Privacy Policy

Last updated: 11 January 2026

Introduction

Welcome to karben. We are committed to protecting your privacy and being transparent about the data we collect. This Privacy Policy explains how karben ("we", "us", or "our") collects, uses, and protects your personal information when you use our AI-powered running coach service.

karben is operated by [Your Legal Name/Entity] and is based in the United Kingdom. We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Information We Collect

1. Account Information

When you create an account, we collect:

  • Email address (for account authentication and communications)
  • Account credentials (securely hashed passwords)
  • Account creation date

2. Training Information

To provide personalised training plans, we collect:

  • Current fitness level and running experience
  • Training goals and target race information
  • Training schedule preferences (available days, preferred workout times)
  • Workout completion data (distance, duration, perceived effort/RPE)
  • Workout feedback and difficulty ratings
  • Training history and progress metrics

3. Device Integration Data (Optional)

If you choose to connect your Garmin device:

  • Garmin account connection status
  • Activity data: distance, duration, and perceived effort (RPE) from completed workouts
  • Activity type (running, cycling, etc.)

Important: We do NOT collect biometric or health data such as heart rate, weight, age, VO2 max, sleep data, or other wellness metrics. Our integration is intentionally limited to training performance data only.

4. Usage Information

  • Pages visited and features used
  • Date and time of access
  • Device and browser information
  • IP address (for security and fraud prevention)

5. Payment Information

Payment processing is handled by Stripe. We do not store your full credit card details. We receive only:

  • Last 4 digits of card number
  • Card expiry date
  • Subscription status and billing history

How We Use Your Information

We use your information to:

  • Provide our service: Generate personalised training plans using AI based on your goals and experience
  • Adapt your training: Adjust plans based on your feedback and performance data
  • Communicate with you: Send plan updates, workout reminders, and important service notifications
  • Process payments: Manage your subscription and billing
  • Improve our service: Analyse aggregated, anonymised data to enhance our AI models and features
  • Ensure security: Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations: Respond to lawful requests and comply with applicable laws

Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

  • Contractual necessity: To provide the services you've subscribed to
  • Legitimate interests: To improve our service, prevent fraud, and ensure security
  • Consent: For optional features like Garmin device integration (you can withdraw consent at any time)
  • Legal obligations: To comply with laws and regulations

Data Storage and Security

Your data is stored securely using Supabase (PostgreSQL database) with servers located in the European Union. We implement industry-standard security measures including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of data at rest
  • Secure password hashing
  • Regular security audits and updates
  • Access controls and authentication
  • Row-level security (RLS) policies in our database

Data Sharing and Third Parties

We do not sell your personal data. We share data only with:

Service Providers:

  • Supabase: Database and authentication (EU servers)
  • Anthropic (Claude AI): AI-powered plan generation (data is not used to train models)
  • Stripe: Payment processing
  • Vercel: Application hosting
  • Garmin: Device integration (if you choose to connect) - limited to activity data only

All third-party service providers are carefully selected and required to protect your data in accordance with GDPR standards.

Your Rights (UK GDPR)

Under UK data protection law, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we use your data
  • Data portability: Receive your data in a machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw consent: For optional features like device integration

To exercise any of these rights, please contact us at support@karben.app

Data Retention

We retain your data for as long as:

  • Your account is active
  • Necessary to provide our services
  • Required by law or for legitimate business purposes

When you delete your account, we permanently delete your personal data within 30 days, except where we're required by law to retain certain information (e.g., for tax purposes).

International Data Transfers

Your data is primarily stored within the European Union. If data is transferred outside the EU/UK (e.g., to Anthropic for AI processing), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

Cookies and Tracking

We use essential cookies for:

  • Authentication (keeping you logged in)
  • Security (preventing fraud and abuse)
  • Functionality (remembering your preferences)

We do not use advertising or tracking cookies. Our essential cookies are necessary for the service to function and do not require consent under UK cookie law.

Children's Privacy

karben is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of material changes by email or through a prominent notice in the app. The "Last updated" date at the top indicates when the policy was last revised.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: support@karben.app

Website: karben.app

If you're not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

ICO Website: ico.org.uk

ICO Helpline: 0303 123 1113

Return to Home