Privacy - Activity Merger

Activity Merger ("we") lets you combine split workout activities on Strava and Garmin Connect. This page describes what we do with your data.

What we store

A user record with the email address you logged in with (if any).
OAuth tokens for Strava and session tokens for Garmin, so we can act on your behalf.
A row per merge job: the source activity IDs, the resulting activity ID, success / failure status, timestamps.
The original FIT files for activities you merge, in private object storage, so the merge can be undone. We delete these automatically 60 days after a successful merge.
The merged FIT file, in the same private storage, until the same retention window.

What we don't store

Your Strava or Garmin password.
Activity data beyond what's needed to merge (we don't analyse, sell, or share it).
Browsing analytics or third-party tracking.

Third parties we send your data to

Strava and Garmin Connect — we read activities from and upload merged activities to these accounts on your behalf.
Supabase (database + object storage) — managed Postgres + S3-compatible storage hosted in the EU region.
Vercel (hosting) — server logs include your user ID and job IDs but no activity content.
Sentry (error reporting, optional) — if enabled, error stack traces and the offending job ID are sent. No FIT content.

Disconnecting

Disconnect from the dashboard. Once disconnected we cannot act on your account, but historical merge job records remain unless you request deletion (see contact below). OAuth tokens can also be revoked on Strava (Settings → My Apps) or by changing your Garmin password.

Garmin Connect note

Garmin does not currently offer a public API for activity write, so we sign in to Garmin Connect on your behalf using the same flow as the official web site. Garmin's terms apply.

Contact

Mail zaim.imran@gmail.com to request deletion of your data or with any privacy question.