Nordik Lab Privacy

Privacy Policy

This Privacy Policy explains how Nordik Lab collects, uses, stores, and shares data when you use the Nordik Lab platform, including when you connect third-party services such as Strava, WHOOP, Polar, Tymewear, and SkiSens, and how Nordik Intelligence uses athlete-provided preferences and uploaded context files.

Last updated: May 18, 2026Return to sign in

Information we collect

Nordik Lab collects information you provide directly and information received from connected third-party services:

  • Account information: name, email address, role (athlete or coach), and optional profile details
  • Training data from Strava: workout summaries, GPS tracks, heart rate, power, pace, and activity metadata
  • Recovery data from WHOOP: recovery score, HRV, resting heart rate, sleep performance, sleep duration, and day strain
  • Training data from Polar Flow: workout summaries, heart rate, and activity metadata
  • Breathing and ventilation data from Tymewear: breathing rate, tidal volume, ventilation, and internal load metrics
  • Ski power and cadence data from SkiSens: power, cadence, and technique streams from .fit file uploads
  • Device data uploaded via .fit files: from COROS, Garmin, Suunto, Wahoo, Hammerhead, and other standard devices
  • Usage data: pages visited, features used, and interactions within the Nordik Lab dashboard
  • Nordik Intelligence data: assistant conversations, generated artifacts, remembered athlete preferences, and athlete-uploaded context files

How we use your data

  • Display training load, readiness, and performance metrics in athlete and coach dashboards
  • Support coach–athlete planning, session review, workout scheduling, and performance analysis
  • Compute training load scores, fitness trends, stress balance, and session execution quality
  • Match and deduplicate workouts from multiple sources into a unified training record
  • Generate insights and alerts based on training patterns, readiness trends, and recovery signals
  • Maintain sync state and troubleshoot integration failures
  • Operate, secure, and improve the Nordik Lab platform
  • Personalize Nordik Intelligence responses using your selected training basis, saved preferences, and uploaded context files

Sharing and access

  • Training and readiness data is visible to the authenticated athlete and, where applicable, coaches the athlete has explicitly connected with in Nordik Lab
  • Coaches can only view data for athletes who have accepted a coaching relationship within the platform
  • Nordik Lab does not sell personal data, training data, or integration data to advertisers or data brokers
  • Service providers may process data only as strictly necessary to host, secure, and operate the Nordik Lab application
  • We do not share your Strava, WHOOP, Polar, Tymewear, or SkiSens data with any third party beyond what is required to run the service
  • Nordik Intelligence data is used to provide the assistant experience and is not sold to advertisers or data brokers

Retention

Nordik Lab retains synced data for as long as needed to operate your athlete record, support coaching workflows, comply with legal obligations, and resolve security or support issues. You may request deletion of your account and associated data at any time.

When you disconnect a provider (e.g., Strava, WHOOP), Nordik Lab stops pulling new data from that provider. Previously synced records remain unless you request account deletion.

Third-party integrations

When you connect a third-party service, Nordik Lab receives only the data scopes you authorize. Each provider governs their own data practices:

Strava

Workout activity data including GPS, heart rate, power, and metadata. Governed by Strava's Privacy Policy.

WHOOP

Recovery, sleep, HRV, resting heart rate, and strain. Governed by WHOOP's Privacy Policy.

Polar Flow

Workout summaries and heart rate data. Governed by Polar's Privacy Policy.

Tymewear

Breathing and ventilation data imported via .fit file. Governed by Tymewear's data practices.

SkiSens

Ski power and cadence data imported via .fit file. Governed by SkiSens' data practices.

COROS / Garmin / Suunto / Others

Workout data imported via .fit file upload. No direct provider connection — data is processed locally on import.

Your choices

  • Disconnect any integration at any time from the Settings page — Nordik Lab will stop pulling new data from that provider
  • Request export or deletion of your Nordik Lab account data by contacting support
  • Revoke OAuth access directly from each provider's account settings (Strava, WHOOP, Polar) to prevent any further data sharing
  • Athletes in the EU may exercise rights under GDPR including access, rectification, erasure, and portability — contact support for requests

Security

Nordik Lab uses industry-standard practices to protect your data including encrypted connections (HTTPS/TLS), secure credential storage, and access controls that limit data visibility to authenticated users with appropriate permissions. OAuth tokens for connected providers are stored encrypted and are never exposed in client-side code.

Contact

For privacy questions, data export requests, or account deletion, use the support contact provided by your Nordik Lab deployment, team, or coach organization. If you are reviewing this application as part of an integration partner review (e.g., Strava API review, WHOOP partner review), this page reflects the data practices for all supported integrations.