Sweep.

Privacy Policy

Last updated: April 25, 2026

Overview

Sweep ("Sweep," "we," "us") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how it is used, and the choices you have regarding your data when you use the Sweep application ("the Service").

Sources of Activity Data

Sweep may process activity data from the following sources:

  • Manual Logging — activity data entered directly within the Club Runner app
  • Strava— running activities imported via Strava's OAuth API when you connect your Strava account
  • Garmin Connect™— running activities pushed automatically via Garmin's webhook API when you connect your Garmin account

The type and amount of data available to Sweep depends on the source and the permissions you grant. You must explicitly authorize each connection before any data is accessed.

Account Information

When you create an account, we collect your email address and display name. You may optionally provide a profile photo, bio, city, state, and links to external profiles (e.g., Strava).

Fitness & Activity Data

When you log runs, record activities, or sync from connected platforms, we may collect:

  • Activity type (e.g., run, walk)
  • Distance, pace, duration, and elevation
  • Activity start time and timestamps
  • GPS location data (latitude, longitude, altitude)
  • Heart rate and other metrics from your fitness device
  • Photos you attach to your activities
  • Notes and descriptions

This data is classified as health and fitness data. It is accessed only with your explicit authorization and used solely to support Sweep features such as group run tracking, activity logging, and personal progress views.

Club & Membership Data

We store information about your club memberships, including your role (member, coach, owner), join date, and membership status.

User-Generated Content

We store content you create on the platform, including channel messages, board posts and comments, direct messages, event RSVPs, emoji reactions, and photos or files you upload.

Training Data

If you use training plans, we store plan details, workout entries, scheduled dates, completion status, coach notes, and workout segments. If a coach creates a plan for you, both you and the coach can access the plan data.

External AI Processing

Sweep does not send your activity data to any external AI or large-language-model provider. This includes any data synced from Strava or Garmin Connect, your manually logged runs, GPS routes, distance, pace, duration, heart rate, elevation, splits, segments, and photos of activities. Activity statistics from connected platforms are never included in AI prompts, AI tool results, or any other request to an external AI service.

When you choose to use the AI Coach feature, the request to our AI provider (Anthropic) contains only:

  • The messages you type
  • Your club membership context (club name, your role, member display names) and the text content of public channels — including run-stream posts (post text and author display name only, never the underlying activity statistics or any data synced from connected fitness platforms)
  • Training-plan structure (plan title, goal, scheduled workout types and dates, target distances and durations) — but not actual run data linked to any entry

AI Coach interactions are processed in real time and are not stored by Anthropic beyond the duration of each request. Anthropic does not use your data to train its models.

This restriction is required by the developer terms of Strava and Garmin Connect, and we apply it consistently to all activity data regardless of source.

What We Do Not Collect

Sweep does not collect or store:

  • Continuous background location monitoring
  • Audio, video, or background sensor data
  • Payment or financial information
  • Advertising, marketing, or behavioral profiling data
  • Medical or clinical health data (diagnoses, medications, lab results)

How We Use Your Data

We use your information to:

  • Provide, maintain, and improve the Service
  • Display your profile, messages, and activities to your club members
  • Match synced activities with club group runs
  • Enable coach-athlete training plan sharing and collaboration
  • Power the AI Coach feature by sending non-activity context (your messages, club/membership context, and training-plan structure) to our AI provider — see External AI Processing
  • Send you notifications about messages, events, mentions, and training updates
  • Authenticate your identity and secure your account

We do not use your data for advertising, resale, health profiling, or unrelated analytics.

Data Sharing

Sweep does not sell, rent, or trade user data.

Messages, posts, runs, events, and other content you share within a club are visible to other members of that club. Direct messages are visible only to the participants.

When you accept a training plan from a coach, the coach can view your training plan data, including workout entries, completion status, and related notes.

We use the following third-party services to operate Sweep:

  • Supabase — database hosting, user authentication, and file storage
  • Netlify — application hosting and serverless functions
  • Anthropic — AI processing for the AI Coach feature, excluding activity data from connected platforms (Strava, Garmin Connect) and any other run data. See External AI Processing. Anthropic does not store your data beyond the duration of each request.
  • Strava — activity data sync when you connect your Strava account. Data is accessed only via their OAuth API with your authorization.
  • Garmin Connect— activity data sync when you connect your Garmin account. Data is pushed via Garmin's webhook API with your authorization.

These providers are used solely to operate the Service. We do not share user data with any third parties for marketing, advertising, or any other purpose.

Data Storage & Security

Your data is stored using Supabase (PostgreSQL database and object storage) and hosted on Netlify. We implement security measures including:

  • Row-level security (RLS) policies to ensure users can only access authorized data
  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Secure authentication via Supabase Auth with encrypted password storage
  • Server-side access controls for API endpoints

No system can be guaranteed to be 100% secure. We take reasonable technical and organizational measures to protect data from unauthorized access, misuse, or disclosure.

Data Deletion & User Rights

You may:

  • Access and correct your personal data through your profile and activity pages
  • Revoke access to connected platforms at any time through the Sweep settings or the third-party platform's settings (e.g., Strava, Garmin Connect)
  • Delete your account and all associated data — including activity data, GPS data, heart rate data, and stream data — through our Account Deletion page or by emailing joe@gridrungp.com
  • Opt out of AI Coach features by simply not using them — the AI Coach does not process your data unless you actively engage with it

Deleted data may persist in encrypted backups for up to 30 days before being permanently purged.

Children's Privacy

Sweep is not intended for children under the age of 13. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 13, we will delete the account and associated data promptly.

International Users

Sweep is operated from the United States. If you access the Service from outside the US, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of Sweep after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy or would like to request data deletion, please contact: joe@gridrungp.com