← Back to Flux

Privacy Policy

Effective April 25, 2026

Flux is operated by Signal Forward LLC ("Flux", "we", "us"). This Privacy Policy explains what information we collect when you use the Flux web application, marketing site, and related services (collectively, the "Service"), how we use that information, and the choices you have. We aim to be straightforward: we collect what we need to give you a useful athlete platform, we keep it secure, and we let you delete it.

1. Information We Collect

1.1 Account Information

When you sign up, we collect your email address and a password hash through Amazon Cognito. We may also collect a display name, time zone, and basic profile preferences you provide.

1.2 Third-Party Fitness and Health Data

With your explicit authorization, Flux connects to third-party services and retrieves data on your behalf. Today these include:

  • Garmin Connect — workout files (FIT), activity summaries, daily wellness data, sleep, heart rate, body composition, stress, respiration, and other metrics surfaced through the Garmin Health and Activity APIs.
  • Strava — activity metadata, descriptions, and posting permissions for activities you authorize Flux to enrich.

We may add additional integrations over time, including continuous glucose monitors (CGM), lab-result imports, nutrition logs, and other wearable platforms. Each new integration requires a distinct authorization step where we describe the scope and purpose before any data is requested.

1.3 Derived and Computed Data

We process the data above to compute training metrics including (but not limited to) VDOT, training load, pace zones, heart-rate zones, weather-adjusted pace, fatigue estimates, race-performance projections, athlete phenotype, and workout classifications. These derived values are stored alongside the source data so they can be re-computed, improved, and audited over time.

1.4 Usage Information

We collect standard server logs (IP address, user agent, request paths, timestamps), authentication events, API request volume, and error reports. We use these to operate, secure, and improve the Service.

1.5 Communications

If you join our waitlist or contact us, we collect your email address and the contents of your message. We use this to respond and to send relevant product updates.

2. How We Use Your Information

We use the information we collect to:

  • Provide the core features of the Service (importing, processing, visualizing, and exporting your training data).
  • Compute personalized analytics, training recommendations, and health insights.
  • Train, validate, and improve the algorithms, models, and machine-learning systems that power Flux. We may use your data — in identifiable form for systems we operate on your behalf, and in de-identified or aggregated form for product-wide improvements.
  • Build new features, including recommendation engines, anomaly detection, peer comparisons, and benchmarking against athlete cohorts.
  • Operate the Service securely, prevent abuse, and comply with our legal obligations.
  • Communicate with you about your account, product changes, and (where permitted) related products.

We do not sell your personal data. We do not share identifiable third-party fitness data (for example, Garmin or Strava data) with advertisers.

3. Garmin Data — Specific Terms

Flux uses the Garmin Connect Developer Program APIs. By connecting your Garmin account, you authorize Flux to receive activity files and health summaries from Garmin on your behalf. We:

  • Store Garmin data in our secure data lake hosted on Amazon Web Services in the United States.
  • Use Garmin data only to provide and improve features of the Flux Service for you, and to operate the Service.
  • Do not redistribute raw Garmin data to other users or third parties, and do not sell it.
  • Honor disconnection: when you disconnect Garmin from Flux (in Settings) or revoke the connection from your Garmin Connect account, we stop new data ingestion. You may also request deletion of previously imported Garmin data — see Section 7.

Your relationship with Garmin is governed separately by Garmin's own Privacy Policy and terms. Flux is not responsible for the practices of Garmin or any other connected provider.

4. Third-Party Services We Use

We rely on a small number of trusted infrastructure providers to operate Flux:

  • Amazon Web Services — hosting, storage, authentication (Cognito), and email/notification delivery.
  • Anthropic and AWS Bedrock — large-language-model inference for AI-driven features (for example, narrative summaries and natural-language search). Where Bedrock is used for sensitive workloads we operate inside the AWS Business Associate Agreement.
  • Visual Crossing — historical and forecast weather data used to compute environmental adjustments.
  • Microsoft Azure Communication Services — outbound transactional email.

5. Data Retention

We retain your account, training history, and derived analytics for as long as you have a Flux account and for a reasonable period afterward to allow account recovery, comply with legal obligations, resolve disputes, and enforce our agreements. Server logs are kept on a rolling basis (typically 30–90 days) and aggregated metrics may be kept indefinitely in de-identified form.

6. Security

We use industry-standard practices including encryption in transit (TLS), encryption at rest (AWS KMS), least-privilege access controls, audit logging, and segregated production environments. No method of electronic storage is perfectly secure; we work to protect your data but cannot guarantee absolute security.

7. Your Choices and Rights

  • Access and export. You can view your data inside the Flux app and request a copy of stored data by emailing us.
  • Disconnect integrations. You can disconnect Garmin, Strava, or any other connected service at any time from Settings. We will stop new data ingestion immediately.
  • Delete your data. You may request deletion of your account and associated data at any time. We will delete or de-identify your personal data within 30 days, except where retention is required by law. Garmin and other source providers retain their own copies under their own policies.
  • Marketing emails. Every marketing message includes an unsubscribe link. Transactional messages (security alerts, account confirmations) cannot be turned off while your account is active.

Residents of California, the European Economic Area, the United Kingdom, and other jurisdictions with applicable privacy laws may have additional rights, including the right to request information about how their data is used and the right to lodge a complaint with a supervisory authority. Contact us to exercise any of these rights.

8. International Data Transfers

Flux infrastructure is hosted in the United States. By using the Service from another country, you consent to the transfer of your information to the United States, which may have different data-protection rules than your home jurisdiction.

9. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us so we can delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version here and update the effective date above. For material changes we will provide additional notice (for example, by email or an in-app message).

11. Contact

Questions, requests, or concerns? Email privacy@fluxathlete.com.

Signal Forward LLC
Tennessee, United States