Privacy Policy

Last updated: May 2025

1. Introduction

We at AthlioConnect (operated by Digilab Sports Ltd., a UK registered company, Company Number 16021681, registered address: 40 Foregate Street, Kingsway House, Worcester, WR1 1EE) are committed to protecting your personal data and respecting your privacy. This policy explains how we collect, use, and protect your personal information when you use our platform and related services. Digilab Sports Ltd. acts as the Data Controller for your personal data.

2. Data We Collect

We may collect and process the following data about you:

Personal identification information (e.g., name, email address, phone number)
Health and rehabilitation data (e.g., medical history, performance data, training logs)
Usage data (e.g., information about how you use AthlioConnect, including app interactions and session durations)
Technical data (e.g., IP address, browser type, device information, operating system)
Analytics data collected via Mixpanel and Supabase (e.g., engagement metrics, feature usage, session frequency, approximate location, and device type)
Cookie data where applicable (see our Cookie Policy below)

AthlioConnect may store essential app data locally on your device using secure storage mechanisms (such as AsyncStorage). This is used solely to maintain your login state and personalize your experience. No tracking or behavioral data is collected via this storage.

3. How We Use Your Data

Your data may be used for the following purposes:

To provide and maintain AthlioConnect services
To manage your account and user profile
To track your rehabilitation and performance progress
To analyze app and website usage via Mixpanel and Supabase analytics, improving performance and user experience
To manage authentication and security through Auth0
To process payments securely through Stripe
To communicate with you about your account or app activity
To comply with legal obligations

4. Legal Basis for Processing Your Data

We process your personal data based on the following legal grounds:

Consent: You have provided explicit consent for us to process your data, especially any sensitive health data.
Contract: Processing is necessary for the performance of a contract with you (e.g., your use of AthlioConnect).
Legal obligation: To comply with our legal responsibilities.
Legitimate interests: For improving AthlioConnect and analyzing usage data (via Mixpanel and Supabase), provided this does not override your rights.

5. Data Sharing and Disclosure

We do not sell or share your personal data with third parties except in the following situations:

When required by law or to respond to legal process
With service providers who help us operate AthlioConnect, including:

AWS – for secure hosting and file storage
Supabase – for database and analytics infrastructure
Mixpanel – for usage and performance analytics
Auth0 – for authentication and account management
Stripe – for secure payment processing

When you provide explicit consent to share your data (e.g., with your physio or manager within the AthlioConnect system)

All service providers process your data under strict confidentiality and data protection agreements. If any data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner’s Office (ICO).

6. Device Permissions

AthlioConnect may request access to certain features of your device, such as:

Camera and microphone (for recording and uploading exercise or rehab videos)
Photo and file storage (to upload or view media)
Push notifications (to send rehab reminders and updates)

These permissions are used solely for app functionality and can be managed or revoked in your device settings at any time.

7. Cross-Platform Data Synchronization

If you use both the web and mobile versions of AthlioConnect, certain data (such as workouts, videos, and training progress) may sync securely across devices via AWS and Supabase services.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Health data is retained only with your ongoing consent. You may request deletion of your data at any time.

9. Your Rights

Under UK data protection law, you have the following rights:

The right to access the personal data we hold about you
The right to correct or update your personal data
The right to request deletion of your personal data
The right to restrict processing of your data
The right to data portability
The right to object to processing of your data
The right to withdraw consent at any time
The right to lodge a complaint with the UK Information Commissioner’s Office (ICO)

To exercise these rights, please contact us at ted@digilabsports.com.

10. Data Security

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, secure authentication, firewalls, and audit logging where appropriate.

11. Children’s Privacy

AthlioConnect is not intended for children under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently received personal data from a child under 16, we will delete such data promptly.

12. Cookie Policy

While AthlioConnect’s mobile applications do not use cookies, our website may use cookies or similar technologies to enhance your browsing experience, analyze traffic (via Supabase Analytics and Mixpanel), and personalize content. By using our website, you consent to the use of cookies as described in this policy. You can manage your cookie preferences through your browser settings.

13. Changes to This Privacy Policy

We may update this privacy policy from time to time. Any changes will be posted on this page, and where appropriate, notified to you by email or in-app notification. Continued use of AthlioConnect after updates constitutes acceptance of the revised policy.

14. Contact Us

If you have any questions about this privacy policy or our data practices, please contact:

Data Controller: Digilab Sports Ltd.
Email: ted@digilabsports.com
Address: 40 Foregate Street, Kingsway House, Worcester, WR1 1EE, United Kingdom