SubThreshold

Privacy Policy

Effective Date: January 07, 2026

Last Updated: January 07, 2026

Version: 1.0

View Terms of Service →

Table of Contents

  1. 1. Information We Collect
  2. 2. How We Use Your Information
  3. 3. Information Sharing
  4. 4. Data Storage & Security
  5. 5. Your Rights
  6. 6. Cookies & Tracking
  7. 7. Third-Party Services
  8. 8. Children's Privacy
  9. 9. International Users & Compliance
  10. 10. Changes to This Policy
  11. 11. Contact Us

SubThreshold (“we,” “us,” or “our”) operates the SubThreshold web application (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

SubThreshold is operated from Australia and complies with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), as well as GDPR and CCPA requirements for international users.

By using SubThreshold, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our Service.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Email address, name, and password (encrypted)
  • Training Data: VDOT scores, Critical Power values, race results, training preferences
  • Workout Data: Training plans, calendar workouts, workout history
  • Profile Information: Optional data like weekly mileage preferences, training days

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent, device type
  • Technical Data: IP address, browser type, operating system
  • Cookies: Authentication cookies, session data, analytics cookies

1.3 Information from Third Parties

  • Intervals.icu: Connection status, athlete ID (when you connect your account)
  • OAuth Providers: Email and name if you sign in with Google/Apple

2. How We Use Your Information

We use your information to:

  • Generate personalized Norwegian Singles Method (NSM) training plans
  • Calculate pace and power zones based on your fitness level
  • Manage your training calendar and workout scheduling
  • Sync workouts to Intervals.icu when you request it
  • Provide customer support and respond to your requests
  • Improve our Service and develop new features
  • Send service-related emails (account notifications, updates)
  • Display relevant advertisements (via Google AdSense)
  • Analyze usage patterns to improve user experience
  • Prevent fraud and ensure platform security

We will never: Send unsolicited marketing emails, sell your data to third parties, or use your training data for purposes other than providing the Service.

3. Information Sharing

We share your information only in these limited circumstances:

3.1 With Your Consent

  • Intervals.icu: When you connect your account and push workouts, we send workout data to Intervals.icu. We only send data you explicitly choose to push.

3.2 Service Providers

  • Vercel: Hosting infrastructure (United States), receives technical logs and performance data
  • Supabase: Database hosting (may be in United States or Australia depending on region), stores your encrypted data
  • Google AdSense: Advertising service (United States), receives anonymized ad interaction data

3.3 Legal Requirements

We may disclose your information if required by Australian law or if we believe disclosure is necessary to:

  • Comply with legal obligations or valid legal requests
  • Protect our rights, property, or safety
  • Prevent fraud or abuse of the Service

3.4 Business Transfers

If SubThreshold is acquired or merged with another company, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

4. Data Storage & Security

4.1 How We Protect Your Data

  • Encryption in Transit: All data transmitted using HTTPS/TLS
  • Encryption at Rest: Passwords hashed with bcrypt, OAuth tokens encrypted with AES-256-GCM
  • Database Security: PostgreSQL database with access controls and regular backups
  • Access Controls: Limited access to user data
  • Regular Updates: Security patches applied promptly

4.2 Data Retention

  • We retain your data while your account is active
  • You can delete your account at any time via Settings
  • Upon account deletion, all personal data is deleted within 30 days
  • Some anonymized usage data may be retained for analytics
  • Backups are deleted according to our backup retention policy (90 days)

4.3 Data Location

Your data is stored and processed in:

  • Australia: SubThreshold operations, Supabase database hosted in Sydney
  • United States: Vercel hosting infrastructure for application delivery

For Australian users: Your personal data (account information, training data, workout history) is stored within Australia at Supabase's Sydney data center. Only application delivery infrastructure (static assets, API routing) uses US-based servers through Vercel.

By using SubThreshold, you consent to this processing. We take reasonable steps to ensure that any overseas recipients of your personal information comply with the Australian Privacy Principles.

5. Your Rights

You have the following rights regarding your personal data:

5.1 Access & Portability

  • Access: Request a copy of your personal data
  • Export: Download your training data in JSON format

5.2 Correction & Deletion

  • Update: Correct inaccurate data via Settings
  • Delete: Delete your account and all associated data

5.3 Opt-Out Rights

  • Analytics: Opt out of usage analytics (coming soon)
  • Emails: Unsubscribe from non-essential emails

5.4 Australian Privacy Rights

Under the Australian Privacy Principles (APPs), you have the right to:

  • Know what personal information we hold about you
  • Access your personal information
  • Correct inaccurate or out-of-date information
  • Request deletion of your personal information
  • Make a complaint about how we handle your personal information

If you have concerns about how we handle your personal information, you can contact the Office of the Australian Information Commissioner (OAIC) at: www.oaic.gov.au

5.5 GDPR Rights (EU Users)

If you are in the European Union, you have additional rights under GDPR:

  • Right to restriction of processing
  • Right to object to processing
  • Right to lodge a complaint with a supervisory authority
  • Right to data portability

5.6 CCPA Rights (California Users)

If you are a California resident, you have rights under CCPA:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of sale of personal information
  • Right to non-discrimination for exercising CCPA rights

Note: We do not sell personal information.

5.7 Exercising Your Rights

To exercise any of these rights, use the Feedback form on SubThreshold.net

We will respond to your request within 30 days.

6. Cookies & Tracking

6.1 Required Cookies

  • Authentication: Keep you logged in (essential)
  • Session Management: Maintain your session state (essential)

6.2 Optional Cookies

  • Analytics: Understand how you use the Service (can opt-out)
  • Advertising: Google AdSense cookies for ad serving

6.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling required cookies will prevent you from using SubThreshold.

7. Third-Party Services

SubThreshold integrates with the following third-party services:

7.1 Intervals.icu

  • Purpose: Sync workouts to your calendar
  • Data Shared: Only workouts you choose to push

7.2 Vercel

7.3 Supabase

These third-party services have their own privacy policies. We are not responsible for their privacy practices.

8. Children's Privacy

SubThreshold is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you are between 13 and 18 years old, you must have parental consent to use SubThreshold.

If we learn that we have collected personal information from a child under 13 without parental consent, we will delete that information immediately. If you believe we have collected information from a child under 13, please contact us via our feedback form.

9. International Users & Compliance

9.1 Australian Operations

SubThreshold is operated from Australia. If you are located outside Australia, please be aware that information we collect will be transferred to and processed in Australia.

Additionally, we use service providers located in the United States (Vercel for hosting, Supabase for database depending on region). Your data may be transferred to and processed in these locations.

By using SubThreshold, you consent to the transfer of your information to Australia and the United States (where applicable), and the processing of that information as described in this Privacy Policy.

9.2 Australian Privacy Principles (APPs)

SubThreshold complies with the Australian Privacy Principles under the Privacy Act 1988 (Cth). This includes:

  • APP 1: Open and transparent management of personal information
  • APP 3: Collection of solicited personal information
  • APP 5: Notification of collection of personal information
  • APP 6: Use or disclosure of personal information
  • APP 8: Cross-border disclosure of personal information
  • APP 11: Security of personal information
  • APP 12: Access to personal information
  • APP 13: Correction of personal information

We take reasonable steps to ensure that any overseas recipients of your personal information comply with the Australian Privacy Principles.

For more information about the Australian Privacy Principles, visit: OAIC - Australian Privacy Principles

9.3 GDPR Compliance (EU Users)

For users in the European Union, we comply with GDPR requirements including:

  • Lawful basis for processing (consent, legitimate interest)
  • Rights to access, rectification, erasure, and data portability
  • Right to object to processing and restrict processing
  • Data protection by design and by default

9.4 CCPA Compliance (California Users)

For users in California, we comply with CCPA requirements including:

  • Right to know what personal information is collected and how it is used
  • Right to delete personal information
  • Right to opt-out of sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising CCPA rights

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

  • Update the “Last Updated” date at the top of this policy
  • Notify you via email (to your registered email address)
  • Display a notice on the dashboard for 30 days

Your continued use of SubThreshold after changes become effective constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you must stop using the Service and delete your account.

Material changes will be communicated at least 30 days before they take effect.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Contact: Feedback Form

Location: Australia

Response Time: We will respond within 30 days

11.1 Complaints

If you have a complaint about how we have handled your personal information, please contact us first via our feedback form. We will investigate and respond within 30 days.

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner:

OAIC Website: www.oaic.gov.au

Phone: 1300 363 992

Email: enquiries@oaic.gov.au

View Terms of Service →Return to SubThreshold