Privacy Policy

TheNextHill (thenexthill.com) is a web application that helps adults discover outdoor adventures and assess their fitness readiness. TheNextHill is operated by David Rabjohns.

If you have questions about this policy, contact us at privacy@thenexthill.com.

We collect and process the following types of data:

• Self-reported fitness scores — the four fitness dimension ratings you enter during onboarding (cardiovascular, strength, altitude tolerance, duration/stamina).
• Adventure plan selections — which adventures you add to your plan, target dates, and custom event names.
• Garmin fitness data — if you choose to connect your Garmin account or upload Garmin export files, we process activity summaries, fitness metrics (VO2 Max, resting heart rate, endurance scores), and wellness data (heat/altitude acclimatization) to compute your fitness dimension scores. We do not store raw Garmin data files on our servers.
• Anonymous identifier — a randomly generated UUID stored in your browser to associate fitness snapshots over time. This identifier is not linked to your name, email, or any personal account.

We do not collect your name, email address, IP address, or any other personally identifiable information unless you contact us directly.

• Readiness scoring — calculating how ready you are for each adventure based on your fitness profile.
• Fitness trends — tracking how your fitness dimensions change over time so you can see progress.
• Adventure planning — sequencing your selected adventures into a progressive multi-year roadmap.

We do not sell, rent, or share your data with third parties for marketing or advertising purposes.

When you connect your Garmin account, we use the Garmin Connect Developer Program APIs to access your fitness and activity data. Specifically:

• We request only the data needed to compute your six fitness dimension scores (activity summaries, fitness metrics, wellness data).
• We do not access your Garmin account credentials. Authentication is handled securely via Garmin's OAuth 2.0 flow.
• You can disconnect your Garmin account at any time from the Settings page, which revokes our access to your Garmin data.
• Raw Garmin data is processed to compute dimension scores and is not stored permanently. Only the computed scores and fitness snapshots are retained.

When you connect your Strava account, we use the Strava API to access your training activities. Specifically:

• We request activity data including type, duration, distance, elevation gain, heart rate, and suffer score to compute your fitness readiness scores.
• Authentication is handled securely via Strava's OAuth 2.0 flow. We do not access your Strava account credentials.
• You can disconnect your Strava account at any time from the Settings page, which deletes your stored tokens and revokes our access.
• Your Strava data is displayed only to you. We do not share your Strava data with other users or third parties.
• Strava may collect and use data related to our access to their API, including usage metrics, as described in Strava's Privacy Policy.

Most of your data is stored locally in your web browser (localStorage). This means:

• Your data stays on your device.
• Clearing your browser data will remove your fitness profile, adventure plan, and preferences.
• Fitness snapshot history is stored in our database, associated only with your anonymous UUID — not with any personal information.

Since most data lives in your browser, you control it directly. Clear your browser's localStorage to remove your fitness profile, adventure selections, and preferences at any time.

• Server-side data — fitness snapshots, training logs, and readiness history are retained while your account is active. Inactive accounts (no login for 12 months) are flagged for automatic deletion.
• Deletion requests — email privacy@thenexthill.com to request full server-side deletion. We will remove all your data within 30 days and confirm by email.
• Wearable disconnection — disconnecting Garmin, Strava, or other integrations from Settings immediately revokes our access. Previously imported data remains until you request deletion.

TheNextHill does not use cookies for tracking or advertising. We do not use any third-party analytics, advertising networks, or tracking pixels.

We protect your data with the following measures:

• In transit — all data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS).
• At rest — server-side data is stored in an encrypted database. Authentication tokens are stored securely and never exposed in URLs or logs.
• Access control — only you can access your data. There is no admin interface that exposes individual user fitness data. Database access is restricted to essential operations only.
• Breach notification — in the unlikely event of a data breach affecting your fitness or health data, we will notify affected users by email within 72 hours.

TheNextHill is designed for adults aged 50 and over. We do not knowingly collect data from children under 16. If you believe a child has provided us with data, please contact us and we will delete it.

When you use the AI coaching feature, your conversation messages and relevant fitness context (readiness scores, recent training data) are sent to Anthropic's Claude API for processing. Specifically:

• Anthropic does not use your data to train their models. See Anthropic's privacy policy for details.
• Conversations may be logged by TheNextHill for service improvement and safety monitoring. Logs are retained for 90 days, then deleted.
• Conversations may be flagged for review if the system detects content related to medical conditions or safety concerns.

TheNextHill imports fitness data from Garmin and other connected platforms, including activity logs, heart rate data, sleep data, and other metrics. This data is used to generate readiness assessments and training recommendations. Fitness data is stored securely and is not sold to third parties.

Information you provide to Garmin Connect is governed by Garmin's Terms of Service and Privacy Policy. The information you choose to send from Garmin Connect is not used by TheNextHill for advertising or transferred to third parties for advertising purposes.

Adventure suggestions, reviews, and other user-submitted content may be displayed publicly on the Service. By submitting content, you consent to its public display.

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Your continued use of TheNextHill after changes are posted constitutes acceptance of the updated policy.

For privacy-related questions or data deletion requests, contact:

David Rabjohns
privacy@thenexthill.com