Privacy Policy

Effective date: 2025-10-27

This Privacy Policy explains how Fit File Forge (“we”, “our”, “us”) handles data when you choose to generate and send workouts to your Garmin Connect account via the Garmin Connect Developer Program’s Training API. Our product is designed to be privacy-minimal: we generate workouts from your prompt and, at your request, deliver them to your Garmin account. We do not collect, sell, or share your personal information for advertising or other unrelated purposes.

1) Scope

This policy covers our website and app features that integrate with Garmin Connect to publish workouts and/or training plans you explicitly request us to send to your Garmin account.

2) Data we handle

  • Your input text (e.g., a workout description). We use it to construct a structured workout. We do not use it for any other purpose.
  • Garmin authorization (e.g., OAuth tokens) only for the purpose of sending workouts you approve to your Garmin Connect account. Tokens are stored only as needed to complete the requested action and are not repurposed.
  • No retrieval of Garmin user data. We do not pull your activity history, health metrics, or account profile from Garmin.

3) How we use information

We use your input and your Garmin authorization solely to generate the workout you requested and POST it to your Garmin Connect calendar. We do not use the information to build profiles, for advertising, or to sell to third parties.

4) Retention

By default, we keep no persistent copy of your personal data or workouts. Temporary technical data (such as a short-lived access token or transient server logs) may exist only long enough to fulfill the request and maintain the security and reliability of the service. We do not maintain long-term user records.

5) Sharing

We do not sell or share personal information. We may use essential service providers (e.g., cloud hosting) that process data on our behalf under strict confidentiality and security obligations. We do not allow our providers to use your data for their own purposes.

You choose when to connect your Garmin account and when to send a workout. You can revoke our access at any time in Garmin Connect/your Garmin account settings. After revocation, we can no longer send workouts and any short-lived credentials we hold become unusable.

7) Security

  • Encryption in transit (HTTPS) for all client–server communications.
  • Least-privilege access to any secrets required to contact Garmin’s APIs.
  • No local storage of sensitive data in the browser beyond what’s necessary for the session.

8) Your choices & rights

Because we do not maintain a user database, your principal control is whether to connect your Garmin account, whether to initiate a send, and whether to revoke access. If you contact us to request deletion, we will confirm we don’t store your personal data and will purge any residual transient logs that could identify you.

9) Children

Our service is not directed to children under 16. If we learn a child has used the service, we will delete any related transient data.

10) International

We may process requests on servers located outside your country. We apply the same minimal-data approach and security controls regardless of location.

11) Changes to this policy

We may update this Privacy Policy to reflect product changes or legal requirements. We will post updates on this page with a new effective date.

12) Contact

Questions or requests? Email me at cmwetherell@gmail.com.