Privacy Policy

Last updated: April 22, 2026

What this service is

Roni is an independent project built by an individual developer. It is not affiliated with, endorsed by, or connected to Tonal in any way. Tonal is a trademark of Tonal Systems, Inc. This service uses Tonal's APIs to read your training data and push custom workouts to your machine, but Tonal does not provide a public API or officially support third-party integrations.

Tonal account credentials

When you connect your Tonal account, your email and password are sent to Tonal's authentication system (Auth0) to obtain an access token. Your password is used once for this request and is not stored, logged, or retained in any form. The resulting authentication token and refresh token are encrypted using AES-256-GCM before being stored in our database. These tokens allow the service to read your data and push workouts on your behalf.

Data we access

Through your Tonal token, the service reads:

  • Your Tonal profile (name, training level, workout preferences)
  • Strength scores and muscle readiness
  • Workout history and activity details
  • Exercise catalog (global, not user-specific)

The service writes:

  • Custom workouts to your Tonal account

We do not access your payment information, personal contacts, or any data unrelated to your training.

Data we store

  • Your Roni account (email, hashed password)
  • Encrypted Tonal auth tokens
  • Training preferences and goals you set in the app
  • Chat conversations with the AI coach
  • Workout feedback ratings (RPE, session ratings)
  • Injury records you report
  • Cached Tonal data (strength scores, workout history) with automatic expiration

AI and third parties

Chat conversations are processed by Google's Gemini AI model to generate coaching responses. Your training data is included in the AI context so the coach can give personalized advice. Google's AI usage policies apply to this processing. No data is used to train AI models.

The service is hosted on Convex (database and backend) and Vercel (frontend). Error monitoring is provided by Sentry. No other third parties receive your data.

Garmin Connect integration

Connecting Garmin Connect is optional. When you connect, Roni uses Garmin's official Activity API and Health API so the AI coach can factor rides, runs, and other non-Tonal sessions into your training plan. Roni is not affiliated with, endorsed by, or sponsored by Garmin. Garmin and Garmin Connect are trademarks of Garmin Ltd.

The connection uses Garmin's OAuth 1.0a user-authorized flow. You enter your Garmin username and password on Garmin's own site; those credentials are never sent to or seen by Roni. Garmin returns a long-lived access token and access token secret, both of which are encrypted with AES-256-GCM before being written to our database.

During the handshake we may request the following Garmin permissions. You decide which to grant, and you can change them any time from your Garmin Connect account settings:

  • ACTIVITY_EXPORT — lets Garmin send summaries of your completed activities (workouts, runs, rides, and similar sessions) to Roni so the coach can account for non-Tonal training.
  • HEALTH_EXPORT — lets Garmin send daily wellness summaries (such as sleep, stress, resting heart rate, HRV, body battery, and steps) to Roni so the coach can factor recovery and readiness into your plan.
  • WORKOUT_IMPORT — lets Roni send coach-generated workouts from Roni to your Garmin device.

We store only the summary data Garmin sends us — activity metrics such as activity type, start time, duration, distance, elevation gain, pace, calories, and heart rate, and daily wellness rollups such as sleep, stress, resting heart rate, HRV, body battery, and step counts. We do not store GPS tracks, per-second samples, or route details. Raw webhook payloads are retained briefly — currently up to 14 days — for operational replay and error recovery, then automatically deleted.

When you first connect, Roni may request a limited initial backfill of your recent history (currently up to 30 days of activities) so the coach has context from the start. After that, Garmin pushes new data to Roni automatically as it is recorded — we do not poll or scrape your account.

We do not sell, rent, or share Garmin data with advertisers, data brokers, or any other third party. Garmin data is used inside Roni only to power the coach, and it is processed under the same infrastructure and AI terms described in the “AI and third parties” section above.

You can disconnect Garmin at any time from the Settings page in Roni, which asks Garmin to remove Roni's registration and marks the connection inactive so no further webhooks are processed. You can also revoke Roni's access directly from your Garmin Connect account settings; Garmin sends us a deregistration webhook and we mark the connection disconnected in response. Deleting your Roni account additionally removes all stored Garmin connection records, activity summaries, wellness summaries, and webhook-event log entries.

Data deletion

You can disconnect your Tonal account and delete your Roni account at any time. All associated data (conversations, feedback, goals, injuries, and cached data) is permanently deleted with no retention period.

Risk acknowledgment

This service accesses Tonal through unofficial APIs that may change or become unavailable without notice. Using this service could theoretically affect your Tonal account, though no such issues have been reported. By using Roni, you acknowledge this risk and agree that the developer is not liable for any impact to your Tonal account or subscription.

Contact

For questions, data deletion requests, or concerns, email jeff@roni.coach.