Your privacy matters to us. This policy explains how healthycod.in ("we", "us", "our") collects, uses, and protects your data when you use Zwoop. We are committed to GDPR compliance and transparent data practices.
The data controller responsible for your personal data is:
healthycod.in
Daniel Hartmann
Ettenfeldstrasse 2
8052 Zürich, Switzerland
We collect data from the following sources:
| Source | Data Types |
|---|---|
| Account | Email address, password (hashed), account creation date, terms acceptance timestamp |
| Profile | FTP (Functional Threshold Power), max heart rate, weight |
| Whoop | Recovery score, HRV, resting heart rate, daily strain, workout data |
| Strava | Activities, power data, athlete ID, activity streams for power curve analysis |
| Generated | Workouts, workout-activity matches, compliance analysis, power curves |
We use your data for the following purposes:
We do not: Sell your data, share it with advertisers, use it for targeted advertising, or share it with third parties except as required to provide the service.
We implement industry-standard security measures:
Data is processed and stored in compliance with Swiss data protection standards, which provide strong privacy protections equivalent to GDPR requirements.
Zwoop integrates with the following third-party services via OAuth:
We only request the minimum scopes necessary to provide our service. You can revoke access at any time through your Profile settings in Zwoop, or directly through Whoop/Strava's connected apps settings.
Under GDPR and Swiss data protection law, you have the following rights:
Download all your data via Profile → Account Management → Download My Data
Update your profile information at any time via your Profile settings
Delete your account and all associated data via Profile → Account Management → Delete Account
Export your data in JSON format using the download feature
Disconnect Whoop or Strava integrations at any time via your Profile
Zwoop uses minimal cookies strictly necessary for the service:
| Cookie | Purpose | Duration |
|---|---|---|
| jwt | Authentication token to keep you logged in | 7 days |
| oauth_state | CSRF protection during OAuth flow | 10 minutes |
We do not use: Tracking cookies, analytics cookies, advertising cookies, or any third-party cookies.
Your data is processed in Switzerland, which is recognized by the EU as providing an adequate level of data protection. When interacting with Whoop or Strava APIs, data may be transferred to servers in the United States according to their respective privacy policies.
Zwoop is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
We may update this Privacy Policy from time to time. Material changes will be communicated through the service or via email. The "Last updated" date at the top indicates when changes were last made.
For privacy-related inquiries or to exercise your data rights, contact us at:
If you are in the EU/EEA and believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority.