TRAININGGEEKSGitHub →

Privacy Policy

Last updated: June 7, 2026

TrainingGeeks is a self-hosted, local-first training log. There is no TrainingGeeks company, server, or cloud account behind it — the application runs on a machine you control, and your data lives in a database on that machine. This policy explains what the software stores and how it behaves. Whoever operates an instance (likely you) is the data controller for the data in it.

Data the app stores

  • Profile. Name, email, units, time zone, date of birth, and a hash of your access password.
  • Training data. Planned and completed workouts, durations, distances, paces, power, calories, TSS/IF, notes, and training plans you schedule.
  • Health & wellness. Metrics you log or sync — heart rate, HRV, resting HR, VO₂max, weight, sleep, mood — and injuries you record. You choose what to enter.
  • Equipment & settings. Gear, zones, thresholds, and dashboard preferences.
  • Imported files. Activity files (FIT) you upload or that are pulled from a connected service, including GPS, heart-rate, and power streams.

That's it. There are no analytics, no advertising, no trackers, and no telemetry. The app does not phone home.

Where your data lives

All of the above is stored in a local SQLite database on the machine running TrainingGeeks. It is never sent to us — because there is no "us" with a server. Backups, disk encryption, and access to that machine are under your control.

Third-party services

TrainingGeeks integrates with intervals.icu, and only when you enter your own Athlete ID and API key to enable sync. When enabled, your instance exchanges activity and planned-workout data directly with intervals.icu under their privacy policy. Remove the key to stop syncing. No other third parties receive your data.

How data leaves your instance (only when you ask)

  • intervals.icu sync, when you configure it.
  • CSV export you trigger from Settings.
  • A calendar (.ics) feed you choose to expose with a token.

Each of these is initiated by you. Nothing is shared automatically.

Security

Access is gated by a single password (stored only as a hash) and a signed session cookie. Because the app is self-hosted, securing the host is your responsibility — run it behind HTTPS, keep the machine patched, and protect the database file and your environment variables (which hold secrets like your intervals.icu API key). No system is perfectly secure.

Your rights and control

It is your database, so you have complete control: view, edit, export, or delete any record from within the app, or by operating on the database directly. There is no deletion request to file — removing data is something you do, not something you ask us to do.

Children

TrainingGeeks is not intended for use by anyone under 16.

Changes to this policy

This policy may change as the software evolves. The authoritative version lives in the source repository, and its history is public.

Contact

Questions, corrections, or concerns? Open an issue on GitHub.

← Back to sign in