Legal

Privacy Policy

Last updated: May 6, 2026

Who we are

Tahomai is a product of Robots & Gizmos Inc., a Delaware S Corporation.

This Privacy Policy describes how Tahomai collects, uses, and protects information about you when you use the Tahomai mobile application, the web coaching portal at coach.tahomai.app, and the marketing website at tahomai.app (collectively, the "Service").

If you have questions, contact us at [email protected].

What data we collect

Account information

When you create a Tahomai account, we collect your name and email address via Firebase Authentication. Tahomai does not store your password directly. During early access, account creation requires an invite code. We store which invite code was used to create your account for capacity management purposes.

Before your first coaching session, we ask you to acknowledge a brief disclaimer about the nature of the coaching experience. We record that you acknowledged it, when you did, and which version of the disclaimer you saw. This lets us ensure every user has seen the current disclaimer and allows us to re-present it if the content changes materially.

Health and fitness data from connected sources

Tahomai connects to third-party devices and apps you choose to link — such as Strava, Garmin Connect, Apple Health, and any other source you explicitly authorize. When you connect a source, Tahomai reads data including:

  • Activity and workout data (runs, rides, swims, strength sessions, and similar)
  • Health metrics (heart rate, heart rate variability, resting heart rate)
  • Sleep data (duration, quality, sleep stages)
  • Recovery and readiness scores
  • Nutrition and hydration logs (where provided by connected sources)
  • Location data embedded in activity files (such as GPS routes), as provided by the source app

Nutrition data you log directly

If you log meals, foods, or nutritional information directly through the Tahomai app, that data is stored in your account to power coaching recommendations.

Calendar and schedule data

If you grant Tahomai access to your calendar, we read schedule information to help your coach understand your time constraints. We do not store or share your calendar events beyond what is needed to generate coaching context for you.

Usage data

We collect standard usage data such as app interactions, device type, operating system version, and crash reports. This data helps us improve reliability and performance and is not tied to your health data.

On the web portal (coach.tahomai.app), we use Firebase Analytics (which feeds into Google Analytics 4) to log five interaction events: sign-in, conversation started, message sent, new session created, and session duration. These events contain no message content, no health data, and no personally identifiable information beyond an anonymous session identifier. See "Third-party services" below.

Local storage

The web portal stores a session identifier in your browser's local storage to maintain your coaching conversation across page refreshes. This data stays on your device and is cleared when you sign out.

How we use your data

To provide personalized coaching

All connected source data is used exclusively to generate personalized coaching insights for you — the authenticated user who connected that source. This is the sole purpose.

Your data is only ever shown to you. Tahomai never shares your health or fitness data with other users. Your data is never used to train AI models or any machine learning systems. Your data is never sold to third parties or used for advertising.

To improve the app

We use aggregated, de-identified usage data (never health data) to understand how the app is used and where we can improve the experience.

To communicate with you

We may use your email address to send important service updates, onboarding information, or responses to support requests. We will not send marketing email without your consent.

To power Tahoma

When you interact with Tahoma, your messages and relevant health context (such as recent activity, recovery scores, and schedule) are sent to Anthropic's Claude API to generate coaching responses. This is the core function of the Service. Anthropic does not use API data to train its models, and retains API data for 7 days before automatic deletion.

To power Tahoma's memory

Tahomai uses OpenAI's Embeddings API to generate vector representations of your health and coaching data. This enables Tahoma to retrieve relevant context from your history when generating coaching responses. Text is sent to OpenAI for embedding generation only — it is not used for chat or visible AI outputs. OpenAI does not use API data to train its models by default. See Third-party services below for more detail.

Strava-specific disclosure

Tahomai uses the Strava API to read activity data from users who explicitly connect their Strava account. In accordance with Strava's API Agreement:

  • Strava data is used only to generate personalized coaching feedback for the individual authenticated user
  • Strava data is never displayed to other users
  • Strava data is never aggregated across users in a way that could identify individuals
  • Strava data is never used to train AI or machine learning models
  • Strava may monitor and collect data related to Tahomai's use of the Strava API, in accordance with Strava's own privacy policy
  • When you disconnect your Strava account from Tahomai — or when Strava notifies us that you have revoked access — we delete your Strava access tokens and all Strava-sourced activity data from our systems promptly upon receiving that notification

Disconnecting your Strava account

When you disconnect your Strava account from Tahomai — or when Strava notifies us that you have revoked access via Strava's deauthorization webhook — we promptly delete your Strava access tokens and all Strava-sourced activity data from our systems upon receiving that notification.

How data is stored and protected

All data in transit is encrypted using HTTPS/TLS. Access to production data is restricted to authorized personnel. Authentication is managed by Google Firebase.

Data retention and deletion

We retain your data for as long as your account is active. You may request deletion of your account and all associated data at any time by emailing [email protected]. We will complete deletion requests within 30 days.

Third-party services

Tahomai uses the following third-party services, each governed by their own privacy policies:

  • Firebase (Google) — Firebase Authentication for account management and sign-in; Firebase Analytics on the web portal for anonymous usage metrics (five events, no message content or health data). Google's privacy policy: policies.google.com/privacy
  • Google reCAPTCHA Enterprise (via Firebase App Check) — used on the web portal to verify that requests come from legitimate app instances, not bots. reCAPTCHA Enterprise may collect hardware and software information (such as device and application data) to generate a risk score. Google's reCAPTCHA privacy policy: policies.google.com/privacy
  • Anthropic (Claude API) — powers the Tahoma AI coach. Your messages and health context are sent to Anthropic's API to generate coaching responses. Anthropic does not use API data to train its models. API data is retained for 7 days then automatically deleted. Anthropic's privacy policy: anthropic.com/legal/privacy
  • OpenAI (Embeddings API) — used to generate vector embeddings of your health and coaching data, which power Tahoma's memory and contextual retrieval. Text is sent to OpenAI for embedding generation only — not for chat or visible AI responses. OpenAI does not use API data to train its models by default. OpenAI's privacy policy: openai.com/policies/privacy-policy
  • Strava API — activity data, read-only, user-initiated OAuth
  • Garmin Connect API — activity and biometric data, user-initiated
  • Apple HealthKit — health and fitness data including Apple Watch, iOS permission-gated
  • Additional sources (including WHOOP, Oura, and others) will be added in future releases; this list will be updated accordingly

Tahomai does not use advertising networks or sell data to data brokers.

Your rights

Depending on your location, you may have rights including access, correction, deletion, portability, and objection. Contact [email protected] to exercise any of these.

Children

Tahomai is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13.

Changes to this policy

When we make material changes, we will update the "Last updated" date and notify you by email or in-app notification where appropriate.

Contact

Robots & Gizmos Inc. / Tahomai
[email protected]