Effective: January 20, 2026 · Last updated: January 20, 2026

Evolv Privacy Policy

This Privacy Policy explains how Evolv (“Evolv”, “we”, “us”, “our”) collects, uses, discloses, and safeguards information when you use the evolv.training website, mobile application, and related services (collectively, the “Service”).

By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Who We Are (Data Controller)

Data Controller: DeployDocus LLC (operator of the Evolv product)

Address: 30 N Gould St Ste N, Sheridan, Wyoming 82801-6317, United States

Contact: j.zovinec@evolv.training

Phone: +421 915 859 604

EU & Switzerland Representative (contact point): jakub@evolv.training

(If an address is legally required for the representative, it will be provided before public launch or upon request.)

2. Scope

This Privacy Policy applies to information collected through:

• the evolv.training website and web app,
• the Evolv mobile app,
• connected device and platform integrations (as described below),
• support communications.

3. Information We Collect

3.1 Information you provide

We may collect information you provide directly, such as:

• Account data: name, email address, username/password (or SSO identifiers), and contact details.
• Profile data: date of birth, age, sex/gender, location (if provided), preferences, and optional profile details.
• User content: comments, notes, feedback, messages to support, and other text you enter into the Service.
• Health context you enter: injury/illness notes, medical conditions, medications, and similar information you choose to provide.

3.2 Health & fitness data (special category / sensitive data)

Because Evolv provides personalized endurance training guidance, we process health and fitness data, which may be treated as “data concerning health” under certain data protection laws.

This may include:

• Workout/activity data: distance, duration, pace/speed, elevation, splits, cadence, power (cycling), and other activity metrics.
• Physiological data: heart rate and heart rate-related metrics (including HRV where available), sleep summaries (where available).
• Training feedback: perceived exertion (RPE), soreness/fatigue indicators, and notes related to training readiness.

3.3 Data from connected services (integrations)

If you connect a third-party service, we process data you authorize us to access:

• Garmin:
  • Read: activities data, heart rate, sleep (where available).
  • Write: structured training sessions/workouts to sync to your device/platform.
• Apple Health / Apple Watch (via Apple Health):
  • Read: activities data, heart rate, sleep (where available).
  • Write: structured training sessions/workouts to sync to your device.
• Strava:
  • Read: activities data.

We also store the authorization tokens/keys necessary to maintain the connection (where applicable), and metadata about connection status.

3.4 Automatically collected information

When you use the Service, we may automatically collect:

• Device and app data: device type/model, OS version, app version, language/time zone.
• Usage data: features used, interactions, session length, and basic diagnostic logs.
• Network data: IP address and related security signals.

3.5 Cookies and similar technologies (website/web app)

We use cookies and similar technologies to:

• keep you signed in and maintain session security,
• remember preferences,
• operate and improve the website and web app,
• measure and analyze usage where enabled.

Where required, we present cookie choices through a banner or preference controls. You can also manage cookies through your browser settings (note that disabling some cookies may affect functionality).

4. How We Use Your Information

We use information we collect to:

• Provide the Service: create accounts, authenticate users, deliver training plans, and display your training history.
• Personalize training: generate and adjust plans and recommendations based on your data and preferences.
• Sync with connected services: import completed activities and export structured workouts to supported platforms.
• Operate and improve: debug, secure, and improve the Service and user experience.
• Communicate: send service messages (e.g., account, security, and important operational updates) and respond to support.
• Safety & integrity: detect misuse, fraud, or security incidents and enforce our policies.
• Legal compliance: comply with applicable legal obligations and protect our rights.

5. Legal Bases for Processing (Switzerland & EU/EEA)

Depending on your location and the context, we rely on one or more of the following bases:

• Contract / service delivery: processing is necessary to provide the Service you request (e.g., account, training plan delivery, syncing).
• Consent: for certain optional features and for processing health-related data where required.
• Legitimate interests: to secure, operate, and improve the Service, prevent abuse, and maintain reliability (balanced against your rights).
• Legal obligation: where we must comply with laws, lawful requests, or defend legal claims.

Explicit consent for health data

Where required, we process health and fitness data based on your explicit consent, provided during sign-up (e.g., by checking a consent box). You may withdraw consent at any time (see Section 9). If you withdraw consent, we may be unable to provide personalized training features and may need to disable certain functionality that depends on health data.

6. AI Providers (Training Plan Generation)

We use third-party AI providers (currently OpenAI and Google (Gemini)) to help generate training plans and coaching content.

• We do not send direct identifiers (such as your name, email address, or user ID) to these AI providers.
• We may send training context and metrics (e.g., workout summaries, heart rate, sleep summaries, injury notes, preferences) that are necessary to generate outputs.
• We store generated outputs within Evolv as part of your training plan/history.
• Where available, we enable provider settings intended to prevent our content from being used to train their general models.

7. How We Share Information

We do not sell your personal information.

We may share information with:

• Service providers who process data on our behalf to operate the Service (e.g., hosting and infrastructure).
• Connected platforms you authorize (Garmin, Apple Health, Strava) for importing/exporting workouts and activity history.
• AI providers used for plan generation, as described in Section 6.
• Legal/Compliance: where required by law, court order, or to protect rights, safety, and security.
• Business transfers: if we undergo a merger, acquisition, or sale of assets (we will take steps to protect your data).

8. Where We Store and Process Data (Data Residency & Transfers)

Primary storage and processing occurs in AWS eu-north-1 (European Union).

Because the Data Controller is based in the United States and some vendors may operate globally, your data may be accessed or processed outside Switzerland/EU/EEA in limited cases (for example, operational support). Where cross-border transfers occur, we apply appropriate safeguards as required by applicable law (such as contractual protections).

9. Data Retention

We retain personal data for as long as necessary to provide the Service to you and for legitimate business purposes.

• Active accounts: we retain your account, training plans, and training history while your account remains active.
• Deletion requests: when you request account deletion, we delete or anonymize your personal data within a reasonable timeframe, subject to legal obligations and the technical limits of backups and security logs.

10. Security

We use appropriate technical and organizational measures to protect your information, including encryption in transit and access controls. Only authorized administrators can access production user data for legitimate operational needs.

No system is perfectly secure. You use the Service at your own risk.

11. Your Rights and Choices

Depending on your location, you may have rights to:

• access your personal data,
• correct inaccurate data,
• delete your data,
• restrict or object to certain processing,
• request portability,
• withdraw consent (where processing is based on consent),
• lodge a complaint with a supervisory authority.

How to exercise your rights

Email support@evolv.training from the email address associated with your account. We respond within 30 days, subject to lawful extensions where applicable. We may ask for additional verification if needed.

12. Children / Minimum Age

Evolv is not intended for individuals under 16. We do not knowingly collect personal data from children under 16. If we learn we have collected such data, we will delete it.

13. Third-Party Services

The Service may link to or integrate with third-party services. Those services have their own privacy practices and policies. We are not responsible for third-party privacy practices.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version with a revised “Last Updated” date. If changes are material, we will provide notice where required by applicable law.

15. Contact

For privacy questions, requests, or complaints:

• support@evolv.training (rights requests and support)
• j.zovinec@evolv.training (controller contact)