Magic Training logo
Magic TrainingHome

Privacy Policy

This policy explains how we handle information when you use our platform. We value your privacy and are committed to transparency in how we process your data.

Data Collection and Storage

Data Collected and Stored

Magic Training collects and stores information necessary to provide our personalized training services. Data is securely stored on our servers using MongoDB with encryption and appropriate security measures.

Account and Profile Data:

  • Name, email, and profile picture (via Google OAuth or manual registration)
  • Profile information (date of birth, gender, runner level)
  • Personal records (5K, 10K, half marathon, marathon)
  • Training preferences and account settings

Training Data:

  • Saved and personalized training plans
  • Activity history and progress
  • Performance statistics and metrics
  • Custom pace settings

Subscription Data:

  • Premium subscription information (status, dates, type)
  • Payment data processed via PIX (Efí Bank)
  • Transaction and invoice history
Cookies and Similar Technologies

We use cookies and similar technologies to improve user experience and analyze platform usage. This includes:

  • Functional cookies to remember your preferences (such as dark/light theme)
  • Analytical cookies to understand how the platform is used

You can manage your cookie preferences through your browser settings.

Payment Processing and Integrations

Efí Bank (PIX)

To process premium subscription payments via PIX, we use Efí Bank. During the payment process, we collect and share with Efí Bank:

  • Personal data (name, email, CPF)
  • Contact information (phone, address)
  • Information required to generate the PIX QR Code

This data is processed in accordance with Efí Bank's privacy policies and is necessary for the security of PIX transactions.

Resend (Transactional Emails)

We use the Resend service for sending transactional emails such as subscription confirmations, account updates, and important communications. We only share your email address and name for message personalization.

Google Analytics

We use Google Analytics to analyze the usage of our platform. Google Analytics uses cookies to collect information about how you interact with Magic Training. This information is used to generate reports and help us improve the platform. Google Analytics collects information anonymously, without identifying individual users.

Vercel Analytics

Our platform is hosted on Vercel, which provides performance and usage analytics. Vercel may collect information such as IP addresses, browser type, and pages visited to provide these insights. This information is processed in aggregate and does not identify individual users.

Garmin Connect Integration

Required Consent

Before connecting your Garmin Connect account, you must provide explicit consent for the transfer and processing of your training data. Your data will only be synchronized after your specific authorization.

Data Collected from Garmin

When you connect your Garmin Connect account to Magic Training, we collect the following types of data:

  • Training and activity data (running, cycling, swimming, etc.)
  • Performance metrics (time, distance, pace, heart rate)
  • Garmin device data (device model, settings)
  • Training plans and exercise calendar
  • Health and wellness data (when authorized)

How We Use Garmin Data

Data obtained from your Garmin Connect account is used exclusively for:

  • Synchronizing your training plans with Garmin devices
  • Analyzing your progress and athletic performance
  • Personalizing training recommendations based on your history
  • Generating progress reports and statistics
  • Improving our training planning algorithms

Garmin Privacy Policy

For detailed information about how Garmin handles your data, please refer to theGarmin Connect Privacy Policy.

International Data Transfer

When you connect your Garmin Connect account, some of your data may be transferred to Garmin servers located in the United States and other countries. These transfers are protected by standard contractual clauses approved by the European Union and follow international data protection best practices.

Your Rights Over Garmin Data

You have the following rights regarding data collected from your Garmin account:

  • Access: View which data has been collected from your Garmin account
  • Rectification: Request correction of incorrect or incomplete data
  • Deletion: Request removal of your data from our platform
  • Portability: Export your data in a machine-readable format
  • Disconnection: Revoke access to your Garmin account at any time

To exercise these rights, go to the "Synchronizations" section in your profile or contact us.

Use of Artificial Intelligence

AI Transparency

This platform uses artificial intelligence systems to process and analyze training data, including data obtained from Garmin devices.

How We Use AI

Our AI systems process your training data (including Garmin data) to:

  • Generate personalized training recommendations based on your history
  • Analyze performance patterns and identify areas for improvement
  • Automatically adjust training intensity and volume
  • Detect potential signs of overtraining or fatigue
  • Improve our training planning algorithms

Consent for AI Processing

By using our platform and connecting Garmin devices, you explicitly consent to:

  • Your training data being processed by AI systems
  • Analysis results being used to improve the service
  • Aggregated and anonymized data being used to train our models

You may withdraw this consent at any time through your account settings or by contacting us. Withdrawing consent may affect the functionality of some platform features.

Protections and Limitations

  • All data is processed securely and encrypted
  • Personally identifiable data is not shared with third parties
  • You maintain full control over your original data
  • Our AI systems follow best practices in AI ethics
Security and Your Rights

Security Measures

We implement technical and organizational security measures to protect your data:

  • Encryption of data in transit and at rest
  • Secure authentication via NextAuth.js with JWT tokens
  • CSP (Content Security Policy) security headers
  • Sensitive tokens encrypted in the database
  • Security monitoring and audit logs
  • Regular data backups

However, please remember that no method of internet transmission or electronic storage is 100% secure.

Your Data Rights

In compliance with the LGPD, you have the following rights over your personal data:

  • Access: View all data we have collected about you
  • Correction: Request correction of incorrect or outdated data
  • Deletion: Request complete removal of your data
  • Portability: Export your data in a readable format
  • Opposition: Object to processing for specific purposes
  • Revocation: Withdraw consent at any time

To exercise these rights, go to your account settings or contact us.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy or as required by law. Data from accounts inactive for more than 2 years may be automatically deleted, except when necessary for compliance with legal obligations.

Contact

If you have questions about this privacy policy or how we handle your information, contact us at: contato@magic.training

Last updated: July 26, 2025