01 Overview
This Privacy Policy applies to all web tools and applications available at tommyroldan.com and its sub-paths (collectively, "the Tools"). These tools are built and maintained by Tommy Roldan as personal software projects.
Some tools connect to third-party fitness platforms — specifically Strava and Garmin — via their official APIs. This policy explains exactly what data is accessed, how it is used, and how you can revoke access at any time.
02 Strava API — Data Access & Usage
These tools use the official Strava API and comply with the Strava API Agreement. This application is not endorsed or certified by Strava.
When you connect your Strava account to a Tool, we request access to the following data:
- Your Strava athlete profile (name, profile photo, location)
- Your activity data (rides, runs, and other recorded activities)
- Segment effort data (times and rankings on Strava segments)
- Your OAuth access token (used to authenticate requests on your behalf)
What we do with this data:
- Display your segment efforts, rankings, and progress within the Tool
- Generate shareable summary images based on your own data
- Compare your efforts to leaderboard positions as returned by the Strava API
What we never do:
- Sell, share, or transfer your Strava data to any third party
- Store your raw Strava data beyond the active session
- Access data from other athletes without their consent
- Use your data to train machine learning models
- Display or publish your data without your explicit action
Revoking Strava access: You can disconnect these tools from your Strava account at any time by visiting Strava Settings → My Apps and revoking access. Upon revocation, your OAuth token is invalidated and no further data can be retrieved.
03 Garmin API — Data Access & Usage
These tools use the official Garmin Health API or Connect IQ platform where applicable, and comply with Garmin's API Terms of Service. This application is not endorsed or certified by Garmin.
When you connect your Garmin account to a Tool, we may access:
- Activity summaries (distance, duration, heart rate, elevation)
- Fitness metrics (VO2 max estimates, training load, sleep data where permitted)
- Your Garmin user profile (display name, preferences)
- OAuth credentials used to authenticate API requests on your behalf
How Garmin data is used:
- To display your personal fitness trends and summaries within the Tool
- To generate personal reports or shareable cards based on your own data
- Data is processed in real time and not persistently stored on our servers
What we never do:
- Share or sell your Garmin health data to advertisers or data brokers
- Retain raw Garmin health data beyond your active session
- Use your health data for any purpose other than displaying it to you
- Combine your Garmin health data with third-party data sets
Revoking Garmin access: You can disconnect these tools at any time through your Garmin Connect account settings under Connected Apps. Upon revocation, all OAuth tokens are invalidated.
04 Account Data (Self-Hosted Tools)
Some tools (such as KOM Memorial) require you to create a personal account using an email address and password. The following applies:
- Passwords are hashed using bcrypt and never stored in plain text
- Your email is used solely for account authentication — never for marketing
- Manually entered data (segment names, dates, notes, obituaries) is stored only to power your personal dashboard
- Generated memorial images are stored on the server solely for your download
- No account data is shared with any third party
To request deletion of your account and all associated data, contact troldan92@gmail.com.
05 Analytics & Cookies
This website uses Google Analytics (UA-107761621-1) to collect anonymised usage statistics — pages visited, session duration, and general geographic region. No personally identifiable information is collected through analytics.
- Analytics data is aggregated and never tied to your individual identity
- Google Analytics may set cookies in your browser to track sessions
- You can opt out via the Google Analytics Opt-out Browser Add-on
No advertising cookies, tracking pixels, or third-party marketing scripts are used on this website beyond Google Analytics.
06 Data Storage & Security
- API tokens from Strava and Garmin are stored only for the duration of your session and discarded when you disconnect or your session expires
- Account data for self-hosted tools is stored on a private server and is not accessible to the public
- All data transmission between your browser and our servers uses HTTPS encryption
- We do not operate any advertising networks or data marketplaces
These are personal hobby tools, not commercial products. While reasonable security practices are followed, they should not be used to store sensitive personal or medical information.
07 Your Rights
You have the right to:
- Access — request a copy of any personal data held about you
- Correction — request correction of inaccurate data
- Deletion — request deletion of your account and all associated data
- Revocation — disconnect Strava or Garmin access at any time via their respective platforms
- Portability — request an export of your data in a readable format
To exercise any of these rights, contact troldan92@gmail.com. Requests will be responded to within 30 days.
08 Third-Party Services
These tools interact with the following external services. Each has its own privacy policy:
We are not responsible for the privacy practices of these third-party services. Use of those services is governed by their respective terms and policies.
09 Changes to This Policy
This policy may be updated as new tools are added or as third-party API requirements change. The "Last updated" date at the top of this page will reflect any revisions. Continued use of the Tools after a policy update constitutes acceptance of the revised policy.
10 Contact
Questions, concerns, or data requests can be directed to:
Tommy Roldan
troldan92@gmail.com
Miami, Florida, USA