Privacy Policy

Last updated: April 16, 2026

1. Introduction

Watts is an AI coaching product for endurance athletes, built by Monocraft Labs, a company based in Florianópolis, Brazil. We help cyclists and runners train smarter through three AI coaches (Marco, Lucas, and Ana), workout analysis, training plans, and pacing tools.

This Privacy Policy explains what we collect, why we collect it, and what you can do about it. It applies to anyone who uses Watts, including visitors to our website and active subscribers. Because we are based in Brazil and operate globally, this policy reflects both the Brazilian General Data Protection Law (LGPD) and the European General Data Protection Regulation (GDPR), with additional notes for users in California (CCPA).

2. Information we collect

We only collect what we need to coach you well. That includes:

  • Account information: your name, email address, and authentication credentials.
  • Profile information: age, weight, sex, sport, training history, and goal events.
  • Physiological metrics: FTP, threshold heart rate, training zones, lactate threshold inputs, and similar performance markers.
  • Activities from connected devices: workouts, GPS traces, power, heart rate, cadence, sleep, and recovery signals from Strava, Garmin, and WHOOP.
  • Chat conversations: every message you exchange with the Watts coaches, including any context the coaches save to long-term memory.
  • Subjective inputs: how you felt, RPE ratings, training notes, and life events you choose to share with the coaches (illness, travel, stress, sleep quality).
  • Billing information: handled by our payment processor. We do not store full card numbers on our servers.

3. How we use your information

Your data powers the coach. We use it to:

  • Build and adjust your training plan.
  • Generate post-workout analysis and recommendations.
  • Estimate your metabolic profile, including VO2max and VLaMax via the Mader model, and produce pacing and fueling guidance for your races.
  • Personalize each coach's responses based on your history and stated goals.
  • Operate, secure, and improve the product, including basic product analytics on aggregate usage.
  • Communicate with you about your account, billing, product updates, and support requests.

We do not sell your data. We do not share it with advertisers. We do not build profiles for ad targeting.

4. AI processing and LLM providers

Watts is an AI product, so let us be specific about what that means.

When you chat with Marco, Lucas, or Ana, or when we generate post-workout analysis, your messages and the relevant training context are sent to a large language model for inference. We route this traffic through OpenRouter, and our primary model is Google Gemini 3 Flash. Embeddings used for chat memory are generated through OpenRouter as well, using the intfloat/multilingual-e5-large model.

Two things matter here. First, your content is processed by these providers solely to produce a response for you. Second, we contractually require that your conversations and training data are not used to train third-party foundation models. If we ever change LLM providers or routing, we will update this policy.

5. Third-party integrations

Watts connects to Strava, Garmin, and WHOOP through OAuth. When you connect a device account, those platforms hand us a token that lets us pull your activities and recovery data on your behalf. We store that token securely so we can keep syncing without asking you to log in again. You can revoke any integration at any time from your settings, and we will stop syncing immediately.

Our database and authentication run on Supabase (Postgres), which acts as our hosting and infrastructure provider. Supabase processes your data on our behalf under standard data processing terms.

6. Data retention and memory

We keep your data for as long as your account is active so the coaches can remember your history and keep adapting your plan. Chat memory is consolidated weekly: a background job prunes duplicates and reconciles contradictions so the coaches stay coherent over time.

If you ask us to delete your account, we delete your personal data, training history, chat transcripts, and coach memories. Backups roll off on a routine schedule. You can also export your data at any time so you walk away with everything you put in.

7. Your rights

You own your data. Depending on where you live, you have specific rights you can exercise at any time by emailing [email protected].

  • Access: request a copy of the personal data we hold about you.
  • Export and portability: receive your data in a structured, machine-readable format.
  • Correction: ask us to fix anything that is wrong or out of date.
  • Deletion: ask us to remove your data and close your account.
  • Objection and restriction: limit certain types of processing.
  • Withdraw consent: revoke any consent you previously gave.

For Brazilian users, these rights are guaranteed under article 18 of the LGPD (Lei Geral de Proteção de Dados). For users in the European Economic Area and the United Kingdom, the GDPR provides equivalent rights, including the right to lodge a complaint with your local supervisory authority. For California residents, the CCPA grants the right to know, the right to delete, and the right to opt out of the sale of personal information; we do not sell personal information.

8. Data transfers

Watts is built and operated from Brazil, but our infrastructure providers (including Supabase and OpenRouter) may process your data on servers located outside Brazil, including in the United States and Europe. When that happens, we rely on standard contractual safeguards to keep your data protected to a level consistent with the LGPD and the GDPR.

9. Children's privacy

Watts is not directed at people under the age of 16. We do not knowingly collect personal data from children. If you believe a child has created an account, please contact us at [email protected] and we will remove the account and the associated data.

10. Security

We protect your data with encryption in transit (TLS) and at rest, scoped database access controls, row-level security on user data, and strict secrets management for API keys and OAuth tokens. Only a small number of authorized engineers have production access, and that access is auditable. No system is perfectly secure, but we treat security as a core part of the product.

11. Cookies and analytics

We use first-party cookies and local storage strictly to keep you signed in and to remember your in-app preferences. We do not load third-party advertising trackers, and we do not share analytics data with ad networks. Any product analytics we run is aggregate and used to improve the product, not to profile you.

12. Changes to this policy

We will update this policy when our practices change or when the law requires it. When we make material changes, we will notify you by email or through an in-app notice before the changes take effect. The date at the top of this page always reflects the most recent revision.

13. Contact

Questions, requests, or concerns about your data should go to [email protected]. For LGPD inquiries or to reach our data protection point of contact, please write to the same address and mention "LGPD" or "DPO" in the subject line. Our company of record is Monocraft Labs, based in Florianópolis, Santa Catarina, Brazil.