Privacy Policy

Effective 11 May 2026 · Passus (passus.run)

Passus is a personal training intelligence app — it puts today's session in the context of your past training. It is built for the athlete using it, and the data we collect is the data we need to do that. Nothing more. This page tells you exactly what is collected, what it's used for, and what your options are.

Who runs Passus

Passus is operated by Yoram Hetz, an individual developer based in Israel. Contact for any privacy question: hetz.yoram@gmail.com.

What we collect

• Your email address — used to sign you in via a 6-digit code and to send you operational emails (e.g. when a long-running analysis completes). Stored verbatim.
• Your training data — when you connect Garmin or Strava, we ingest your activities (date, sport, duration, distance, GPS trace, heart rate, intervals, splits, etc.). We do not collect activities you have not chosen to sync.
• Authentication tokens — OAuth tokens for the services you connect (Garmin, Strava). On the Passus production deployment, these are encrypted at rest with Fernet (AES-128 + HMAC) so the database alone is not enough to access your accounts.
• Session tokens — issued after you sign in. Stored as a SHA-256 hash; the plaintext only ever lives on your device.
• Audit log — a record of significant actions you take (signing in, syncing, attaching Garmin, running analysis). Used so you can see what the system did on your behalf, and so we can debug if something goes wrong.

What we do NOT collect

• No advertising identifiers. No tracking pixels. No third-party analytics.
• No browsing or app-usage telemetry beyond the audit log entries listed above.
• No data from any service you have not explicitly connected.

How we use it

• Your data is shown to you. That is the product. Your training history, comparisons, trends.
• Light social, opt-in. If you claim a public profile and follow someone, your activities (and theirs) appear in each other's feeds. You can stop using these features at any time; the rest of the product still works.
• Operational emails. Sign-in codes and analysis-complete notifications. No marketing.

Third parties we share data with

Passus runs on a small number of services. Each one only sees the data it needs to do its job.

• Garmin — when you connect a Garmin account, we read your activities from Garmin's API. Passus does not send data to Garmin.
• Strava — same, optional, only if you connect Strava.
• Resend (privacy) — sends transactional emails (sign-in codes, completion notifications). Receives your email address and the message body.
• Railway (privacy) — hosts the Passus backend and database. Servers are located in the United States.
• Apple / Google — if you install Passus from the App Store or Play Store, the store operator collects whatever information their terms describe. Passus itself does not receive your store identity.

We do not sell or rent your data. We do not share it with advertisers, data brokers, or partners.

How long we keep it

Until you delete your account. From within the app, the "Delete account" action wipes your training data, your tokens, your profile, your follow graph, and the user row itself. The audit log entries that were tied to your user_id are preserved with the foreign key set to null and your email masked (y****@example.com), so we can still debug system-level issues without tying actions back to you. If you want a hard delete of the audit entries too, email hetz.yoram@gmail.com and we will do it manually.

Sign-in codes expire after 10 minutes. Session tokens expire after 30 days of inactivity.

Your rights

• Access — every screen in Passus shows your own data. The "Activity log" in the Account modal lists what the system did on your behalf. Email us if you want a machine-readable export.
• Correction — Passus does not let you edit synced activities (data integrity is a core principle); if a Garmin record is wrong, correct it in Garmin and re-sync. Email us if you have a different concern.
• Deletion — use "Delete account" in the app, or email us.
• Disconnect a service — you can unlink Garmin or Strava without deleting your Passus account; we revoke and discard the tokens immediately.

Security

• All traffic is over HTTPS with TLS certificates from Let's Encrypt.
• Sign-in codes and session tokens are stored as SHA-256 hashes; we never see your plaintext code or session token.
• OAuth tokens for connected services are encrypted at rest with Fernet (AES-128 + HMAC) on the production deployment.
• If you believe an account has been compromised, email hetz.yoram@gmail.com and we will revoke all sessions for that account immediately.

Children

Passus is not directed at children under 13 and we do not knowingly collect data from them. If you believe a child has signed up, email us and we will delete the account.

International data transfers

Passus's servers are hosted in the United States (Railway). If you use Passus from elsewhere — including the EU, the UK, or any other jurisdiction — your data will be transferred to and processed in the US.

Changes to this policy

We will update this page when our practices change. The effective date at the top reflects the most recent change. For material changes (new third parties, broader data use), we will send a notice to your account email before the change takes effect.

Questions

Anything unclear, anything you want changed, anything that surprises you — email hetz.yoram@gmail.com. There's a real person at that address.