Shooson Privacy
Shooson is built with the smallest possible amount of personal data. This page explains exactly what we collect and why, in plain English.
This website
The site you’re reading right now ships zero analytics trackers, zero advertising pixels, and zero third-party scripts besides Google Fonts (used to load the typefaces you can see). We don’t set cookies. We don’t profile you. We don’t need to.
Closed beta — joining the waiting list
The wider-beta signup is currently closed. When it reopens and you submit your email to request an invite, we will store:
- Your email address — so we can email you when invites open.
- The timestamp of the signup.
- A salted hash of your IP address and your browser’s user-agent — used only to spot abuse, never to profile or track you.
We do not share your email with anyone, ever. To be removed, email hello@shooson.com and we’ll delete the row.
The app
Inside the app we store the minimum needed to make the coach work: your run history (synced from Strava with your permission), the weekly plan the coach builds for you, and a per-device passkey so you can sign in. Strava OAuth tokens are AES-256-GCM encrypted at rest. We do not sell, share or resell any of your data, and we do not feed it to any third-party AI training pipeline.
Strava data
When you connect Strava we automatically import your runs from the last 90 days so the coach has enough context to build your first plan. You can optionally import your full historical run history (defaults to the last 5 years) from the Settings screen to power long-term trend insights — this is opt-in and stored only against your account, never aggregated, anonymised or used to train any cross-user model.
Disconnecting Strava — either from inside the app or by revoking access at strava.com/settings/apps — deletes every Strava-derived row we hold for you (activities, cached tokens, backfill state) within 24 hours, as required by the Strava API Agreement.
Garmin / watch data
The Garmin Connect IQ app pulls your prescribed workout from our server when you sync the watch. No live HR or GPS data is sent off the watch by Shooson — that data lives in your Garmin account and reaches Shooson only via the Strava activity that Garmin uploads after the run.
Notifications
We use Firebase Cloud Messaging to deliver push notifications. The token is opaque, scoped to your device, and rotated by the OS. We send at most one push per run plus a Monday-morning weekly summary. No marketing pushes, ever.
Deletion
Email hello@shooson.com from your registered address and we will delete your account and all associated data within 30 days.