Grit

Privacy Policy

Effective March 9, 2026

Grit ("we," "us," or "our") operates the Grit mobile application and the website gritlegs.com (collectively, the "Service"). Grit is an adaptive ultra and trail running training platform that uses artificial intelligence to deliver personalized coaching, training plans, and performance analysis.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information, including health and fitness data, when you use our Service. By using Grit, you agree to the practices described in this policy.

We are committed to transparency, particularly regarding how we handle sensitive health and fitness data and how we use artificial intelligence to process your information.

1. Information We Collect

Account Information

When you create a Grit account, we collect your name, email address, and any profile details you provide during onboarding (such as training goals, race targets, fitness history, and experience level).

Health and Fitness Data

With your explicit consent, we collect health and fitness data from your connected devices and third-party platforms. This includes:

  • GPS tracks and location data from activities
  • Elevation and altitude data
  • Heart rate data (resting, active, and recovery)
  • Running cadence and stride metrics
  • Power output data
  • Activity summaries (distance, duration, pace, splits)
  • Daily health metrics (steps, sleep, stress, Body Battery, HRV)
  • Training load, intensity, and recovery metrics

Third-Party Platform Data

When you connect your account with third-party fitness platforms, we receive activity and health data from those services. We currently support integrations with:

  • Garmin Connect — via the Garmin Connect Developer Program API
  • Strava — via the Strava API
  • COROS — via the COROS API
  • Suunto — via the Suunto API
  • Polar — via the Polar AccessLink API
  • Wahoo — via the Wahoo API

Data from these platforms is only transferred to Grit after you explicitly authorize the connection and consent to the data transfer. Each platform has its own privacy policy, and we encourage you to review them. For Garmin users, please also review the Garmin Connect Privacy Policy.

Conversational Data

When you interact with our AI coaching features — including conversational onboarding, post-activity debriefs, and training plan adjustments — we collect the content of those conversations to provide and improve the Service.

Usage and Device Data

We automatically collect technical information such as device type, operating system, app version, and general usage patterns (e.g., features used, session duration) to improve the Service.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To generate and adapt your personalized training plans
  • To calculate your Mountain Legs Index and other performance metrics
  • To power AI coaching features, including conversational onboarding, post-activity debriefs, and plan adjustments
  • To sync and display your activity and health data within the app
  • To analyze training patterns and provide performance insights
  • To support multi-year race planning and goal tracking
  • To communicate with you about your account and the Service
  • To improve, maintain, and secure the Service
  • To comply with legal obligations

3. Artificial Intelligence Transparency

Grit uses artificial intelligence to provide its core coaching and training features. We want to be clear about how AI interacts with your data:

  • AI-Powered Coaching: Your health, fitness, and conversational data is processed by AI systems to generate personalized training plans, post-activity analysis, and adaptive coaching recommendations.
  • Data Processing: AI processes your activity data (GPS tracks, heart rate, elevation, pace, power, cadence) along with your stated goals and training history to produce individualized guidance.
  • No Sale of Data for AI Training: We do not sell or license your personal data to third parties for the purpose of training their AI models.
  • Consent: By using Grit's AI coaching features, you expressly consent to the processing of your health and fitness data by artificial intelligence systems. You may withdraw this consent at any time by discontinuing use of the AI features or by contacting us.

4. How We Store and Protect Your Data

We take the security of your health and fitness data seriously and implement industry-standard safeguards:

  • All data is encrypted in transit using TLS/SSL and encrypted at rest
  • Access to personal data is restricted to authorized personnel on a need-to-know basis
  • We use secure cloud infrastructure with regular security audits
  • Authentication tokens for third-party platforms (Garmin, Strava, etc.) are stored securely and never exposed to other users
  • We conduct regular vulnerability assessments and promptly address identified issues

While no system is perfectly secure, we are committed to protecting your data using commercially reasonable technical and organizational measures consistent with industry best practices.

5. Data Sharing and Third Parties

We do not sell your personal information. We share your data only in the following limited circumstances:

  • Service Providers: We use trusted third-party service providers for hosting, analytics, AI processing, and email delivery. These providers are contractually obligated to protect your data and may only use it to perform services on our behalf.
  • Connected Platforms: When you connect a third-party platform (e.g., Garmin Connect), data flows between that platform and Grit as authorized by you. We may transmit limited data back to these platforms only as necessary and as permitted by their developer agreements.
  • Legal Requirements: We may disclose your data if required by law, regulation, legal process, or governmental request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change.

We do not share your health or fitness data with advertisers, data brokers, or any third party for their own marketing purposes.

6. Data Retention

We retain your personal data, including health and fitness data, for as long as you maintain an active Grit account. This retention is necessary for the reasonable operation of the Service, including long-term training analysis and multi-year race planning.

If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our agreements).

Data received from third-party platforms (such as Garmin Connect) is retained only for the duration of your account or until you disconnect that platform, whichever comes first, unless you provide express consent for longer retention.

7. Your Rights and Choices

You have the following rights regarding your personal data:

  • Access: You may request a copy of the personal data we hold about you.
  • Correction: You may request that we correct inaccurate or incomplete personal data.
  • Deletion: You may request deletion of your personal data. We will comply within 30 days, subject to any legal obligations requiring retention.
  • Data Portability: You may request an export of your data in a commonly used, machine-readable format.
  • Withdraw Consent: You may withdraw consent for data processing at any time. This will not affect the lawfulness of processing prior to withdrawal.
  • Disconnect Third-Party Accounts: You may disconnect any linked platform (including Garmin Connect, Strava, COROS, Suunto, Polar, or Wahoo) at any time through your Grit account settings. Upon disconnection, we will stop receiving new data from that platform. You may also request that we delete all data previously received from a disconnected platform.
  • Opt Out of AI Processing: You may withdraw consent for AI processing of your data at any time by contacting us.

To exercise any of these rights, please contact us at privacy@gritlegs.com. We will respond to your request within 30 days.

8. Garmin Connect Integration

If you choose to connect your Garmin Connect account to Grit, please be aware of the following:

  • You must authorize the connection through Garmin's OAuth consent flow before any data is transferred. Your Garmin data is only shared with Grit after you provide explicit consent.
  • We access Garmin data through the official Garmin Connect Developer Program API in accordance with the Garmin Connect Developer Program Agreement.
  • Data received from Garmin includes activity summaries, GPS tracks, heart rate, daily health metrics, and other fitness data as authorized by you during the consent process.
  • You may disconnect your Garmin Connect account at any time from within the Grit app or by revoking access through your Garmin Connect account settings.
  • Upon disconnection, we will cease receiving new data from Garmin. You may also request complete deletion of all Garmin-sourced data by contacting us at privacy@gritlegs.com.
  • We do not share your Garmin data with any third parties except as described in Section 5 of this policy.
  • Your use of Garmin Connect is also governed by the Garmin Connect Privacy Policy.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. When we transfer personal data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses or other lawful transfer mechanisms, to protect your data in accordance with applicable data protection laws.

10. Additional Rights for EEA, UK, and Swiss Users

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and equivalent local laws:

  • Legal Basis for Processing: We process your personal data based on: (a) your explicit consent (for health/fitness data and AI processing), (b) performance of our contract with you (to provide the Service), and (c) our legitimate interests (to improve and secure the Service).
  • Right to Restrict Processing: You may request that we limit how we use your data in certain circumstances.
  • Right to Object: You may object to processing based on legitimate interests.
  • Right to Lodge a Complaint: You have the right to file a complaint with your local data protection authority.
  • Data Protection Officer: For GDPR-related inquiries, contact us at privacy@gritlegs.com.

Health and fitness data is classified as special category data under the GDPR. We process this data only with your explicit consent, which you provide when you connect a third-party platform or use health-related features of the Service. You may withdraw this consent at any time.

11. Children's Privacy

Grit is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@gritlegs.com, and we will promptly delete that information.

In the United States, we comply with the Children's Online Privacy Protection Act (COPPA) and do not knowingly collect data from children under 13.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on this page and updating the "Effective" date above. For significant changes affecting how we handle health and fitness data, we will provide additional notice (such as an in-app notification or email).

Your continued use of the Service after changes take effect constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

13. Contact Us

If you have questions about this Privacy Policy, your personal data, or wish to exercise any of your rights, please contact us:

Grit

Email: privacy@gritlegs.com

Web: gritlegs.com

We will respond to all privacy-related inquiries within 30 days.