved and only enables tools that match your granted scopes. You can reconnect at any time from the Dashboard to change your scope selection.

When an AI assistant uses your MCP URL, AskMyCoach retrieves data from Intervals.icu in real time using your encrypted credentials. This data is passed directly to the AI assistant and briefly cached to reduce repeat API calls — TTLs range from 5 minutes (calendar events) to 1 hour (athlete profile). The cache is stored in our database, is associated only with your account, and expires automatically. Platform administrators can also manually clear the full cache. You can disconnect your Intervals.icu account at any time from the Dashboard, which immediately removes the stored credentials and invalidates any active OAuth tokens.

Some tools (such as Log Wellness Data and Update Athlete Profile) write data back to Intervals.icu on your behalf. AskMyCoach acts as a pass-through for these writes: the data goes directly from the AI assistant to Intervals.icu via your encrypted credentials and is not stored on our servers.

AskMyCoach supports two coach-access flows:

• Athlete invites coach (coach without account): You enter a coach's email on your Coaches page. The coach receives a 48-hour one-time link by email. Clicking it shows their personal MCP URL. Access is granted immediately — no account required for the coach.
• Athlete invites coach (coach with account): The coach receives an invitation email and must log in to their AskMyCoach account to confirm or decline. The invitation appears on their My Athletes page. Access is only granted after explicit confirmation; declining sets the status to Declined on your Coaches page.
• Coach requests access: A coach sends you an access request. You receive an email with a one-time link. Clicking the link takes you to your Coaches page where you choose which tools to allow before accepting. The coach receives their MCP token only after you accept.
• Coach MCP recovery: A coach without an account may request a fresh MCP access link via the Support page. This is rate-limited (90 seconds between requests, maximum 3 per 2-hour window). A new 48-hour one-time link is emailed only if the coach has an existing accepted coaching relationship.

Each coach email address is assigned one MCP token, shared across all athletes who have granted that coach access. One-time connect links expire after 48 hours; the underlying MCP URL remains valid until access is revoked or the token is regenerated. Revoking access immediately invalidates both the MCP URL and any outstanding one-time connect links for that coach. Coaches may assign a short nickname to each athlete for easier reference in AI tool calls. We store the coach's email address, the athlete-coach relationship, the selected permission set, and any nickname the coach has set.

Coaches with access to multiple athletes may use aggregated team wellness tools (daily summary, rankings, health alerts) that retrieve and combine wellness data from several athletes in a single query. These tools only access data for athletes who have explicitly granted the coach wellness data permission, and the data is never stored beyond the short-lived cache described above.

You can revoke coach access at any time from your Coaches page, which immediately invalidates the coach's ability to access your data via that token.

• To operate and secure your account.
• To provide the MCP integration with AI assistants.
• To send transactional emails (account creation, password reset, coach invitations) via Resend.
• We do not sell your data to third parties.
• We do not use your data to train AI models.
• We do not send marketing emails without your consent.

• Cloudflare — hosting, DDoS protection, bot mitigation (Turnstile). Your requests pass through Cloudflare's network.
• Resend — transactional email delivery. Your email address is shared with Resend only to send messages you trigger.
• Intervals.icu — your training data source. Subject to their own Privacy Policy.
• AI providers (Anthropic, OpenAI, etc.) — when you or your coach uses an MCP URL, data is sent to the AI provider you choose. AskMyCoach does not control how those providers handle that data.

• Account data is retained until you delete your account.
• Cached training data expires automatically — within 5 minutes to 1 hour depending on data type.
• Deleting your account permanently removes all stored data, including tokens, coach relationships, and cached data.

Sensitive values (Intervals.icu OAuth tokens, API keys, MCP tokens) are encrypted with AES-GCM before being written to the database. Passwords are hashed using a strong algorithm and never stored in plain text. All traffic is served over HTTPS. Access tokens are scoped and can be regenerated or revoked at any time. OAuth tokens are automatically refreshed before expiry and only the currently-granted scope is stored.

• Access: You can view your profile and connections from the Dashboard at any time.
• Deletion: Settings → Delete Account removes all your data immediately and permanently.
• Correction: You can update your name and email from Settings → Profile.
• Portability: Contact us to request a copy of the data we hold about you.

AskMyCoach sets a single cookie:

This is a strictly necessary cookie under GDPR and the ePrivacy Directive — it is required for authentication and cannot be disabled while using the Service. We do not use analytics cookies, advertising cookies, or any third-party tracking cookies.

We will update the "Last updated" date at the top of this page when changes are made. Continued use of the Service after changes constitutes acceptance of the updated policy.

Questions or requests about your data? Email us at sayhello@askmycoach.app.