← Chiron

Privacy Policy

Effective date: March 18, 2026

1. Overview

Chiron (“we,” “us,” or “our”) is a personal performance system that aggregates health, training, sleep, and biometric data to provide AI-powered coaching. This Privacy Policy explains what data we collect, how we use it, and your rights with respect to it.

By using Chiron at https://chiron.life, you agree to the practices described here.

2. Data We Collect

We collect data in two ways:

2.1 Data you provide directly

  • Account credentials (name, email, password hash)
  • Health profile information (age, weight, height, training goals)
  • Journal entries, notes, and coach conversations
  • Supplement logs, nutrition entries, and manual health metrics
  • Clarity module entries (substance use and craving logs)

2.2 Data from connected integrations

When you authorize a third-party integration, we receive and store data from that service on your behalf, including:

  • WHOOP — recovery scores, HRV, resting heart rate, sleep stages, strain, workouts
  • Garmin — workouts, GPS data, heart rate, training metrics
  • Strava — activities, GPS routes, performance data
  • Eight Sleep — sleep stages, bed temperature, HRV
  • Oura Ring — readiness, sleep, activity, biometrics
  • Dexcom CGM — continuous glucose readings
  • Google Calendar — calendar events (for scheduling context only)
  • RescueTime — productivity and screen time data

We only request the minimum scopes necessary. You can revoke access at any time from the Connections page or directly within the third-party app.

2.3 Integration Data — Detail

When you connect Garmin Connect, Chiron retrieves workout activities, GPS tracks, heart rate streams, training load metrics (ATL/CTL), VO₂ max estimates, and sleep data via the Garmin Health API. This data is used exclusively to:

  • Calculate your Acute Training Load (ATL), Chronic Training Load (CTL), and daily readiness score
  • Model metabolic demand and recovery curves for AI coaching context
  • Display historical workout trends, HR zone distributions, and performance analytics within your Chiron dashboard

Data Sovereignty: Garmin integration requires your explicit OAuth authorization. Chiron does not store your raw Garmin account password. OAuth tokens are encrypted at rest using AES-256-GCM and are only decrypted on-server during a sync operation. You can revoke access at any time from the Connections page or from your Garmin Connect account settings, which immediately invalidates our stored tokens.

Garmin data is never shared with third parties, used for advertising, or included in any aggregate data product.

3. How We Use Your Data

  • To generate personalized training, nutrition, and recovery recommendations
  • To power the AI coaching system using your historical health context
  • To track trends, streaks, and performance over time
  • To send you notifications or alerts you have opted into
  • To display your data back to you and any practitioners you have explicitly granted access

We do not sell your data, share it with advertisers, or use it for purposes unrelated to your personal performance.

4. AI Processing

Chiron uses large language models (including Anthropic Claude and Google Gemini) to generate coaching responses. When you interact with the AI coach, relevant portions of your health data are included in the model context to generate personalized responses.

These requests are processed by Anthropic and Google under their respective API terms. Data is sent over encrypted connections and is not used to train their models under standard API usage terms.

5. Data Storage & Security

  • All data is stored in an encrypted SQLite database on a private, dedicated server
  • All third-party OAuth tokens and API credentials are encrypted at rest using AES-256-GCM before storage — they are only decrypted in memory during active sync operations
  • All data in transit is protected via TLS 1.2+ (HTTPS) — plaintext connections are not accepted
  • Session tokens are stored as httpOnly, Secure cookies and expire after 30 days of inactivity
  • No raw integration passwords are stored; only the encrypted OAuth session tokens issued after authorization

No system is perfectly secure. In the event of a confirmed breach affecting personal health data, we will notify affected users promptly and disclose the nature of the compromise.

6. Practitioner Access

Chiron supports a practitioner model where you can grant a coach, doctor, or trainer access to your data. This access is:

  • Explicitly authorized by you via an access code
  • Scoped to read-only viewing and the ability to send you directives
  • Revocable at any time from your settings

Practitioners cannot access your clarity module logs or journal entries without your explicit additional consent.

7. Data Retention & Deletion

Your data is retained for as long as your account is active. You may request deletion of your account and all associated data by emailing james.k.sternlicht@live.com. We will process deletion requests within 30 days.

You can disconnect individual integrations at any time from the Connections page, which removes the associated OAuth tokens from our system.

8. Children

Chiron is not intended for users under 18 years of age. We do not knowingly collect data from minors.

9. Changes to This Policy

We may update this policy as the product evolves. Material changes will be communicated via email or an in-app notice. The effective date at the top of this page will always reflect the most recent version.

10. Contact

Questions, requests, or concerns about this policy:

James Sternlicht
Chiron Performance System
james.k.sternlicht@live.com

11. Your Rights

You have the following rights with respect to your personal data. To exercise any of them, email james.k.sternlicht@live.com with your request. We will respond within 30 days.

Right to Access

You may request a complete copy of all personal data we hold about you, including your health metrics, workout history, AI conversation logs, and integration data. We will provide this in a structured, machine-readable format (JSON).

Right to Portability

You may request an export of your data in a portable format. Exported data includes all workout records, biometric timeseries, journal entries, supplement logs, and AI coaching history tied to your account.

Right to Erasure

You may request deletion of your account and all associated data at any time. Upon verification, we will permanently delete your profile, health data, integration tokens, conversation history, and any other data linked to your account within 30 days. Note: data already processed into anonymized aggregates (if any) cannot be individually recalled.

Right to Correction

If any data we hold about you is inaccurate, you may request correction. Most profile data can be updated directly from your Settings page.

If you are located in the European Economic Area (EEA) or United Kingdom, you have additional rights under the GDPR and UK GDPR, including the right to lodge a complaint with your local supervisory authority.

© 2026 Chiron Performance System. All rights reserved. · Terms of Service