Privacy Policy

Last updated: July 14, 2026

Scope

This Privacy Policy applies to GoFast on our website (gofastcrushgoals.com), our web app, and our iOS mobile app (App Store and TestFlight). When we say “GoFast,” “platform,” or “service,” we mean all of these unless we say otherwise.

Introduction

GoFast (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our platform.

Information We Collect

We collect information that you provide directly to us, including:

  • Profile information (name, email, city, pace preferences)
  • Account credentials when you sign in with email/password or Google Sign-In
  • Photos you choose from your device library for profile or crew images (mobile app only; we do not access your library without your action)
  • Activity and wellness data from connected devices (see Garmin Connect below and Strava when connected)
  • Running preferences, training plans, and goals
  • Messages and communications with other users

Sign-In and Authentication

GoFast uses Firebase Authentication (Google) to manage accounts on our website and mobile app. When you sign in with Google, Firebase processes your Google account identifier and basic profile information (such as name and email) according to Google’s Firebase Privacy Policy and Google’s Privacy Policy. We use this information only to create and secure your GoFast account.

Mobile App Permissions

The GoFast iOS app may request access to:

  • Photo library — so you can pick profile or crew photos (optional; only when you choose a photo)

You can revoke photo access anytime in iOS Settings. The app does not require photo access to use core training, crew, or race features.

Garmin Connect

If you choose to connect Garmin Connect, GoFast receives and processes Garmin data only after you authorize the connection in Garmin’s consent screen. You can disconnect at any time in GoFast Settings or by revoking access in Garmin Connect.

What Garmin data we collect

Depending on the permissions you grant, GoFast may receive:

  • Connection metadata — Garmin user ID, OAuth access and refresh tokens, granted scopes/permissions, and connection timestamps
  • Activity summaries — activity type, name, start time, duration, distance, pace/speed, calories, heart rate, elevation, and steps
  • Activity details and files — lap/split data and other detail fields Garmin provides for a completed activity (for example route-related samples when included in the payload)
  • Wellness summaries — sleep and daily wellness summaries when enabled in your Garmin developer permissions (for example resting metrics and body-battery style summaries when present)
  • Training write-backs — identifiers for workouts and scheduled sessions that GoFast creates or updates in your Garmin Connect training calendar when you send a plan workout to Garmin

How we use Garmin data

  • Display your training history and performance in GoFast
  • Match completed Garmin activities to planned GoFast workouts
  • Track progress toward your goals and PRs
  • Send GoFast training workouts you approve to Garmin Connect and your compatible Garmin device
  • Maintain your connection status, refresh tokens, and honor permission changes or deregistration events from Garmin

How we receive and process Garmin data

Garmin data is delivered to GoFast through Garmin’s authorized APIs and webhooks. GoFast acknowledges Garmin webhook notifications immediately and processes them asynchronously on our servers. Where Garmin sends a PING notification with a callback URL, GoFast retrieves the referenced payload from Garmin’s callback endpoint using your authorized connection.

Garmin activity and wellness data is stored in GoFast’s production database and associated with your GoFast athlete account. OAuth tokens and permission state are stored so we can keep your connection in sync until you disconnect.

Third parties and AI processors

  • Garmin is the source of Garmin Connect data. Data flows from Garmin to GoFast only with your authorization, and write operations go back only when you send training from GoFast.
  • Firebase Authentication secures your GoFast account. We do not send raw Garmin payloads to Firebase.
  • Hosting/infrastructure providers (including Vercel) operate our application servers. They process encrypted traffic and hosted application data under our control; we do not sell Garmin data to them or use it for their advertising.
  • OpenAI and other AI vendors are used for limited product features such as summarizing or structuring text you already work with in GoFast. We do not send Garmin activity files, wellness payloads, Garmin user IDs, OAuth tokens, or other raw Garmin Connect data to OpenAI or other AI processors.

We do not sell Garmin data. We do not share Garmin data with unauthorized third parties.

Retention and deletion

If you disconnect Garmin in GoFast or revoke access in Garmin Connect, GoFast clears your Garmin connection tokens and stops new syncs. If Garmin sends a deregistration event, GoFast removes the active connection on our side. You may also request account deletion under Your Rights below. Questions about Garmin data handling: privacy@gofastcrushgoals.com.

Other Third-Party Integrations

When you connect Strava or other integrations we support, we access only the data you explicitly authorize to help track progress and provide training insights. We do not share that data with unauthorized third parties.

How We Use Your Information

  • To provide personalized training plans and workout guidance
  • To help you discover runs and train with others
  • To provide training recommendations and insights
  • To facilitate crew and group features
  • To improve our services and user experience

We also use third-party AI (including OpenAI) for a few product features, such as summarizing or structuring text you already work with in the app. We send only what is needed for that task. We do not send your name, email, Garmin user ID, raw Garmin payloads, or other direct identifiers to OpenAI for those features. See Garmin Connect above for how Garmin data is handled separately.

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate information
  • Request deletion of your account and data
  • Disconnect Garmin or other integrations at any time
  • Opt out of certain data uses

Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@gofastcrushgoals.com