Privacy

When you sign up, we store your email address and a username. If you sign in with Google we additionally receive your name and avatar URL from Google. If you connect Strava, GitHub or YouTube we store an encrypted access & refresh token so the verifier can check progress on your behalf — nothing else from those platforms is retained.

Account data lives until you delete the account. OAuth tokens are rotated on use and wiped when you disconnect. Server logs (IP, request path, response code) are retained for 30 days for debugging and abuse detection.

We use Supabase (auth + database, EU region), Vercel (hosting), Resend (transactional email) and PostHog (product analytics, EU region) as sub-processors. We don't sell data, don't run ad networks, and don't share with third parties for marketing.

To request a copy of your data, correct it, or have it deleted, email cleero.app@protonmail.com. Account deletion is also self-serve from Settings.