VeloIQ
Platform Disciplines Athletes & Federations Governance Pricing About
Federation sign in Request briefing →
VeloIQ
Platform Disciplines Athletes & Federations Governance Pricing About
Federation sign in Request briefing →
Privacy Policy

Your data, governed.

VeloIQ ("VeloIQ", "we", "us") is a track-cycling analytics platform operated by Momentum Coaching. This policy explains what personal data we collect, how we use and protect it, and the rights you have — including under the EU/UK General Data Protection Regulation (GDPR).

Last updated  July 2026 Applies to  veloiq.pro & federation.veloiq.pro
On this page
  1. Who is responsible
  2. Information we collect
  3. How we use it
  4. Legal bases (GDPR)
  5. Athlete confidentiality
  6. Storage & security
  7. We do not sell your data
  8. Service providers
  9. International transfers
  10. Retention & deletion
  11. Your rights
  12. Junior athletes
  13. Wearables & devices
  14. Changes to this policy
  15. Contact

01Who is responsible for your data

The data controller is Momentum Coaching (Austin, TX, USA). For any privacy question or request, contact [email protected].

02Information we collect

  • Account — your name, email address, and authentication credentials (passwords are handled by our authentication provider and are never stored by us in plain text).
  • Profile — your athlete profile, ID, and any avatar photo you choose to upload.
  • Performance data — power, cadence, lap splits, timing and session metrics you record or import.
  • Video — footage you upload or record and the power overlays generated from it.
  • Health data — heart rate from Apple Health, only if you grant permission.
  • Connected wearables — if you link WHOOP or Fitbit, the metrics you authorize (recovery, strain, sleep, heart rate and activity) via their secure OAuth flow.
  • Device & diagnostics — app version and basic diagnostic information used to keep the app reliable.

03How we use your information

We use your data solely to provide and improve VeloIQ: to deliver your analytics, sync your sessions across your devices, generate your MomentumAI coaching insights, store and optionally back up your footage, keep the service secure, and provide support. We do not use it for advertising.

04Legal bases (GDPR)

We process your data on the following bases: performance of our contract with you (to run the app), your consent (for example, Apple Health data, video, and optional cloud backup), and our legitimate interests in securing and improving the service, balanced against your rights. Where we rely on consent, you can withdraw it at any time.

05Athlete confidentiality

Your performance data and footage are confidential to you and to the coaches or federation you explicitly authorize. We never make them public. Coaches and administrators can only access the athletes assigned to them, enforced by strict per-record access controls.

06Storage & security

Your data is hosted on Supabase and encrypted in transit (TLS) and at rest. Video is kept in private storage reachable only through short-lived signed links, and row-level security restricts every record to its owner. Access is least-privilege, and sensitive service keys (such as our AI provider key) live only on our servers and are never shipped inside the app.

07We do not sell your data

We do not sell, rent, or trade your personal data, and we do not use it for third-party advertising — ever. Your athlete data is not a product.

08Service providers we use

  • Supabase — hosting, authentication and storage.
  • Anthropic — powers MomentumAI. We send session metrics to generate your coaching insights; this data is not used to build advertising profiles of you.
  • Apple HealthKit — heart rate, handled under Apple's rules. Health data is never used for advertising and is not shared with third parties for advertising.
  • WHOOP and Fitbit — if you connect them, to read the wellness metrics you authorize. Access tokens are stored privately on our servers and never in the app.

09International transfers

We operate from the United States. If you are in the EU/UK, your data may be transferred to the US under appropriate safeguards such as the EU Standard Contractual Clauses.

10Retention & deletion

We keep your data while your account is active. You can delete your account at any time in Profile → App Info → Delete Account; this deactivates it immediately and permanently erases your data after a 30-day grace period.

11Your rights

Under GDPR and similar laws you have the right to access, rectify, erase, restrict, port, and object to the processing of your data, and to withdraw consent. EU/UK users may also lodge a complaint with their local supervisory authority. To exercise any right, contact [email protected].

12Junior athletes

VeloIQ may be used by junior athletes. If you are under 16 (or the age of digital consent in your country), a parent or guardian must provide consent and manage the account. We do not knowingly collect data from children without such consent.

13Connected wearables & third-party devices

If you connect a WHOOP or Fitbit account, we access only the metrics you authorize through the provider's secure OAuth flow. You can disconnect at any time in Profile → Connected devices, which removes our stored access.

WHOOP, Fitbit, Apple Health and similar services are independent third parties. VeloIQ is not responsible for the accuracy, availability, or performance of these devices or services, or for any changes they make to their APIs. Your use of them is governed by their own terms and privacy policies.

14Changes to this policy

We may update this policy and will revise the "Last updated" date above. We will notify you in-app of any material changes.

15Contact

  • Privacy requests — [email protected]
  • Security concerns — [email protected]
  • Entity — Momentum Coaching · VeloIQ, Inc.
© 2026 Momentum Coaching · VeloIQ, Inc.
Governance About Privacy Acceptable use Contact
BUILD 0.4.1 · CLOSED PILOT