Privacy Policy
Last updated: March 12, 2026
1. Introduction
Arnold ("we", "us", "our") is an AI-powered personal training service delivered via Telegram. This Privacy Policy explains what data we collect, how we use it, and your rights as a user.
We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Finnish law.
Data controller:
Huovivo Oy
Pitkänkalliontie, 02170 Espoo, Finland
info@huovinen.me
2. What Data We Collect
2.1 Data You Provide
- Telegram user ID and username (to identify your account)
- Health and fitness goals, preferences, and information you share in conversation
- Workout logs submitted via text or voice
2.2 Data from Connected Services
We integrate with the following third-party services when you explicitly connect them:
Oura Ring (via Oura API)
Sleep duration, sleep stages, sleep score, heart rate variability (HRV), resting heart rate, readiness score, activity data.
Strava (via Strava API)
Activities (type, duration, distance, pace, heart rate), training load metrics.
Garmin (via Garmin Connect)
Activity data, body battery, stress score, sleep and HRV data.
We only request read-only access. We do not modify or write data back to any connected service.
3. How We Use Your Data
We use your data solely to provide the Arnold service:
- Generating your personalized daily training plan
- Delivering your morning readiness brief
- Tracking your training load and recovery over time
- Providing coaching responses in Telegram
We do not:
- Sell your data to third parties
- Use your data for advertising
- Share your data with any party except as required to operate the service
4. AI Processing
Arnold uses large language models (currently Anthropic Claude) to generate coaching responses. Your health data and conversation history are sent to Anthropic's API for this purpose. Anthropic processes this data as a data processor under our instruction.
We do not use your data to train AI models.
5. Data Retention
- Conversation history: Retained for up to 90 days
- Health data from integrations: 30-day rolling window
- Account data: Deleted within 30 days of account closure
6. Data Security
Your data is stored on secured infrastructure. API tokens and credentials are stored encrypted. We apply reasonable technical and organizational measures to protect your personal data.
7. Your Rights (GDPR)
As an EU resident, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion ("right to be forgotten")
- Restriction — limit how we process your data
- Portability — receive your data in machine-readable format
- Objection — object to processing
- Withdraw consent — disconnect any service at any time
To exercise any right, contact: info@huovinen.me. We respond within 30 days.
8. Third-Party Services
- Oura: ouraring.com/privacy-policy
- Strava: strava.com/legal/privacy
- Garmin: garmin.com privacy policy
- Anthropic: anthropic.com/privacy
- Telegram: telegram.org/privacy
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you via Telegram when material changes are made.
10. Contact
Huovivo Oy
Email: info@huovinen.me
Pitkänkalliontie, 02170 Espoo, Finland
You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman: tietosuoja.fi