Data & Privacy

Data Collected

Odyssey collects the following data, all of which is provided voluntarily by the user:

• Account information: Email address and password (hashed, never stored in plain text).
• Profile information: Display name, avatar image, biological sex (optional, used for fitness benchmark adjustments), unit system preference.
• Adventure data: Adventure titles, descriptions, locations, dates, budgets, fitness targets, certifications, status, and completion reflections.
• Habit data: Habit names, categories, frequencies, target counts, and daily completion logs.
• Health metrics: Self-reported VO2 max, body fat %, resting heart rate, sleep hours, training hours, weight, height, recovery score, and recording dates.
• Social data: Friend connections (email-based), adventure memberships, chat messages within adventures, shared link URLs and labels.
• Blocked contacts: Email addresses or user IDs that a user has blocked.

How Data Is Used

• All data is used solely to provide the features described on the Features & Workflows page.
• Health metrics are used to calculate readiness scores and display fitness trends. They are visible only to the user and to members of adventures the user has joined.
• Chat messages are visible only to accepted members of the relevant adventure.
• Email addresses are used for authentication and friend lookup. They are not shared publicly or with third parties.
• No data is sold to third parties.
• No data is used for advertising.
• No data is used to train machine learning models.

Data Storage

• Data is stored in a managed cloud database with row-level security policies ensuring users can only access their own data and data shared with them through adventure memberships.
• Authentication is handled by a managed authentication service with industry-standard password hashing (bcrypt).
• Avatar images are stored in managed cloud object storage.
• All connections use HTTPS encryption in transit.

Data Export

Odyssey does not currently offer an automated data export feature (e.g. "download all my data" button). Users who wish to export their data can request it by contacting the team. This is a known limitation.

Data Deletion

• Users can delete individual adventures, habits, health logs, friend connections, and chat messages through the application interface.
• Full account deletion is not currently available as a self-service feature. Users who wish to delete their account can request it by contacting the team.
• This is a known limitation that is planned to be addressed.

Cookies & Tracking

• Odyssey uses a session token stored in the browser for authentication. This is a functional requirement, not a tracking mechanism.
• No third-party analytics services (Google Analytics, Mixpanel, etc.) are integrated.
• No advertising trackers are present.
• These validation pages contain no JavaScript and no cookies.

Third-Party Services

• Cloud database and authentication (managed backend service).
• Google Fonts for typography (loaded from Google's CDN; subject to Google's privacy policy).
• No other third-party services process user data.