ClimbPlan

Privacy Policy

Effective date: February 21, 2026

ClimbPlan ("we," "us," or "our") operates the ClimbPlan application and website at climbplan.app (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using ClimbPlan, you consent to the data practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, and password (hashed). If you sign in using Google OAuth, we receive your name, email address, and profile picture from Google. We do not receive or store your Google password.

1.2 Fitness Profile Data

During onboarding and throughout your use of the Service, you may provide information about your climbing experience level, current grades, training goals, weekly availability and schedule preferences, injury history and physical limitations, and training session logs and progress data. This information is used to generate and refine your personalized training plans.

1.3 Payment Information

When you subscribe to a paid plan, your payment information (credit card number, billing address) is collected and processed directly by Stripe, our payment processor. We do not store your full credit card number on our servers. We receive and store a Stripe customer ID, subscription status, and transaction history from Stripe.

1.4 Usage Data

We automatically collect certain information when you access the Service, including your IP address, browser type and version, device type, pages visited and features used, timestamps of interactions, and referring URLs. This data is collected through server logs and is used to maintain and improve the Service.

1.5 Communications

If you contact us via email or through the Service, we collect and retain the content of your messages along with your email address and any information you voluntarily provide.

2. How We Use Your Information

We use the information we collect to:

  • Create and manage your account
  • Generate personalized AI-powered climbing training plans based on your fitness profile
  • Process subscription payments and manage billing
  • Send transactional emails including account verification, password resets, subscription confirmations, and service updates
  • Track your training progress and adapt plans accordingly
  • Enforce rate limits and prevent abuse of the Service
  • Monitor and improve the performance, security, and reliability of the Service
  • Respond to your support inquiries and requests
  • Comply with legal obligations

We do not sell your personal information. We do not use your data for advertising or ad targeting. We do not use your personal fitness data to train or fine-tune AI models.

3. Third-Party Services

We share your data with the following third-party service providers, each of which operates under its own privacy policy and applicable data processing agreements:

3.1 Anthropic (AI Plan Generation)

Your fitness profile data (experience level, goals, schedule, injury history) is sent to Anthropic's Claude API to generate your training plans. Anthropic processes this data according to their usage policies. We do not send your name, email, or payment information to Anthropic.

3.2 Stripe (Payment Processing)

Your payment information, billing address, email, and name are shared with Stripe to process subscription payments. Stripe is a PCI-DSS Level 1 certified payment processor. For more information, see Stripe's privacy policy at stripe.com/privacy.

3.3 Resend (Email Delivery)

Your email address and name are shared with Resend to deliver transactional emails (account verification, password resets, subscription receipts, and service notifications). Emails are sent from the updates.climbplan.app domain.

3.4 Neon (Database Hosting)

All account data, fitness profiles, training plans, and usage data are stored in a PostgreSQL database hosted by Neon. Data is encrypted at rest and in transit. Neon's infrastructure is hosted in the United States.

3.5 Vercel (Application Hosting)

Our application is hosted on Vercel's platform. Vercel processes your requests and may collect server logs including IP addresses, request URLs, and response codes for infrastructure and performance purposes.

3.6 Upstash (Rate Limiting)

We use Upstash Redis to enforce rate limits and protect the Service from abuse. Upstash receives hashed identifiers (such as hashed IP addresses or user IDs) and request counts. No personal fitness data or account details are stored in Upstash.

3.7 Inngest (Background Jobs)

We use Inngest to process background tasks such as plan generation and email dispatch. Inngest may temporarily process user identifiers and task-related data necessary to complete these operations.

3.8 Google (OAuth Authentication)

If you choose to sign in with Google, we receive your name, email address, and profile picture from Google's OAuth service. We do not receive access to your Google account data beyond what is needed for authentication.

4. Cookies and Similar Technologies

ClimbPlan uses only essential session cookies for authentication and security. These cookies are necessary for the Service to function and cannot be opted out of while using the Service. We do not use tracking cookies, advertising cookies, or analytics cookies. We do not participate in cross-site tracking or behavioral advertising.

If you disable cookies in your browser, you will not be able to log in to ClimbPlan.

5. Data Retention

We retain your account data and fitness profile for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain certain information by law (such as billing records for tax and accounting purposes, which may be retained for up to 7 years). Server logs containing IP addresses and usage data are retained for up to 90 days and then automatically deleted. Stripe retains payment records independently in accordance with their data retention policies and applicable financial regulations.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request that we correct inaccurate or incomplete data
  • Deletion: Request that we delete your account and personal data
  • Export: Request a portable copy of your data in a machine-readable format
  • Restriction: Request that we limit our processing of your data
  • Objection: Object to our processing of your data in certain circumstances

To exercise any of these rights, contact us at hello@climbplan.app. You can also delete your account directly from your account settings within the Service. We will respond to verified requests within 30 days.

7. California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do not sell personal information. We have not sold personal information in the preceding 12 months.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise your CCPA rights, contact us at hello@climbplan.app. We will verify your identity before processing your request.

8. Children's Privacy

ClimbPlan is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). If we learn that we have collected personal information from a child under 13, we will promptly delete that information. If you believe we may have collected information from a child under 13, please contact us immediately at hello@climbplan.app.

Users between the ages of 13 and 18 may use ClimbPlan with the consent and supervision of a parent or legal guardian who agrees to be bound by these terms on their behalf.

9. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security)
  • Passwords are hashed using bcrypt and are never stored in plaintext
  • Database access is restricted and encrypted at rest
  • Payment processing is handled by Stripe, a PCI-DSS Level 1 certified provider
  • Rate limiting is enforced to prevent brute-force attacks and abuse
  • Authentication tokens are stored as secure, HTTP-only cookies

While we strive to protect your personal data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

10. International Users

ClimbPlan is operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, where our servers and databases are located. By using the Service, you consent to this transfer. Data protection laws in the United States may differ from those in your jurisdiction. We take steps to ensure that your data receives an adequate level of protection regardless of where it is processed.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (sent to the address associated with your account) and by posting a prominent notice on the Service at least 15 days before the changes take effect. Your continued use of ClimbPlan after the effective date of a revised policy constitutes your acceptance of the updated terms. We encourage you to review this page periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

ClimbPlan
Email: hello@climbplan.app

We will make every effort to respond to your inquiry within 30 days.