Back

Privacy Policy for Caiden

Last Updated: October 14, 2025

Thank you for using Caiden ("we," "us," or "our"). This Privacy Policy outlines how we collect, use, and protect your information when you use our website and services (the "Service").

By accessing or using Caiden, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Training Data
We collect your training activity data only after you connect your account via OAuth (currently Strava, with more integrations coming soon). This includes activity summaries, statistics, and profile information from the last 12 months. We do not collect your account passwords or store your credentials permanently.

1.2 Session Data
We temporarily cache your activity data in server-side sessions for the duration of your chat session (maximum 30 minutes) to enable analysis. This session data includes a summary of your activities and is automatically deleted after the session expires.

1.3 Non-Personal Data
We may use cookies and similar technologies to collect non-personal information such as browser type, device information, and usage patterns to improve your experience.

2. How We Use Your Data

2.1 No Permanent Storage
We do NOT permanently store your training activity data on our servers. Your data is only cached temporarily in session files during active use and is automatically deleted after 30 minutes of inactivity.

2.2 Data Processing
Your training data is processed to generate AI-powered insights and analysis. We create aggregated summaries of your activities (total distance, activity counts, recent activities) that are provided to AI services for analysis.

2.3 Privacy-First AI Usage
We do NOT send your raw activity data to AI services. Instead, we send only high-level summaries and aggregated statistics. For detailed analysis requiring code execution, we use isolated sandboxes where your data is processed securely and deleted immediately after analysis.

2.4 Chat Logs
We store logs of chat conversations (including your questions and AI responses) for a limited period to help us improve the performance and quality of our service and to prevent malicious behavior. These chat logs do NOT include your underlying training activity data - only the conversation history and any insights or summaries generated during your chat sessions. Chat logs are retained for a reasonable period and are protected with appropriate security measures.

2.5 Access Tokens
OAuth access tokens and refresh tokens are stored in your browser's localStorage. We temporarily store and use these tokens server-side to fetch your activities, but they are not permanently stored in our databases.

3. Data Sharing

We do not sell, rent, or share your personal data with third parties, except as follows:

3.1 AI Service Providers
We use OpenAI's GPT models for chat functionality and E2B Code Interpreter for data analysis. Only aggregated summaries and statistics are shared with these services - never your raw activity data.

3.2 No Marketing or Third-Party Sharing
We do not share your data with advertisers, marketers, or other third parties. Your data is used solely to provide the analysis and chat features of Caiden.

4. Data Security

4.1 Temporary Storage
All session data is stored in temporary files with unique session IDs. These files are automatically deleted after 30 minutes of inactivity.

4.2 Data Storage
We do not maintain databases of your training activity data. Once your session expires or you disconnect your account, all cached activity data is permanently deleted from our servers. Chat conversation logs are stored separately for service improvement and security purposes, as described in section 2.4.

4.3 Browser Storage
Your OAuth access tokens are stored only in your browser's localStorage. You can disconnect your account at any time, which will remove all locally stored tokens and clear server-side session data.

5. Your Rights and Control

5.1 Data Access
Since we don't permanently store your data, there is no persistent record of your activities on our servers beyond active sessions.

5.2 Data Deletion
You can disconnect your account at any time through the chat interface, which will:
- Remove all access tokens from your browser
- Delete all server-side session data
- Revoke Caiden's access to your connected accounts

5.3 Demo Mode
You can use Caiden in demo mode without connecting your account to explore the service with sample data.

6. Children's Privacy
Caiden is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact us at the email below.

7. Updates to the Privacy Policy
We may update this Privacy Policy from time to time. Updates will be posted on this page with a new "Last Updated" date. Please review periodically for changes.

8. Contact Information
If you have questions or concerns about this Privacy Policy or how we handle your data, contact us via the feedback button within the chat interface.

---

Caiden is not affiliated with or endorsed by Strava, Inc. or any other third-party service providers.