Vista Data, LLC ("Vista Data," "we," "us") provides athletic and wellness performance analytics.
This Privacy Policy explains how we collect, use, store, and protect your personal and
health-related data when you use our service or any associated application.
With your explicit consent, we collect health and fitness data from connected third-party
services, including Garmin Connect. The categories of data we may receive include:
Data Minimization and GPS Exclusion: Vista Data does not collect, track, or store GPS
coordinates, geographical location data, or route maps. We do not collect financial information,
government identifiers, or unrelated personal data.
We access your Garmin data only after you log in to Garmin Connect and explicitly authorize
Vista Data through Garmin's OAuth 2.0 Authorization Code flow with Proof Key for Code
Exchange (PKCE, SHA-256 method). We never see or store your Garmin password, and we
never share your credentials with any party. You control which data you share, and you may
revoke this access at any time through Vista Data or directly through Garmin Connect.
We process your Garmin data solely to generate athletic optimization insights — including
real-time cadence and heart-rate distribution analysis, recovery-state coaching, predictive
fatigue modeling, and personalized training recommendations — within your individual athlete
profile.
We do not use your individual data to train global or cross-user machine-learning models. Under
no circumstances will any of your biometric, health, or athletic data be sold, traded, rented, or
transferred to third-party data brokers, advertising networks, or external analytics firms. This
restriction applies universally, including to anonymized or aggregated derivatives.
When and where Vista Data offers team-coached functionality, your designated coaches may
access your training and wellness data only with your explicit consent, which you may revoke at
any time without leaving the platform.
Connections to Vista Data are served over TLS 1.3, terminated at Cloudflare. Your Garmin
OAuth credentials (access and refresh tokens) are encrypted at the application layer before
storage using Fernet authenticated encryption (AES-128-CBC with HMAC-SHA256), with
master keys sourced exclusively from the deployment environment and never embedded in
source code. Our managed PostgreSQL database additionally encrypts all stored data at rest at
the disk level. Every query for your telemetry, coaching cues, and activities is scoped to your
athlete identifier at the application query layer, and real-time data streams are athlete-scoped.
Access is restricted to authorized systems and personnel.
You may, at any time:
To make either request, contact us at privacy@vistadata.io or use the corresponding self-serve
control inside the Vista Data application. Requests are acknowledged within 48 hours and
completed within 30 days.
We retain your active account data for as long as your account is open. Upon disconnection of
Garmin, your Garmin credentials and account mapping are deleted immediately. Upon full
account deletion, all associated data is purged within 30 days. We retain a minimal audit log of
deletion events (athlete identifier, timestamp, operator) for compliance verification; this log
contains no health data.
Data obtained from Garmin Connect is subject to Garmin's own privacy policy. Vista Data is not
affiliated with, endorsed by, or sponsored by Garmin. Garmin® is a registered trademark, and
Garmin Connect™ is a trademark of Garmin Ltd. or its subsidiaries.
Vista Data is not directed to children under the age of 13. We do not knowingly collect personal
data from children under 13. If you believe we have inadvertently collected such data, contact
us at privacy@vistadata.io and we will delete it.
Vista Data is operated from the United States. If you access the service from outside the United
States, you consent to the transfer and processing of your data in the United States.
We may update this Privacy Policy from time to time. Material changes will be communicated
through the service or by email. Continued use of the service after a change constitutes
acceptance.
Questions about this policy or requests regarding your data: privacy@vistadata.io
Building future-ready talent with AI + Data Analytics Micro-credentials.
At Vista Data, we specialize in stackable micro-credential programs and workforce development that equip learners (ages 13 and up) and professionals with practical AI and data analytics skills. Our approach supports early career exploration for teens as well as upskilling and reskilling for adult professional learners.
