Overview
This Privacy Policy describes how Become Athletic ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our website and mobile app (the "Platform"). It is written to comply with the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018.
Data We Collect
We collect only the data necessary to deliver our coaching service:
- Account: name, email, password (stored hashed), authentication provider.
- Profile: age, sex, height, weight, training experience, main goal, injury history, phone (optional).
- Assessment data: your CWC Standards test inputs and derived tier/score.
- Training data: exercise logs, sets, reps, load, session completions, streak history.
- Billing metadata: Stripe customer ID, subscription status, invoice references (we never see your card number).
- Technical: device type, browser, IP address (for security), timestamps.
- Communications: messages you send to the coach, support enquiries.
Why We Collect It (Legal Basis)
- Contract: to provide the training programmes, tracking, and content you signed up for.
- Consent: to send you updates, coach messages, and optional marketing (which you can opt out of at any time).
- Legal obligation: to keep VAT and accounting records where required by Irish or EU law.
- Legitimate interest: to protect the Platform from fraud and abuse, and to improve our product.
How Data Is Stored
Your data is stored in encrypted databases hosted within the European Economic Area (EEA) where possible. Passwords are hashed using industry-standard algorithms (bcrypt) — we never see or store your plaintext password. Access to production data is restricted to authorised personnel on a need-to-know basis and is logged.
Payment Processing — Stripe
All payments are processed by Stripe Payments Europe, Ltd., a PCI-DSS Level 1 certified processor. We do not receive, see, or store your card number, CVC or full card expiry. Stripe processes the payment and returns to us only a customer ID, subscription status, last-4 digits (for display), and invoice references. Stripe's own privacy policy governs the data they collect: see stripe.com/privacy.
Google Authentication (Optional)
If you choose to sign in with Google, we receive your email, name and profile picture from Google in order to create or match your Become Athletic account. We do not receive your Google password or access to any other Google service. You can disconnect at any time by setting a password and switching to email login, or by closing your account.
Exercise Logs & Training History
The reps, sets, loads, and completion data you record are used to power your progress charts, streaks, roadmap recommendations, and admin analytics. This data is visible to you in the app at any time, and — in anonymised, aggregated form — helps us improve programme design. Your individual training history is never sold or shared.
Assessment Results
Your CWC Standards scores and body-map inputs are used to generate your recommended programme and to allow the coach to give better advice. They are stored securely against your account and are visible to you in Your Roadmap. Only you and CWC Method coaching staff can access your individual assessment results.
Analytics
We use aggregated, non-personal analytics to understand usage patterns (e.g. which programmes get the most sessions, which pillars need more content). Where possible we use IP-anonymised and cookieless techniques. We do not sell analytics data to third parties.
Data Retention
- Account & profile: retained while your account is active, plus up to 12 months after closure for legal and dispute-handling purposes.
- Training logs: retained while your account is active, then anonymised.
- Billing records: retained for 7 years to satisfy Irish tax and accounting law.
- Communications: retained for up to 24 months.
You may request earlier deletion — see Your Rights.
Your Rights (GDPR)
Under the GDPR you have the right to:
- Access: receive a copy of the personal data we hold about you.
- Rectification: correct inaccurate or incomplete data.
- Erasure: ask us to delete your account and data ("right to be forgotten"), subject to legal retention requirements.
- Restriction & objection: limit or object to certain processing.
- Portability: receive your data in a machine-readable format.
- Withdraw consent at any time.
- Complain to the Data Protection Commission of Ireland (dataprotection.ie) if you believe your rights have been violated.
To exercise any right, email us at the address below. We will respond within 30 days.
Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates the most recent revision. Material changes will be communicated by email or in-app notice where reasonably possible.