Privacy Policy

At Defynr™, physiological data is deeply personal. We do not sell your data. We build intelligence from it.

We operate under Zero Trust principles, strict data minimization, and user-controlled access.

1. Data We Collect

A. Account Information: Name, Email, Authentication credentials.

B. Performance & Device Data: When you connect supported integrations (such as Garmin and others as they become available), we may collect Heart Rate, Heart Rate Variability (HRV), Sleep data, Power (Watts), Pace, Cadence, GPS and activity data.

C. Interaction & Usage Data: Feature usage, page interactions, feedback and support submissions.

2. How We Use Your Data

We use your data to generate personalized training recommendations, provide recovery and performance insights, improve system accuracy and reliability, and maintain platform functionality.

We do not sell personal or physiological data.

3. Data Architecture & Separation

Your data is handled using a layered architecture:

• ✓ Identity Layer (PII): name, email, account data
• ✓ Performance Layer: physiological and activity data
• ✓ Analytics Layer: anonymized interaction data

These layers are logically separated, access-controlled, and encrypted in transit and at rest.

4. Consent & User Control

You can control how your physiological data is used through the Settings panel, including the ability to enable or disable data sharing with Defynr systems.

Consent is explicit, revocable, and user-controlled. We may introduce more granular controls over time to provide additional flexibility.

5. Zero-Trust Access Model

No internal user has default access to your physiological data. Support access requires explicit user authorization. Any access granted is temporary, logged, and auditable.

6. Data Retention & Deletion

When you delete your account:

• ✓ Immediate Actions: Personally identifiable information (PII) is permanently deleted or irreversibly detached.
• ✓ 30-Day Grace Period: Your account may be recoverable within 30 days.
• ✓ After 30 Days: All identifiable user data is permanently deleted.

Anonymized Data Retention: Certain activity and performance data may be retained in a fully anonymized and non-identifiable form for system improvement, aggregated insights, or model development. This data cannot be linked back to any individual, contains no personal identifiers, and is processed in accordance with applicable data protection laws.

Defynr does not attempt to re-identify anonymized data.

7. Analytics & Tracking

We collect limited analytics such as page visits, clicks, and feature usage. This data is anonymized, non-PII, and used solely to improve product experience.

8. AI & Model Usage

CereBro™ and VideoBro™ use machine learning to generate insights. We do NOT train public large language models on your personal data, nor do we expose individual-level physiological data externally.

All processing occurs within controlled environments, follows strict data isolation principles, and adheres to zero-retention policies where external APIs are used.

9. Third-Party Integrations

We integrate with supported external platforms (such as Garmin and others as they become available). We only access data that you explicitly authorize.

10. Data Security

We implement industry-standard safeguards including encryption in transit (TLS), encryption at rest, and access controls and audit logging.

11. Your Rights

Depending on your jurisdiction, you may have the right to access your data, correct inaccuracies, request deletion, or export your data.

To exercise these rights, contact: privacy@defynr.com

12. International Users

Your data is primarily processed and stored in the European Union (Frankfurt, Germany) to ensure the highest standards of data protection. Some processing may also occur in the United Arab Emirates. We ensure appropriate safeguards and data transfer agreements are in place.

13. Policy Updates

We may update this Privacy Policy periodically. Continued use of the Services constitutes acceptance of the updated policy.