FuelSportFuelSport

Privacy Policy

Last Updated: November 2025

Introduction

FuelSport ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our athlete nutrition and performance tracking platform (the "Service") available at app.fuelsport.ai and api.fuelsport.ai.

By using our Service, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Account Information

When you register for an account, we collect:

  • Name (first name and last name)
  • Username (generated from your email or provided)
  • Email address
  • Password (stored in encrypted form)
  • Account role (athlete, coach, or admin)
  • Account status (active/inactive)
  • Email verification status
  • Last login timestamp

Performance and Health Data

We collect and store the following performance and health-related information:

  • Performance Test Data: VO2max, VLAmax, anaerobic threshold, FTP (Functional Threshold Power), body weight, body fat percentage, power curves, test dates, and detailed test results
  • Sweat Test Data: Test duration, average temperature, ride intensity, average power, sodium concentration, pre-test and post-test weight, fluid intake, sweat rate, total sodium lost, and related comments
  • Workout Data: Custom workout plans, workout steps, duration, and metabolic analysis data
  • Route Data: GPX and FIT files you upload, including GPS coordinates and route information
  • Fuel Plans: Planned nutrition strategies, route segments, food selections, and timing
  • Fuel Plan Actuals: Records of what you actually consumed during events, including foods, quantities, and timing
  • Food Preferences: Your dietary preferences, restrictions, and custom food entries
  • Notes: Personal notes and annotations you create
  • Events: Calendar events and scheduled activities

Usage and Activity Data

We automatically collect:

  • Activity logs including actions you perform in the application
  • Login timestamps and authentication events
  • Client timezone and timestamp information
  • Food usage statistics (aggregate counts of how often foods are used)

Files You Upload

  • PDF files (performance test reports such as INSCYD reports) - These may contain your name, coach's name, and other identifying information embedded in the document
  • GPX and FIT files (route/activity files) - These may contain GPS coordinates and timestamps
  • Chart images extracted from PDFs - When PDFs are processed, page images are created for AI analysis. These images may contain visible personal information from the original PDF (names, dates, etc.)

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process and store your performance and nutrition data
  • Generate personalized recommendations and insights
  • Enable coaches to view and analyze their athletes' data (with permission)
  • Send you email notifications (account verification, password resets, etc.)
  • Process and extract data from uploaded PDF files using AI-powered analysis
  • Maintain security and prevent fraud
  • Comply with legal obligations

PDF Processing Disclosure

When you upload performance test PDFs (such as INSCYD reports), the Service automatically processes these files to extract performance metrics. This processing involves:

  1. Converting PDF pages to images
  2. Sending page images to third-party AI services (OpenAI or Google Gemini) for chart data extraction
  3. Storing extracted metrics in your account

Please note: INSCYD and similar performance test PDFs typically contain your name and your coach's name on multiple pages, including within chart graphics. This identifying information is visible in the images sent to AI services. By uploading such PDFs, you consent to this processing.

Data Sharing and Access

Coach-Athlete Relationships

  • Coaches can view and analyze data for athletes who have accepted their coaching invitation
  • Athletes must explicitly accept a coach's invitation before the coach can access their data
  • Coaches can be assigned to specific athlete categories
  • You can revoke coach access at any time

Administrative Access

  • Administrators have access to all user data for system administration, support, and troubleshooting purposes
  • Administrators can view user data when providing technical support

Shared Content

  • Workouts: You may choose to share workout plans with other users. Shared workouts are visible to users you explicitly share them with.
  • Food Database: The food database contains both:
    • Global foods: Publicly available foods visible to all users
    • Private foods: User-specific custom foods marked as private, visible only to you

Third-Party Services

We use the following third-party services that may process your data:

Email Services

  • Development: Mailtrap (for testing)
  • Production: AWS SES, Mailgun, SendGrid, or similar email delivery services
  • These services process your email address to send verification emails, password resets, and notifications

PDF Processing

  • CloudConvert API: Converts PDF pages to images for chart extraction
  • PDF files you upload are temporarily sent to CloudConvert for processing
  • Processed images are stored on our servers

AI Services

  • OpenAI Vision API: Analyzes chart images from performance test PDFs to extract data
  • Google Gemini API: Alternative AI service for chart analysis (if configured)
  • Important: When you upload INSCYD performance test PDFs, page images containing charts are sent to these AI services for data extraction. These images may include personally identifiable information visible on the PDF pages, such as:
    • Athlete's first and last name
    • Coach's first and last name
    • Test dates
  • This data is processed by the AI services solely for the purpose of extracting performance metrics and is subject to their respective privacy policies:
  • We do not have control over how these third-party AI services process or retain the image data sent to them

Nutrition Data APIs

  • USDA FoodData Central: Used to search for nutrition information (optional, requires API key)
  • Nutritionix API: Alternative nutrition database (optional, requires API key)
  • Search queries (food names only, no personal data) may be sent to these services when you search for foods

Data Sharing Restrictions

We do not:

  • Sell your personal information to third parties
  • Share your data with advertisers or marketing companies
  • Use your data for purposes other than providing the Service

Data Storage and Security

Storage Location

  • Database: Your data is stored in PostgreSQL databases hosted on our servers
  • Files: Uploaded PDFs, GPX files, and FIT files are stored using Laravel's storage system, which may use local storage or cloud storage (e.g., AWS S3) depending on configuration
  • Authentication Tokens: Stored securely using Laravel Sanctum

Security Measures

  • Passwords are hashed using industry-standard encryption (bcrypt)
  • Authentication tokens are securely generated and stored
  • API communications use HTTPS encryption
  • Access to data is controlled through role-based permissions
  • Regular security updates and monitoring

Local Storage

The Service uses browser local storage to:

  • Store authentication tokens (fs_auth_token)
  • Remember selected user context for coaches/admins (fs_selected_user_id)
  • Cache nutrition search results temporarily (30 minutes)

Your Rights

You have the right to:

  • Access: Request a copy of all personal data we hold about you
  • Correction: Update or correct your account information and data through the Service
  • Deletion: Request deletion of your account and associated data (subject to legal retention requirements)
  • Data Portability: Export your data in a machine-readable format
  • Withdraw Consent: Revoke coach access or stop sharing workouts at any time
  • Account Deactivation: Deactivate your account (contact support)

To exercise these rights, contact us at support@fuelsport.ai or through the Service's support features.

Data Retention

  • Account Data: Retained while your account is active
  • Performance and Health Data: Retained until you delete your account or request deletion
  • Activity Logs: Retained for security and troubleshooting purposes
  • Uploaded Files: Retained until you delete them or your account is deleted
  • Deleted Accounts: Data may be retained for a reasonable period for backup and recovery purposes, then permanently deleted

Cookies and Tracking

We use:

  • Session Cookies: For authentication and maintaining your login session
  • Local Storage: For storing authentication tokens and user preferences (as described above)

We do not use:

  • Third-party advertising cookies
  • Analytics tracking cookies (unless explicitly enabled)
  • Social media tracking pixels

Children's Privacy

Our Service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us, and we will delete such information.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using our Service, you consent to the transfer of your information to these countries.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending you an email notification (for material changes)

You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: support@fuelsport.ai

Additional Information for EU Users

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to object to processing
  • Right to restriction of processing
  • Right to lodge a complaint with a supervisory authority

To exercise these rights, contact us using the information above.

Additional Information for California Users

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)

To exercise these rights, contact us using the information above.