Privacy Policy

AthleteSync Privacy Policy Effective Date: [15 May 2024]

AthleteSync ("Company", "We", "Us" or "Our") is a technology company providing solutions to monitor athletic training progress. Our goal is to revolutionize the world of training and athletic performance. We provide users (either individuals or companies) ("Users") a platform to monitor athletic training progress, and make available certain services and contents supplied by third parties with whom We contract (the "Services"). These third parties may provide content in several forms, including, but not limited to, workout and exercise prescriptions, guidance, and cues ("Content Providers").

For example, Content Providers can, through AthleteSync, publish and or sell training that can then be downloaded by Users. Content Providers can also upload their training (paper, pdf, excel) and through generative artificial intelligence, We will convert them into usable workouts.

AthleteSync relies on collecting information, including Personal Information, from you to produce personalized workout plans that are customized for your specific body type, fitness level, training, or fitness goals, and are practical given your schedule and resources. "Personal information" means any information that relates to an identified or identifiable individual. Our computer algorithm relies on these various inputs to produce exercise recommendations and schedules.

We may at times work with third parties and Content Providers to present offers and advertisements which we believe are relevant to you and may also customize the content and user experience based on your information. Our main purpose in collecting such Information is to provide you with an excellent service and overall User experience. We strive to maintain transparency and will not use or share your Personal Information with anyone except as described in this Policy.

Capitalized terms that are not defined in this Policy have the meaning given them in Our Terms of Use. We encourage you to get acquainted with our Terms of Use to understand how We provide the Services to you. We respect your privacy and are committed to protecting it through Our compliance with this Policy.

Please read this Policy carefully to understand our privacy practices. If you do not want Us to process your Personal Information as it is described in this Policy, please do not use Our Services. If you have any questions about this Policy or AthleteSync, please contact Us at team@athlete-sync.com (for additional contact information, please see Section 15 of this Policy).

1. Introduction

This Privacy Policy ("Policy") covers the Personal Information that We collect through AthleteSync application and its website www.athlete-sync.com (the "Website"), owned or controlled by the Company or websites that post a link to this Policy. When you use Our Services, you'll share some information with Us.

According to Article 13 of the General Data Protection Regulations Regulation, (EU) 2016/679 (GDPR), in Our role as a controller of Personal Information (as defined below), We want to be upfront about the information We collect, how We use it, whom We share it with, and the controls We give you to access, update, and delete your Information. You should read our entire Policy, so that you can feel confident in sharing your data with Us.

2. Who is the data controller

The Company is the controller of your Personal Information. The Company is registered at: Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 1555. If you have questions, requests, or concerns regarding your privacy and rights, please let Us know how We can help. You can contact Us at team@athlete-sync.com.

3. Information We collect

There are three basic categories of information We collect:

Information you provide to Us
Information We collect automatically
Information We obtain from third parties

Here's a little more detail on each of these categories.

Information you provide to Us

When you use Our Services, you usually provide to Us certain information, including your Personal Information such as:

Identification information: such as your name, surname, place and email.
Fitness Information including sensitive information: sex, height, weight and other body measurements, body type, general health, mental health (if needed), physical injuries, fitness level, workout goals, training or fitness goals, personal records of exercises, desired intensity, body part focus, fitness milestones, fitness resources and equipment, exercise preferences, workout schedule, and workout history.
If you contact Us, records, copies of your correspondence with Us and contact details that you have provided Us while making your inquiries (such as your name, postal addresses, email addresses and phone numbers or any other identifier by which you may be contacted online or offline), in order to investigate your concerns, respond to your inquiries and to monitor and improve Our responses to your and other users inquiries in relation to Our Services.

When you use the Websites

When you visit Our Website, We collect Internet or other electronic network activity information through the use of cookies and other trackers. Depending on your tracking preferences, the information We collect may include but is not limited to your device's Internet Protocol ("IP") address, referring website, what pages your device visited, and the time that your device visited our Website. We may also rely on analytics and tools used to prevent spam and other security risks related to the use of abusive automated software. Visit our Cookie Policy for more information on the types of cookies and other trackers We use on our Website.

Information We collect automatically

When you use Our Services, We may automatically collect certain data about you. This data is needed for operation of the Services and, among others, may be used for in-app analytics or marketing purposes. The data We collect automatically includes:

Device information: information about your mobile device, or any other type of device you will be using in connection with the Services, and internet connection, including your IP address, the device's unique device identifier, operating system, and mobile network information.
Usage details: details about your use of Our Services, including the frequency of use, the areas and features you access, and your engagement with specific functionalities. This information is primarily used for in-app event analytics and, with your consent, for marketing purposes. Additionally, we may rely on session recording to capture your interactions for the purpose of improving user experience and optimizing our services.
Information collected by cookies and other similar technologies: We use various technologies to collect information, including saving cookies to users' computers. Such automatically collected data helps Us operate our Services and improve it to deliver better service, including but not limited to enabling Us to estimate Our audience size, and understand how you use Our Services and what you like and dislike the most. For further information please visit the Cookie Policy.

The technologies We use for automatic data collection may include: We use third-party analytics tools, such as AWS or Posthog to help Us measure traffic and usage trends for AthleteSync. These tools collect information via third-party analytics software development kits incorporated into AthleteSync, which may include your pseudonymised user ID and the information about the webpages you visit when following the links available to you on Our Services, your actions in AthleteSync application and basic information about the type of subscription you have. We collect and use this analytics information in an aggregated manner with analytics information from other users so that it cannot reasonably be used to identify any particular user. For information on how third-party analytics tools collect and process your data, please contact us at team@athlete-sync.com.

4. Legal bases for using your Personal Information

According to Article 6 of the GDPR, We are allowed to use your Personal Information when certain conditions apply. These conditions are called "legal bases" and We typically rely on one of four:

Consent (Article 6.1.a of the GDPR): In some cases, We'll ask for consent both for Personal and for Sensitive Information to use your information for specific purposes. If We do, we'll make sure you can revoke your consent in our Services or through your device permissions. Even if We're not relying on consent to use your information, We may ask you for permission to access data like contacts and location.
Contract (Article 6.1.b of the GDPR): We might use your information because you've entered into an agreement with Us.
Legal obligation (Article 6.1.c of the GDPR): We may be required to use your personal information to comply with the law, like when We respond to valid legal process or need to act to protect our users.
Legitimate interest (Article 6.1.f of the GDPR): We have—or a third party has—a legitimate interest in doing so. For example, We need to use your information to provide and improve Our Services, including protecting your account, providing customer support. An important point to understand about legitimate interest is that Our interests don't outweigh your right to privacy, so We only rely on legitimate interest when We think the way we are using your data doesn't significantly impact your privacy or would be expected by you, or there is a compelling reason to do so.

5. Information We collect directly from you on our Website

We will use Personal Information for the following purposes:

To administer our Website, and for internal operations, including troubleshooting, data analysis, testing, statistical and survey purposes.
To improve Our Website to ensure that content is presented most effectively for you and your device.
For trend monitoring, marketing advertising, ad targeting, ad measurement, including through the use of your precise location information, profiling, research (again, if you've specifically and freely given Us permission to use that information for that purpose), both on and off Our services. We may also store information about your use of third-party apps and websites on your device to do this.
For purposes made clear to you at the time you submit your Personal Information.
As part of Our efforts to keep our Websites secure. Our use of your Personal Information may be based on Our legitimate interests to ensure network, information security, and business performance improvement.
Our direct marketing purposes are based on your consent. We may also rely on Our legitimate interests to improve business and marketing practices or contact you to offer similar Services or products that you may have bought from Us (soft spam), requested a demo, or negotiated with Us.

6. Sharing and disclosure of Personal Information

AthleteSync Services include connecting Users to coaches and/or teams, and to offer the Services, AthleteSync discloses Personal Information to the coaches and/or teams that your Account is associated with or that you interact with through Our Services. We do not rent or sell your Personal Information, including text to any third parties outside AthleteSync.

Parties with whom We may share your Personal Information: We may also share your Personal Information and other collected information with third-party organizations such as contractors and service providers that We use to support our business who will act as data processors according to Article 28 of the GDPR and who are bound by confidentiality and data protection terms (consistent with this Policy) to keep your Personal Information confidential and use it only based on our instructions ("Service Providers").

If We receive your Personal Information and subsequently transfer that information to a third-party agent or Service Provider for processing, We remain responsible for ensuring that such third-party agent or Service Provider processes your Personal Information to the standard required by the applicable privacy laws, including the GDPR, and CCPA. These transfers will typically be based on Our legitimate interests. Such Service Providers include:

Cloud providers Amazon Web Services which we use when you choose to upload your documents and/or information to our Services. AthleteSync App will be on the Apple Store.
Third-party analytics, as specified in this Policy,
Email delivery services, and
Third-party advertising partners. Upon your consent (opt in), We send some of your Personal Information (e.g., your device information and details about your in-app purchases) for marketing and promotional purposes to our advertising partners (e.g. Meta).

By these means, We are able to reach you and people like you on various platforms. For the avoidance of doubt, We do not share or transfer your Contents to third parties other than coaches (except storing your Contents to our cloud providers Google Cloud Platform and Amazon Web Services). We use only secure places of storage, such Amazon Web Services.

You are sharing your Personal Information: You might be sharing information on message boards, chat, and other services to which you are able to post Content. Please note that any information you post or disclose through these services will become public and may be available to other users and the public.

What happens in the event of a change of control: If We sell or otherwise transfer part or the whole of the Company or Our assets to another organization (e.g., during a transaction like a merger, divestiture, restructuring, reorganization, acquisition, bankruptcy, dissolution, liquidation), your Personal Information and any other collected information may be among the items sold or transferred.

Responding to legal requests and preventing harm: We may access, preserve, and share your Personal Information in response to a legal (like a search warrant, court order or subpoena), government or regulatory request if We have a good faith belief that the law requires Us to do so. This may include responding to legal, government or regulatory requests from jurisdictions where We have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognized standards.

We may also access, preserve, and share information when We have a good faith belief it is necessary to:

detect, prevent and address fraud and other illegal activity;
protect ourselves, you and others, including as part of investigations; and
prevent death or imminent bodily harm.

Information We receive about you may be accessed, processed, and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.

Protection of Our company and others: We reserve the right to access, read, preserve, and disclose any Personal Information as necessary to:

comply with a law or a court order,
protect the rights, property, or safety of our employees, our users, or others.

Non-personal information: We may also share with third parties that provide services to Us or perform business purposes for us aggregated, non-personally identifiable, or de-identified information.

7. Third-Party Advertisers

We may use third-party advertising companies to serve advertisements regarding goods and services that may be of interest to you when you access and use the Services and other websites or online services, based on information relating to your access to and use of the Services and other websites or online services. To do so, these companies may place or recognize a unique cookie on your browser. In addition, We may share information that does not directly identify you (such as de-identified usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with interested third parties to help them understand the usage patterns for certain AthleteSync services.

AthleteSync may allow third-party ad servers or ad networks to serve advertisements on the Services. These third-party ad servers or ad networks use technology to send, directly to your browser, the advertisements and links that appear on AthleteSync. They automatically receive your IP address when this happens. They may also use other technologies (such as cookies, JavaScript, or web beacons) to measure the effectiveness of their advertisements and to personalize the advertising content. AthleteSync does not provide any information that directly identifies you to these third-party ad servers or ad networks without your consent or as required under applicable law. However, please note that if an advertiser asks AthleteSync to show an advertisement to a certain audience and you respond to that advertisement, the advertiser or ad server may conclude that you fit the description of the audience they are trying to reach. In addition, third-party advertisers may use information (not including your name, address, email address, body information, or telephone number) about your visits to this and other websites to provide advertisements about goods and services of interest to you. AthleteSync is not the entity responsible for the processing of your information by third-party ad servers or ad networks. The AthleteSync Privacy Policy does not apply to, and We cannot control the activities of, third-party advertisers. Please consult the respective privacy policies of such advertisers for more information.

8. International data transfer

Your Personal Information might be processed outside the EU. As to the location of our servers, We use AWS and Google Cloud Platform servers located in the EU. However, our third-party AI Service Providers Servers may be located, stored and/or processed outside EEA/UK countries. When Service Providers engage in such transfers of Personal Information, they rely on i) Adequacy Decisions as adopted by European Commission on the basis of Article 45 of Regulation (EU) 2016/679 (GDPR), or ii) Standard Contractual Clauses issued by the European Commission. The European Commission has determined that the Standard Contractual Clauses provide sufficient safeguards to protect personal data transferred outside the EU or EEA. For more information, please visit this link.

We will always protect your Personal Information in accordance with this Policy wherever it is processed. We do not voluntarily or actively transfer or disclose your Personal Information to the government or law enforcement authorities (the "Authorities") and/or otherwise grant any Authorities access to your Personal Information.

9. Treatment of Personal Information

We will treat your Personal Information according to correctness, lawfulness and in compliance with all the principles of Article 5 of the GDPR, and with the aid of electronic tools, and in compliance with Article 5 of this Policy. The analysis of your tastes and preferences which, subject to your previous consent, may be carried through profiling, will always involve a human intervention and will never take place exclusively in automated ways. We use appropriate technical, organizational, and administrative security measures to protect any Personal Information We store from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.

No company or service can guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user's Personal Information at any time. Among other practices, your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.

10. Data Retention

Your Personal Information: We store your Personal Information for different time periods depending on the category of Personal Information or you request us to delete your data (by contacting us at team@athlete-sync.com). Some information may be deleted automatically based on specific schedules, such as marketing information. Other information e.g. account information, may be retained for a longer period unless you request us to delete your data (by contacting us at team@athlete-sync.com). Finally, We may further retain information for business practices based on Our legitimate interests or legal purposes, such as network improvement, fraud prevention, record-keeping, or enforcing our legal rights.

Your Contents: We keep your Contents on Our servers if they are necessary to give context and to allow them to perform the Tasks. We inform you that, in case of revocation of your consent and, in any case, at the expiration of terms indicated above, We will erase or anonymize your Personal Information from Our archives. We may retain your Personal Information in connection with your privacy-related requests and communications with Us, if any, as necessary to comply with Our legal obligations, to resolve disputes, and to enforce Our agreements. Even if We delete some or all of your Personal Information, We may continue to retain and use anonymized data previously collected that can no longer be used for personal identification.

11. What are your rights (data subject rights - DSR)

We want you to be in control of your Personal Information, so We provide you with the following tools: You have the right to obtain from Us the indication of:

the origin of the Personal Information;
the purpose and method of processing the Personal Information;
the logic applied in cases where processing is carried out with the aid of electronic instruments;
the identification of the Data Controller, and Data Processors;
the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as an appointed representative in the territory of the EEA or even in countries outside of the EEA where data is processed on our behalf.

In particular, you have the right to obtain:

the access, the updating, rectification or, when it is the case, the integration of your Personal Information;
the cancellation, transformation into an anonymous format or restriction of data processing in case of a violation of the law, or when Personal Information retention is not necessary in relation to the purposes for which the Personal Information was collected or subsequently processed;
certification/declaration that the operations referred to in letters a) and b) above have been disclosed, also in reference to their content, of those to whom the data have been shared or disclosed, except in case where such fulfillment proves impossible or involves the use of means obviously disproportionate to the protected right;

Furthermore:

you have the right to revoke the consent without prejudice to the lawfulness of the processing carried out based on the consent already given;
when applicable, you can also obtain a copy of your information in a portable format, so you can move it or store it wherever you want.
you can change your preferences with regards to the cookies and other trackers at any time by clicking on the persistent cookie icon at the bottom of the screen on our Website.

Finally, you have the right to object, in whole or in part to the processing of your Personal Information:

for legitimate reasons, even when it is related to the purpose of the collection of your Personal Information;
in case of sending of advertising materials or direct sales or for carrying out market research or commercial communications;
anytime Personal Information is processed for direct marketing purposes, including profiling, to the extent that such activity is connected to direct marketing;
in case of automated decision making, if such a decision is based solely on automated processing and produces legal effects or significantly affects you.

Because your privacy is important to Us, We will ask you to verify your identity or provide additional information before We let you access or update your personal information. We may also reject your request to access or update your personal information for a number of reasons, including, for example, if the request risks the privacy of other users or is unlawful.

12. How you can exercise your rights

If you would like exercise the rights referred to in Article 15 to 22 of the GDPR, or the California Consumer Privacy Act ('CCPA') or Virginia, Colorado, Utah, and Connecticut you can send Us an email to team@athlete-sync.com. Our privacy team will examine your request and respond to you as quickly as possible and no longer than 30 days from the moment you exercise your right. Please note that We may still use any aggregated and de-identified Personal Information that does not identify any individual and may also retain and use your Personal Information as necessary to comply with our legal obligations, resolve disputes. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If We determine that the request warrants a fee, We will tell you why We made that decision and provide you with a cost estimate before completing your request. We remind you that you have a right to lodge a complaint with a supervisory authority within EEA should you feel unsatisfied with Our treatment of your Personal Information.

13. Specific geographies rights

Residents of California, Virginia, Colorado, Utah, and Connecticut may have statutory rights under state comprehensive privacy law including the rights specified below. You can exercise these rights by contacting Us at team@athlete-sync.com.

Right to request the categories of Personal Information collected about you. We will provide, where relevant and required by law, the types of data We collect.
Right to request the categories of sources from which your Personal Information is collected. We will provide, where relevant and required by law, the types of tools and organizations We use to collect data.
Right to request the business or commercial purpose for collecting your Personal Information. We will provide, where relevant and required by law, the purposes to collect data.
Right to request the categories of third parties to whom Personal Information is disclosed, and the categories of Personal Information disclosed. We will provide, where relevant and required by law, information regarding the other organizations that may receive your Personal Information.
Right to request the specific pieces of Personal Information collected about you. We will provide, where relevant and required by law, your Personal Information.
Right to request that Personal Information collected about you be deleted. We may keep Personal Information for legal reasons but will accommodate deletion requests when required. Please be aware that erasing some Personal Information may affect your ability to use our Services.
Request that your inaccurate Personal Information be corrected. If you believe your Personal Information is not correct you may provide Personal Information to replace the erroneous data.
Request that We do not sell or share your Personal Information. Each state may interpret a "sale" of Personal Information differently, however, if you are a resident of the states above or Nevada and request that your Personal Information not be sold the Company will honor that request. Individuals in California may request their information not be shared with any third party.
Right to non-discrimination. The Company will not discriminate against you (e.g., through denying goods or services or providing a different level or quality of goods or services) for exercising any of the rights afforded to you.

California and Delaware "Do Not Track" disclosures: California and Delaware law require the Company to indicate whether it honors your browser's "Do Not Track" settings concerning targeted advertising. The Company adheres to the standards set out in this Policy and does not monitor or respond to Do Not Track browser requests.

Please keep in mind that in case of a vague request to exercise any of the aforementioned right We may engage with you in a dialogue to ask for more details if so needed to complete your request. In case this is impossible, We reserve the right to refuse granting your request. Following the provisions of the applicable law, We might also ask you to prove your identity (for example, by requesting your user or some other proof of your identity) in order for you to invoke the mentioned rights. This is made to ensure that no right of third parties is violated by your request, and the mentioned rights are exercised by an actual Personal Information subject or an authorized person.

14. Opting Out of Promotional Emails

IF REQUIRED BY LAW, WE WILL ASK FOR YOUR CONSENT TO SEND YOU PROMOTIONAL AND MARKETING EMAILS. IF YOU WISH TO OPT-OUT OF OUR PROMOTIONAL AND MARKETING EMAILS, YOU CAN OPT-OUT FROM OUR PROMOTIONAL AND MARKETING EMAIL LIST BY USING ANY OF THE FOLLOWING METHODS:

by following the opt-out links in any marketing email sent to you; or through our Services settings on your mobile device; or
by contacting Us at any time using the contact details above

15. Users' Age

Protecting the privacy of young children is especially important. AthleteSync does not knowingly collect or solicit Personal Information from anyone under the age of thirteen (13) or knowingly allow such persons to register as Users. If you are under 13, please do not send any Information about yourself to Us. If We learn that We have collected Personal Information from a child under age 13 without parental consent, We will delete that Information as quickly as possible. If you believe your child under 13 has submitted Personal Information to us without your consent, please contact us at team@athlete-sync.com.

16. Linked websites

For your convenience, hyperlinks may be posted on the Services that links to other websites (the "Linked Sites"). We are not responsible for, and this Policy does not apply to, the privacy practices of any Linked Sites or of any companies that We do not own or control. Linked Sites may collect information in addition to that which We collect through Our services. We do not endorse any of these Linked Sites, the services or products described or offered on such Linked Sites, or any of the content contained on the Linked Sites. We encourage you to seek out and read each Linked Site's privacy notice to understand how the Personal Information about you is used and protected.

17. Revisions to the Privacy Policy

The date this Policy was last revised is indicated at the top of the page. The Company may modify or update this Policy from time to time. Some changes do not require your consent: for example, when We add a new purpose of processing that is compatible with the existing purposes, or the new processing activity that falls under the users' reasonable expectation. However, if the changes made may pose risk to your rights and freedoms (e.g., by including a new purpose of the processing that is not compatible with the existing purposes of processing, a new legal basis, a new category of personal data to be collected or a new data subject, all of which are not reasonably expected by the users, we will ask for your consent to those changes separately from this Policy. If you did not receive a request for your consent to the changes or refused to give consent, those changes will not apply to you. That fact can negatively affect some of our Services provided to you in case those services inevitably include consent to the changes.

18. Contact us

General contact details: If you have any questions about this Privacy Policy or the Company, please contact us via email atteam@athlete-sync.com or our mailing address: Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 12, 15551.

Controller's Contact Information:team@athlete-sync.com