FlipMP

Privacy Policy

Last updated: March 2025

1. Who we are

Flip My Performance ("FlipMP", "we", "us", "our") is a fitness coaching platform operated from Portugal, within the European Union.

As an EU-based operator, we are subject to the General Data Protection Regulation (GDPR) and applicable Portuguese data protection law. We are committed to protecting your personal data and being transparent about how we collect, use, and store it.

We never sell your personal data. We collect only what is necessary to provide the service.

2. What data we collect

Account data

When you register, we collect your email address and display name. Your password is hashed using industry-standard cryptography and is never stored in plaintext. This data is required to create and maintain your account.

Fitness data

Activities and workouts synced from connected integrations (Strava, Garmin, Apple Health, Google Fit, Polar, Wahoo, Zwift, etc.), including GPS routes, heart rate, power output, pace, cadence, and workout metadata such as duration, distance, and sport type. We also process health metrics such as HRV, sleep data, and resting heart rate where provided by connected platforms.

This data belongs to you. We are processors acting on your behalf, not owners of your fitness information.

Usage data

Pages visited, features used, and interaction patterns within the app. This data is collected via Google Analytics 4 only with your explicit consent (via the cookie banner). It is used in aggregate form to improve the product and is never linked to your individual identity.

Technical data

IP address, browser type, operating system, and device type, collected automatically for security, fraud prevention, and basic logging purposes. This data is retained for a maximum of 90 days.

3. How we use your data

  • Provide the FlipMP service and all its features
  • Run AI coaching analysis on your aggregated training data to generate insights, recommendations, and performance summaries
  • Calculate training load metrics (CTL, ATL, TSB), calorie estimates, and fitness scores
  • Sync and display your fitness data from connected third-party platforms
  • Send transactional emails such as account verification, password resets, and important service notices
  • Improve the platform based on anonymized, aggregated usage patterns (only with your analytics consent)
  • Comply with legal obligations and prevent fraud or abuse

4. Legal basis (GDPR)

Contract performance:Processing your account data and fitness data to deliver the service you signed up for.
Legitimate interests:Security logging, fraud prevention, and basic technical data retention where these do not override your rights.
Consent:Analytics cookies and usage tracking via Google Analytics 4 — only activated after you accept via the cookie consent banner. You may withdraw consent at any time.

5. Data sharing

We do not sell, rent, or trade your personal data to any third party.

Integration partners: When you connect Strava, Garmin, Apple Health, Google Fit, Polar, Wahoo, Zwift, or other platforms, we receive data from those services via their OAuth APIs. We share only the minimum necessary data to maintain the connection. We never share your fitness data back to these platforms without your explicit action.

Google Analytics: We use Google Analytics 4 for aggregate usage analytics, activated only with your consent. Google processes this data under their own privacy policy. You can opt out at any time via our cookie settings.

Infrastructure: We use cloud infrastructure providers to host and run the service. These providers act as data processors under GDPR-compliant data processing agreements.

Legal requirements: We may disclose data if required by law, court order, or to protect the rights, property, or safety of FlipMP, our users, or the public.

6. Data retention

We retain your account data and fitness data for as long as your account is active.

If you delete your account, all personally identifiable data is permanently deleted within 30 days. This includes your profile, fitness activity history, AI coaching records, and integration tokens.

Anonymized, aggregate data used for product analytics may be retained for longer periods. Technical logs (IP addresses, etc.) are retained for a maximum of 90 days for security purposes.

Analytics data collected via Google Analytics is subject to Google's data retention policy (typically 14 months).

7. Your rights (GDPR)

As an EU resident (and regardless of location), you have the following rights regarding your personal data:

Right of access:Request a complete copy of all personal data we hold about you.
Right to rectification:Correct any inaccurate or incomplete personal data we hold.
Right to erasure:Request deletion of your account and all associated personal data.
Right to data portability:Export your data in a structured, machine-readable format (JSON or CSV).
Right to restrict processing:Ask us to limit how we process your data in certain circumstances.
Right to object:Object to processing based on legitimate interests or for direct marketing.
Right to withdraw consent:Withdraw analytics or marketing consent at any time without affecting prior processing.

To exercise any of these rights, email privacy@flipmp.com. We will respond within 30 days. You also have the right to lodge a complaint with the Portuguese Data Protection Authority (CNPD) at cnpd.pt.

8. Cookies

Essential cookies: We use a small number of essential cookies required for the service to function, including session authentication cookies. These cannot be disabled without breaking the app.

Analytics cookies: We use Google Analytics 4 cookies to understand aggregate usage patterns. These are only set after you provide explicit consent via our cookie consent banner. You can change your preference at any time.

We do not use advertising or tracking cookies. We do not use Facebook Pixel, retargeting scripts, or any cross-site tracking technology.

9. Contact

Data Controller: Flip My Performance

Location: Portugal, European Union

Privacy enquiries: privacy@flipmp.com

Supervisory authority: Comissão Nacional de Proteção de Dados (CNPD) — cnpd.pt

10. Updates to this policy

We may update this Privacy Policy from time to time as our service evolves or legal requirements change. We will notify you of material changes via email or a prominent in-app notice at least 14 days before they take effect.

The "Last updated" date at the top of this page indicates when this version was published. Continued use of the service after the effective date of changes constitutes acceptance of the updated policy.