MinoAI Endurance Coach

Privacy Policy

Last updated: April 24, 2026

1. Who We Are

Mino ("we", "our", "us") is an AI-powered endurance coaching service available at mino.live. We help runners and endurance athletes train smarter by combining Garmin biometric data, Strava activity data, weather forecasts, and a conversational AI coach.

The data controller for your personal data is:

  • Company: WEDALIST ROMANIA SRL
  • CUI: RO47097180
  • Reg. Com.: J40/21628/2022
  • Address: București, Sectorul 3, Aleea Marius Emanoil Buteica 25-27, 031821, România
  • Phone: +40 723 330 471
  • Email: contact@mino.live

2. Data We Collect

We collect only what is necessary to provide the service:

  • Account data — email address and password (managed via Supabase Auth).
  • Profile data — name, sport type, training goals, and timezone you provide during onboarding.
  • Garmin data — HRV, Readiness score, Body Battery, sleep quality, stress levels, and activity details (pace, heart rate, power, laps) synced from your Garmin Connect account. We store Garmin credentials in encrypted form and never log raw tokens.
  • Strava data — activity data (type, distance, duration, pace, heart rate, power, cadence) fetched from your Strava account via OAuth 2.0 with the activity:read_all scope. We store your Strava access and refresh tokens to enable ongoing sync. Tokens are stored server-side and never exposed to the browser. We receive new activities automatically via Strava webhooks. We do not write any data back to Strava.
  • Conversation history — messages exchanged with the AI coach, used to provide personalised and contextual responses.
  • Subscription data — plan status and billing events processed via Stripe. We do not store full card numbers; Stripe handles payment data under their own PCI-compliant infrastructure.
  • Push notification tokens — browser push subscription endpoints, used only to deliver your daily briefings and alerts.
  • Usage data — message counts and feature usage, used to enforce plan limits and improve the service.

3. How We Use Your Data

  • To provide and personalise the AI coaching service.
  • To generate your daily briefing and weekly training report.
  • To process payments and manage your subscription.
  • To send push notifications you have explicitly opted into.
  • To enforce plan limits (e.g. 10 messages/week on Free) and prevent abuse.
  • To improve the service through aggregated, anonymised usage analysis.

We do not sell your data to third parties. We do not use your data for advertising purposes.

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:

  • Contract performance (Art. 6(1)(b)) — processing necessary to provide the Mino service you signed up for (account management, AI coaching, data sync, subscription management).
  • Consent (Art. 6(1)(a)) — for connecting third-party accounts (Garmin, Strava), receiving push notifications, and processing health-related biometric data (Art. 9(2)(a)).
  • Legitimate interest (Art. 6(1)(f)) — for service improvement through aggregated analytics, fraud prevention, and security monitoring.
  • Legal obligation (Art. 6(1)(c)) — for retaining billing records as required by Romanian fiscal law.

You may withdraw consent at any time (e.g., by disconnecting Garmin/Strava or disabling push notifications). Withdrawal does not affect the lawfulness of processing performed before withdrawal.

5. Third-Party Services

We rely on the following sub-processors to operate the service:

  • Supabase — database, authentication, and file storage (EU region).
  • Google Gemini — AI language model used to generate coaching responses. Your conversation context is sent to Google's API for inference.
  • Garmin Connect — biometric and activity data is fetched from your Garmin account with your explicit authorisation.
  • Strava — activity data is fetched from your Strava account via OAuth 2.0 with your explicit authorisation. Strava also sends real-time activity notifications to our backend via webhooks. Strava's Privacy Policy applies to data held by Strava.
  • Stripe — payment processing. Stripe's privacy policy applies to billing data.
  • Open-Meteo — weather data fetched by location. No personal identifiers are sent.
  • Render / Vercel — cloud hosting for the backend and frontend respectively.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance reasons (e.g., billing records). Garmin credentials are deleted immediately upon disconnecting your Garmin account.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Object to or restrict certain processing activities.
  • Data portability — receive your data in a structured, machine-readable format.

To exercise any of these rights, email us at contact@mino.live. We will respond within 30 days.

8. Security

We use industry-standard security measures including encrypted connections (HTTPS/TLS), encrypted storage of sensitive credentials, and Row Level Security (RLS) on all database tables to ensure users can only access their own data. No system is perfectly secure; if you discover a vulnerability, please disclose it responsibly to contact@mino.live.

9. Cookies

Mino is a Progressive Web App (PWA). We use only essential session cookies required for authentication (managed by Supabase). We do not use tracking or advertising cookies.

10. Children's Privacy

Mino is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

12. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Romanian supervisory authority: ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal) — www.dataprotection.ro.

13. Contact

For any questions about this Privacy Policy or your data, contact us at contact@mino.live or by phone at +40 723 330 471.

Login