Privacy Policy

AltaBrio.com Privacy Policy

Effective Date: May 30, 2025

This Privacy Policy describes how AltaBrio.com (“AltaBrio,” “we,” “us,” or “our”) collects, uses, processes, and shares your personal information when you use our website and associated AI training application (collectively, the “Services”). We are committed to protecting your privacy and handling your data transparently and in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Colorado Privacy Act (CPA).

By accessing or using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use our Services.

1. Information We Collect

We collect various types of personal information to provide, maintain, and improve our Services. The categories of personal data we collect include:

  • Account, Profile, and User Activity Information: This includes your name, email address, date of birth, gender, weight, username, and password, which are essential for securing your account and personalizing your experience. We also collect information when you upload photos, videos, posts, or activities (including date, time, geo-location, speed, pace, and perceived exertion), join a club or challenge, or add equipment usage.  
     
  • Location Information: We collect and process precise location information when you sign up for and use the Services, particularly for core features like GPS activity tracking, routes, and segment leaderboards. This requires you to grant us permissions in your device’s privacy controls to track your device location while you use the Services. We do not track your device location when you are not using the app.  
     
  • Content You Share: We gather information from photos, videos, posts, comments, messages, kudos, ratings, reviews, and other content you share on the Services, including when you participate in partner events or create segments or routes.[1, 3]
  • Contacts’ Information: If you choose to connect your contacts from your mobile device or social networking accounts to AltaBrio, we will access and store your contacts’ information to identify potential connections and help you connect with each other.[1, 3]
  • Connected Devices and Apps Information: We collect information from devices and apps you connect to AltaBrio (e.g., smartwatches, other fitness platforms) in accordance with the consent you give. This may include step count data or health information like heart rate.  
     
  • Health Information: We may collect or infer health information, such as heart rate, sleep times, calories burned, body fat percentage, steps, exercise minutes, height, weight, and potentially menstrual cycle information. This data is often derived from connected devices or user input. Where health information can uniquely identify you, it is considered sensitive personal information under certain laws.  
     
  • Payment Information: When you make a payment on AltaBrio, you will be asked to provide payment information such as your payment card or other payment details. We use Payment Card Industry (PCI) compliant third-party payment services who may store your credit card information in accordance with applicable standards.[1, 2, 3, 6] We do not directly collect or store payment card information entered through our Services, but we may receive information associated with your payment card information (e.g., your billing details).  
     
  • Usage Data: We automatically collect Usage Data when you access and use the Services. This includes your device’s Internet Protocol (IP) address, browser type and version, pages visited on our Service, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data. When you access the Service via a mobile device, we may collect information such as the type of mobile device, your unique mobile device ID, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers, and other diagnostic data.  
     
  • AI Training Data: As an “AI training app,” we collect and process various forms of data specifically for training, tuning, and improving our underlying AI models and algorithms. This includes visual data (photos, images, video recordings), audio data (voice recordings, speech), textual data (linguistically relevant characters, words, sentences), and numerical data (measurements). This data can be collected as raw input or as labeled, tagged, or annotated data.  
     

2. How We Use Your Data

We use the collected personal data for the following purposes:

  • To Provide and Maintain Our Services: This includes managing your account, delivering core features like activity tracking and personalized insights, and monitoring the usage of our Service.  
     
  • To Personalize Your Experience: We use information such as your sport type, engagement with content, basic demographic information, and location information to suggest relevant segments, routes, challenges, or features that may interest you.  
     
  • For Performance Tracking and Improvement: We collect usage and trend data to understand how users navigate our sites and apps and how we can improve our features and overall user experience.  
     
  • For AI Training, Tuning, and Improvement: We use collected data, including visual, audio, textual, and numerical data, to train, tune, and test our AI models and algorithms. Where possible, we use aggregated, de-identified information for AI features. Depending on your privacy controls and sharing permissions, we may use personal information such as health and location for AI features that provide training analysis and recommendations.  
     
  • To Communicate with You: We may use your contact information to send you updates, functionalities, special offers, news, and general information about goods, services, and events similar to those you have already purchased or inquired about, unless you have opted not to receive such information.[2, 8] We also use collected contact information to inform you about important updates to our products, apps, subscriptions, or account, such as vital safety information or updates to this Privacy Policy.  
     
  • To Manage Your Requests: We use your data to attend to and manage your requests to us.  
     
  • For Security and Legal Compliance: We may use your data to verify accounts, prevent fraudulent use, protect against unauthorized access to member data, and respond to legal obligations.  
     

Sensitive Data Handling (Health, Biometric, Location): We collect sensitive data such as health information (e.g., heart rate, sleep times, calories burned) and precise location information. Before you can upload health information to AltaBrio, you must give your explicit consent to the processing of that health information by AltaBrio. You can withdraw your consent at any time. This health data is used only to improve health management or for health research, and not for marketing or advertising purposes. Precise location information is collected only when you grant permissions in your device’s privacy controls and while the Services are in use; we do not track your device location when the app is not in use. You retain control over location tracking and can adjust device settings at any time.  

AI Training Data Specifics: The data collected for AI training can be raw or labeled/annotated by humans. We are committed to anonymizing and de-identifying personal data used for AI training to mitigate re-identification risks. While an AI model may not be intentionally designed to produce identifiable information, personal data can still remain “absorbed” in the model’s parameters. Therefore, we evaluate the anonymity of AI models on a case-by-case basis, focusing on ensuring that personal data from the training set cannot be extracted through reasonable means and that outputs generated by the model do not relate to the original data subjects. We implement data minimization practices, careful selection of training data sources, and sound data preparation techniques.  

3. How We Share and Disclose Your Data

We may share your personal information in the following situations:

  • With Service Providers: We may share your personal information with third-party service providers who perform functions on our behalf, such as payment processing, data analytics, and cloud hosting. For example, payment information is handled by PCI-compliant third-party payment services. Analytics providers may collect information on visitor behavior and demographics.   
     
  • For Business Transfers: Your personal information may be shared or transferred during negotiations of, or in connection with, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.   
     

    With Affiliates: We may share your app visits with our affiliate partners, often in an anonymized form.   

     
  • For Law Enforcement and Legal Obligations: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).[2, 3] We may also disclose your personal data to comply with a legal obligation, protect and defend our rights or property, prevent or investigate possible wrongdoing in connection with the Service, protect the personal safety of users of the Service or the public, or protect against legal liability.   
     

No Sale or Sharing for Advertising/Brokerage: AltaBrio does not sell your personal information. We explicitly state that any health data collected, particularly via integrations, is not used for transfer to advertising platforms, data brokers, or information resellers. While some service providers (e.g., advertising partners) may use technologies that could be considered “selling” personal information under definitions like CCPA, we provide mechanisms for you to opt out of interest-based advertising through cookie consent banners, CCPA opt-out links, or mobile device settings.   

AI Model Outputs and Privacy Risks: Even if input or training data for AI models is initially anonymized, the outputs generated by the AI model can still introduce privacy risks. We implement robust privacy governance programs to identify and account for factors affecting data identifiability throughout the AI model’s lifecycle, including its outputs, to ensure the responsible and safe use of AI and anonymized data.   

4. Your Privacy Rights and Choices

We provide you with various rights regarding your personal data, in accordance with applicable laws:

  • Right to Access Your Personal Data: You have the right to request access to the personal data we hold about you. Whenever possible, you can access, update, or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us for assistance. This also enables you to receive a copy of the Personal Data we hold about you.[2, 6]
  • Right to Correction/Rectification: You have the right to request correction of any incomplete or inaccurate personal data we hold about you.  
     
  • Right to Deletion/Erasure: You have the right to ask us to delete or remove your personal data when there is no good reason for us to continue processing it.[2, 6] For California residents, this includes the right to request the deletion of your Personal Data collected in the past 12 months. You can delete your account from the profile section of the app, which in turn deletes all data related to your user account.  
     
  • Right to Data Portability: You have the right to request the transfer of your personal data to yourself or to a chosen third party in a structured, commonly used, machine-readable format. This right applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.  
     
  • Right to Opt-Out of Sale or Sharing (California & Colorado Residents): If you are a California or Colorado resident, you have the right to opt out of the sale or sharing of your personal information. Our website includes a clear and prominent link titled “Do Not Sell or Share My Personal Information” to enable you to exercise this right.   
     
  • Right to Object to Processing: You have the right to object to the processing of your personal data where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation that makes you want to object. You also have the right to object where we are processing your personal data for direct marketing purposes.[2, 6] The Colorado Privacy Act specifically grants the right to opt out of the use of personal data for targeted advertising or certain kinds of profiling.   
     
  • Right to Withdraw Consent: You have the right to withdraw your consent for the use of your personal data at any time. Please note that withdrawing consent may affect our ability to provide you with certain specific functionalities of the Service. Withdrawal will not affect the lawfulness of processing conducted prior to your withdrawal or processing based on other lawful grounds.[6]   
     
  • Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your privacy rights.[2, 7]

Exercising Your Rights: To exercise any of these rights, please contact us using the details provided in the “Contact Us” section below. We may need to verify your identity before responding to your request. We will respond to consumer requests within 45 days, with a possible 45-day extension if reasonably necessary, provided we inform you of the extension within the original 45-day period and provide reasons for the delay.   

Minor Users: While Strava, for example, enables greater privacy protections by default for individuals under 18 , AltaBrio ensures that consent for data collection from minors (e.g., ages 13-16) is collected directly, and for those under 13, consent is obtained from parents or legal guardians. California residents under 18 who are registered users should have the ability to request the removal of publicly posted content or information.   

5. Data Security and Retention

  • Security Measures: We are committed to implementing robust security measures to protect your personal data from unauthorized access, breaches, or misuse. This includes employing technical measures such as encryption, access controls, and secure data storage practices. While we strive to use commercially acceptable means to protect your Personal Data, it is important to acknowledge that no method of transmission over the Internet or electronic storage is 100% secure. We continuously monitor and audit our practices for compliance with data privacy regulations and best practices, taking prompt action to address any identified issues or vulnerabilities.   
     
  • Data Retention Policies: We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations (e.g., for financial records or law enforcement requests), to resolve disputes, and to enforce our legal agreements and policies. Usage Data is generally retained for shorter periods unless required for security, functionality improvement, or longer legal retention periods. We securely delete personal data upon request or after retention periods expire.   
     

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (like beacons, tags, and scripts) to track activity on our Service and store certain information.

  • Types of Cookies Used:
    • Strictly Necessary Cookies (Essential Cookies): These are fundamental for the site or app to function and deliver requested services, used for purposes like user authentication, blocking malicious login attempts, and shielding unauthorized access to member data.  
       
    • Non-Essential Cookies: These are not strictly necessary but are used to improve experience, perform analytics, and serve relevant ads. They include:  
       
      • Performance Cookies: These measure and optimize product usage and inform targeted advertising.  
         
      • Targeting Cookies (Advertising Cookies): These serve relevant ads to users who have visited our website, remembering their activities and sometimes sharing this information with third-party advertisers for targeted online advertising and ad measurement. We employ both first-party cookies (set by AltaBrio) and third-party cookies (set by other sites like Google).  
         
  • Purposes: We use these cookies to authenticate users and ensure security; to remember user preferences for a more personalized experience; to understand and improve user experience through analytics on website and app usage; and to serve relevant advertisements, including targeted advertising.  
     
  • User Control: You can accept, refuse, or delete all cookies, or specifically third-party cookies, through your browser settings. For Non-Essential Cookies, explicit consent is obtained, typically via a cookie banner, and you can manage these preferences at any time. For app users, control over interest-based advertising can often be managed through device settings (e.g., “Limit Ad Tracking” on iOS or advertising preferences on Android).  
     
  • “Do Not Track” Signals: Our Service does not currently respond to “Do Not Track” (DNT) signals.  
     

7. International Data Transfers

Your information, including Personal Data, may be processed at our operating offices and in any other places where the parties involved in the processing are located. This means that this information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.  

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Effective Date” at the top of this Privacy Policy. We will also inform you via email and/or a prominent notice on our Service, prior to the change becoming effective.[2, 4, 8] You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

9. Contact Us

If you have any questions about this Privacy Policy, your data, or wish to exercise your rights, you can contact us:

  • By email: coach@altabrio.com