Privacy Policy

This policy explains what Keystone collects, how it uses athlete data, how manual uploads are handled, and how connected Strava data is handled when Strava sync is authorized.

What Keystone does

Keystone is a training analytics application for cyclists and triathletes. It ingests training data, computes metrics such as threshold trends and durability signals, and presents those results back to the athlete. In coaching mode, a designated coach may also view athlete data for training analysis and feedback.

Data we collect

• Account and athlete profile information you provide, such as athlete name and training settings.
• Uploaded workout files and metadata, including Strava export ZIP files, FIT/FIT.GZ files, timestamps, power, heart rate, cadence, speed, altitude, and derived analytics.
• Strava data that an athlete explicitly authorizes Keystone to access through Strava OAuth, limited to the scopes granted by the athlete. This is separate from manually uploaded Strava export archives.
• Operational data needed to keep the service running, such as sync timestamps and diagnostic logs.

How we use data

• To import and display athlete activities and related training analytics.
• To compute threshold estimates, durability signals, trends, and weekly recommendations.
• To let a designated coach review athlete data when the athlete has chosen to participate in that coaching workflow.
• To maintain sync state, troubleshoot problems, and improve product reliability.

Coach access

When Keystone is used in a coach-athlete setup, athlete data, including GPS route data for assigned athletes, may be visible to the designated coach inside the app. Keystone is intended to show athlete data only to the athlete and authorized coaching relationships, not to unrelated users, viewers, or guest links.

Strava data

Keystone uses manually uploaded Strava export archives and FIT/FIT.GZ files only to import activities and generate athlete-specific analysis. If an athlete authorizes Strava OAuth sync, Keystone imports supported connected Strava activities from the last 3 years and uses that data only for the athlete experience and assigned-coach workflow the athlete has chosen to participate in. Athletes can disconnect Strava from the Settings page, which stops future syncs. Keystone also listens for Strava deauthorization webhooks so local access can be cleared when authorization is revoked on Strava.

Data retention and deletion

Imported data is retained only as needed to provide the training analysis experience. If you want Strava access removed, use the disconnect option in the app. If you want Keystone data deleted, use the support contact provided by the Keystone operator.

Contact

Questions about this policy or data handling should be directed to the support contact provided by the Keystone operator.