Velora
Garmin Developer Program — Application Context

Garmin × Velora:
coaching that reads
your wearable.

We're applying for access to the Garmin Health API to integrate real wearable data into Velora's coaching engine. This page explains what we need, why, and how we handle it.

API access

What we're requesting.

We operate on a principle of least privilege. We request only the data required to inform coaching decisions. The data categories below represent our complete intended scope — nothing beyond what's listed.

Activity dataRequired
Read-only

Completed workouts including GPS tracks, heart rate streams, pace/speed, distance, elevation, and lap splits. Used to build per-discipline load baselines and verify training quality against prescription.

Daily health metricsRequired
Read-only

Resting heart rate, HRV status, sleep summary (duration, quality), stress score, and body battery. Used to inform load state — whether the athlete is physiologically ready for a harder session.

Training readiness / Training statusOptional
Read-only

Garmin's computed Training Readiness and Training Status (if available via API). Used as an additional recovery signal in load state computation alongside raw HRV and sleep data.

Structured workout deliveryOptional
Write — conditional

If supported, we intend to push prescribed sessions directly to the athlete's Garmin device as structured workouts. This is a future capability and not required for initial API access.

Usage

How Garmin data enters the coaching pipeline.

01
Baseline seeding

Activity history sets the athlete's baseline load per discipline. Garmin provides more complete data than Strava alone — especially for pool swims and indoor sessions that don't sync reliably through Strava's third-party flow.

02
Load state computation

HRV trend, sleep quality, and body battery are folded into the daily load state calculation alongside RPE and training load. An athlete who trained hard yesterday but slept well and shows normal HRV is treated differently from one showing HRV suppression.

03
Prescription gating

Load state gates every prescription. If health metrics indicate insufficient recovery, the system downgrades the prescribed session or recommends rest — regardless of where the athlete sits in their training block.

04
Workout delivery

When the athlete connects a Garmin device, prescribed sessions can optionally be pushed as structured workouts. The prescription defines the intent — e.g., '35 min easy run, Z2' — and the structured workout translates this for the watch.

05
Feedback loop

Post-session data from Garmin — achieved HR zones, pacing execution, compliance with prescribed effort — feeds back into the coaching model to refine future prescriptions.

Athlete value

Why Garmin users benefit.

More accurate coaching

HRV and sleep data replace subjective guessing. The system knows if you're recovered — not just if you say you are.

Better swim and bike insight

Garmin captures pool swims and indoor rides that Strava misses. Full discipline coverage means no vertical is invisibly undertrained.

Less manual entry

Data flows directly from the device. Athletes don't need to log RPE manually — the wearable tracked it.

Workouts on your watch

Prescribed sessions can be sent directly to the Garmin watch. Show up with the session already loaded.

Data handling

How we handle your data.

Principle of least privilege

We request only the scopes necessary for coaching functionality. No access to payment data, contacts, or any non-training-relevant user information.

User-controlled disconnect

Athletes can disconnect the Garmin integration at any time from within the Velora dashboard. Disconnecting immediately revokes our token and stops all data ingestion.

No data selling

Garmin data is used exclusively to power the coaching engine for the individual athlete. It is never sold, licensed, or shared with third parties.

Retention policy

Activity and health data is retained for as long as the user account is active. Upon account deletion, all stored data is purged within 30 days.

Security posture

Technical security measures.

Encryption at rest
All user data encrypted at rest (AES-256) via Supabase / PostgreSQL
Encryption in transit
All API communication over TLS 1.2+ — HTTPS enforced site-wide
Authentication
OAuth 2.0 Authorization Code Flow; tokens stored server-side, never exposed to browser
Access control
Least-privileged service roles; Row-Level Security enabled on all tables; no direct DB access from client
Token handling
Refresh tokens encrypted, scoped, and rotated; immediate revocation on disconnect
Audit logging
API access and data sync events logged with timestamp, scope, and user identifier

Compliance

Compliance posture.

Privacy policyPublished at veloralabs.io/legal/privacy
Terms of servicePublished at veloralabs.io/legal/terms
Contact emailcontact@veloralabs.io
Support processUsers email contact@veloralabs.io for data requests, deletion, or integration issues. Response within 2 business days.
Data minimizationData minimization principles applied. Users can request deletion of all stored data. No cross-context behavioral advertising.

Status

Integration status.

In development

The Garmin integration is actively in development. Core coaching engine and Strava integration are live. Garmin data layer is the next phase.

Planned beta

Pending API access approval. Beta launch planned with a small cohort of Garmin-connected athletes during the development cycle.

Questions about the integration?

If you're reviewing this as part of the Garmin Developer Program, we're happy to provide additional technical detail, architecture documentation, or schedule a call.

Get in touch