Privacy Policy

Last updated: July 6th 2025

1. Who We Are

Aerobic Analytics LLC ("Aerobic Analytics," "we," "our," "us") is a Wyoming-registered limited-liability company that operates:

  • SwimFast Monthly Coaching (remote swim-coaching service)
  • DoZA Monthly Coaching (remote triathlon-coaching service)
  • SwimFast Programming App (software for coaches)
  • icanSwimFast.com, DoZACoaching.com, AerobicAnalytics.com and related websites (collectively, the "Sites")

This Policy explains how we collect, use, disclose, and protect your information when you visit or use any of our Sites, apps, or coaching services (the "Services").

2. Scope

This Policy applies to information we process as:

  • Data Controller for our athletes, subscribers, and site visitors; and
  • Data Processor when coaches use the SwimFast Programming App to process data about their athletes.

It does not cover third-party websites or services that link to their own privacy statements.

3. Information We Collect

(a) Identity Data

  • Examples: name, username, date of birth, gender
  • How We Collect This Data: sign-up and intake forms, questionnaires, billing forms

(b) Contact Data

  • Examples: postal address, email, phone
  • How We Collect This Data: sign-up and intake forms, questionnaires, billing forms

(c) Account Data

  • Examples: login credentials, authentication tokens
  • How We Collect This Data: account creation

(d) Payment Data

  • Examples: last-4 of card, billing zip/post code (processed by Stripe; we never see full card)
  • How We Collect This Data: checkout via Stripe

(e) Coaching Data

  • Examples: swim videos, stroke analysis notes, performance metrics, training logs, Garmin activity files
  • How We Collect This Data: manual uploads; API integrations (Garmin Connect, TrainingPeaks, etc.)

(f) Device / Usage Data

  • Examples: IP, browser type, referring URLs, pages viewed, cookies, session IDs
  • How We Collect This Data: cookies, pixels, log files

(g) Marketing Data

  • Examples: email preferences, survey responses
  • How We Collect This Data: opt-in forms, cookies

Garmin data: When you connect a Garmin account, we receive workout files, heart-rate data, GPS metrics, and other activity details through the Garmin Connect Developer Program APIs. Collection and processing occur only after you grant explicit, revocable consent within Garmin Connect.

4. Legal Bases (GDPR / UK GDPR)

(a) Purpose: Provide and administer coaching Services
Legal basis: Contract performance

(b) Process payments via Stripe
Legal basis: Contract performance & legitimate interest

(c) Deliver targeted product updates or marketing
Legal basis: Consent (where required)

(d) Improve Sites & Apps (analytics, debugging)
Legal basis: Legitimate interest

(e) Comply with laws (tax, accounting, requests from authorities)
Legal basis: Legal obligation

You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

5. How We Use Your Data

  • Service delivery – personalize workouts, calculate pacing, analyze videos, generate reports.
  • Integrations – pull/sync completed workouts from Garmin Connect; push planned sessions to TrainingPeaks or your calendar.
  • Payments & subscriptions – Stripe processes card data; we receive tokens and status only.
  • Support & communications – respond to emails, chat, or push notifications.
  • Security & fraud prevention – monitor suspicious activity, enforce our Terms of Service.
  • Analytics & product development – aggregate usage metrics (never identifying you) to improve features.

6. Sharing & Disclosure

We do not sell your personal information. We share it only with:

  • Our Service providers, including: hosting providers, email providers, authentication providers, payment gateway providers, video storage providers. All of whom are bound by confidentiality agreements.
  • Coaches; if you are coached via the SwimFast Programming App, your assigned coach can view your coaching data.
  • Legal & compliance; to comply with subpoenas, court orders, or similar legal processes.
  • Business transfers; in a merger, acquisition, or asset sale, data may transfer under this Policy.

7. International Transfers

Data is primarily stored in the United States. When we transfer information from the EEA/UK or Switzerland, we rely on:

  • Standard Contractual Clauses approved by the European Commission, or
  • Another valid transfer mechanism under GDPR.

8. Data Retention

  • Coaching records: 7 years after the last coaching interaction.
  • Payment/transaction records: 7 years.
  • Garmin data: until you disconnect Garmin or 30 days after account closure, whichever comes first.
  • Marketing contact lists: until you unsubscribe or 2 years of inactivity.

9. Security

We use industry-standard safeguards: encryption in transit (TLS 1.3), encryption at rest (AES-256), role-based access, annual penetration testing, and PCI-DSS-compliant Stripe processing.

10. Cookies & Similar Tech

We use first-party cookies for:

  • Session management (login)
  • Preferences (dark mode, language)
  • Analytics (aggregate traffic)

You can disable cookies via browser settings, but some features may break.

11. Your Rights

  • EEA/UK: access, rectification, erasure, restriction, portability, objection, lodge complaint with supervisory authority
  • California (CCPA/CPRA): know, delete, correct, opt-out of "sharing," non-discrimination
  • U.S. (general): notice, access, opt-out of marketing, data-breach notification
  • Children: We do not knowingly collect data from anyone under 13 (COPPA). Parents may request deletion via the contact methods below.

To exercise rights, email support@aerobicanalytics.com

12. Marketing & CAN-SPAM

We send email newsletters only with your opt-in. Every email includes an "Unsubscribe" link; we honor requests within 5 business days.

13. Garmin Connect Developer Program Compliance

We collect Garmin data only after you authorize our app inside Garmin Connect.
You may revoke access at any time in Garmin Connect > Account Settings or by emailing us. If you revoke or delete your Aerobic Analytics account, we delete stored Garmin data within 30 days. We process Garmin-sourced personal data solely to provide coaching analytics and do not re-share it outside the Services.

14. Stripe Payment Compliance

All card data is handled by Stripe; we never store full card numbers or CVV. Our checkout pages load Stripe-hosted scripts over TLS and display the PCI badge. We provide notices and obtain any consents required for Stripe's own processing. You may view Stripe's Privacy Policy here: https://stripe.com/privacy.

15. Changes to This Policy

We may update this Policy. If we make material changes, we will post the revised Policy on our Sites at least 7 days before it takes effect, and email registered users.

16. Contact

Aerobic Analytics LLC
1021 E Lincolnway Suite 8457
Cheyenne, WY 82001
Email: privacy@aerobicanalytics.com