Drivetrain TelemetryDrivetrainStats

Privacy

Activity data privacy

DrivetrainStats analyzes cycling activity files for drivetrain and gear-use insight. This policy explains what activity data is stored, why it is used, and how users can delete it.

Last updated May 20, 2026

Consent and Scope

Users upload activity files or connect activity sources only with their consent. Manual FIT upload works today. Automatic activity import from Garmin Connect (Garmin Connect Activity API) and Strava (Strava API) is planned only for consenting users after the respective provider grants access; neither integration is live yet.

The app imports and analyzes cycling activity data only. It does not request sleep, HRV, women's health, wellness, non-activity location, social graph, or unrelated health data.

Data Stored

Stored data can include uploaded FIT bytes, derived ride metrics, drivetrain settings, account email, and optional activity location labels resolved from GPS points inside the activity file.

Derived metrics include ride duration, distance, gear changes, red/orange/green drivetrain efficiency zone percentages, cadence, power, speed, and equipment analysis outputs.

Use of Activity Data

Activity data is used only for drivetrain, gear usage, drivetrain efficiency, cadence/power, and equipment analysis inside DrivetrainStats.

Activity data sourced from third-party providers (Garmin Connect, Strava) is not sold and is not used to train external AI, ML, or LLM models. The same rule applies to manually uploaded FIT files.

Third-Party Integrations

DrivetrainStats requests data minimization from each provider — only the fields needed for drivetrain analysis on cycling activities.

  • Garmin Connect Activity API (planned): cycling activity FIT files, timestamps, cadence/power/speed/distance, device metadata, in-activity GPS, and gear/shifting/developer fields. See the Garmin integration page for the full consent and deletion flow.
  • Strava API (planned, read-only): cycling activity files and basic metadata required to perform drivetrain analysis. Strava authentication, attribution, and revocation will follow Strava's brand and API terms.

When either integration ships, users can revoke access at any time from the Account page, and disconnecting removes stored provider tokens.

Anonymized Aggregate Analysis

Derived ride metrics may be used in anonymized aggregate form to improve gear-usage analysis and produce population-level statistics about chainring, cassette, and drivetrain efficiency choices. Aggregated metrics include duration, distance, gear changes, red/orange/green zone percentages, cassette model, and chainring sizes.

Aggregate analysis never includes your email, account identifier, GPS coordinates, or the raw FIT file bytes. It is performed inside the application database, not exported to third parties, and not used to train external AI, ML, or LLM models.

You can opt out at any time from the Account page. Opting out excludes your past and future rides from aggregate queries; the opt-out is enforced at query time against your account, so no separate aggregate copy of your data exists.

Site Analytics

DrivetrainStats uses Cloudflare Web Analytics to count anonymous page visits and referral sources. Cloudflare Web Analytics does not set cookies, does not use fingerprinting, does not collect personal data, and does not track users across sites or devices.

DrivetrainStats also uses Sentry to capture application errors so they can be diagnosed. Error events do not include FIT bytes, GPS coordinates, or password material.

Location Data

If a FIT file contains GPS points, the app may use those activity coordinates to save an optional city and country label for the ride. The app does not request or process non-activity location data.

Deletion

Users can delete saved FIT files from their account in the analyzer. Deleting a saved ride removes the stored file bytes and the saved summary for that ride.

Users can delete their full account and all associated data from the Account page in the analyzer. Deletion is immediate and removes the account row, password hash, saved rides, and any pending verification or reset tokens. Questions about deletion can be sent to [email protected].

Security

Account access is protected by signed session cookies and password hashing. Email ownership is verified at signup, and password resets are performed through a single-use, expiring link delivered to the account email. Saved FIT files and derived metrics are stored in the application database and are scoped to the account that saved them.

Garmin OAuth tokens, Garmin webhooks, automatic Garmin sync workers, Strava OAuth tokens, and Strava sync workers are not implemented yet. Once shipped, provider tokens will be stored encrypted at rest, scoped to the owning account, and removed when the account or connection is deleted.

Contact

Operator: Siimki OÜ. Domain: drivetrainstats.com.

Business contact: [email protected].