Privacy Policy

Last Updated: February 9, 2026

1. Introduction

PerformUp Inc. ("PerformUp," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, share, and protect your information when you use our website at https://performup.io, our mobile applications, and related services (collectively, the "Services").

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

• Name, email address, and contact details
• Date of birth and demographic information
• Username and password
• Profile information and preferences

Health and Medical Information:

• Medical history and current health conditions
• Current medications and supplements
• Training restrictions and injury history
• Physical fitness assessments and goals
• Self-reported symptoms and wellness data

Performance Data:

• Training logs and workout data
• Performance metrics and goals
• Sport-specific assessments and test results
• User-generated content and communications

2.2 Information from Connected Devices

Fitness Device Data:

• Heart rate, heart rate variability (HRV)
• GPS location data for workouts
• Pace, speed, distance, and duration metrics
• Power output and training load data
• Sleep patterns and recovery metrics
• Running dynamics and biomechanical data

Other Wearable Devices:

• Step count and activity levels
• Calories burned and metabolic data
• Environmental conditions during workouts

2.3 Information Collected Automatically

Usage Data:

• How you interact with our Services
• Features used and time spent in the app
• AI conversation logs and queries
• Error logs and diagnostic information

Technical Information:

• IP address and approximate location
• Device type, operating system, and browser
• Unique device identifiers
• Network and connection information

Cookies and Similar Technologies:

• Authentication and session management
• User preferences and settings
• Analytics and performance monitoring
• Security and fraud prevention

3. How We Use Your Information

3.1 Primary Services

AI-Powered Insights:

• Generate personalized training recommendations
• Analyze performance trends and patterns
• Provide injury prevention strategies
• Create customized workout plans

Performance Analysis:

• Process fitness and health data through our AI systems
• Compare your metrics against relevant benchmarks
• Track progress toward your goals
• Identify areas for improvement

Conversational Interface:

• Respond to your performance-related questions
• Provide contextual recommendations
• Maintain conversation history for continuity
• Learn from your preferences and feedback

3.2 Service Operations

Account Management:

• Authenticate your identity and manage sessions
• Provide customer support and technical assistance
• Send important service communications
• Process subscription payments and billing

Platform Improvement:

• Analyze usage patterns to enhance our Services
• Develop new features and capabilities
• Improve AI algorithm accuracy and reliability
• Conduct research for service optimization

Legal and Compliance:

• Comply with applicable laws and regulations
• Protect our rights and prevent fraud
• Respond to legal requests and investigations
• Enforce our Terms of Service

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, we process your personal information based on:

• Consent: For processing sensitive health data and marketing communications
• Contract Performance: To provide our Services as agreed in our Terms
• Legitimate Interests: For service improvement, security, and analytics
• Legal Compliance: To meet regulatory requirements and legal obligations

5. Information Sharing and Disclosure

5.1 We DO NOT Sell Your Information

We never sell, rent, or trade your personal information to third parties for monetary or other valuable consideration.

5.2 Limited Sharing Circumstances

Service Providers:

• Cloud storage and computing providers (with data processing agreements)
• Analytics and performance monitoring services
• Customer support and communication platforms
• Payment processors for subscription services

Business Transfers:

• In connection with mergers, acquisitions, or asset sales
• Your information would be transferred subject to equivalent privacy protections

Legal Requirements:

• To comply with court orders, subpoenas, or legal processes
• To protect our rights, property, or safety
• To prevent fraud or illegal activities
• As required by applicable laws and regulations

With Your Consent:

• When you explicitly authorize specific disclosures
• For research purposes (only in aggregated, de-identified form)

5.3 Device Integration Partners

Device Manufacturers:

• We receive data from these services based on your authorization
• We do not share your PerformUp data back to these services
• Review their privacy policies for data they collect independently

6. Data Security and Protection

6.1 Security Measures

We implement industry-standard security measures including:

Technical Safeguards:

• End-to-end encryption for data transmission
• Encryption at rest for stored data
• Secure authentication and access controls
• Regular security audits and penetration testing

Administrative Safeguards:

• Employee training on data protection
• Strict access controls and monitoring
• Incident response procedures
• Vendor management and due diligence

Physical Safeguards:

• Secure data center facilities
• Environmental and access controls
• Equipment disposal procedures

6.2 Data Breach Response

In the unlikely event of a data breach affecting your personal information:

• We will investigate and contain the incident immediately
• Affected users will be notified within 72 hours of discovery
• We will provide specific information about the breach and mitigation steps
• Relevant authorities will be notified as required by law

7. Your Rights and Choices

7.1 Access and Control

Account Settings:

• Update your profile information and preferences
• Control data sharing and privacy settings
• Manage connected devices and integrations
• Review your conversation history with our AI

Data Access:

• Request a copy of your personal information
• Download your performance and health data
• Review how your information is being used

7.2 Your Privacy Rights

Depending on your location, you may have the following rights:

• Right to Access: Obtain confirmation of processing and a copy of your data
• Right to Rectification: Correct inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal information
• Right to Portability: Receive your data in a structured, machine-readable format
• Right to Restrict Processing: Limit how we use your information
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Revoke consent for specific processing activities

7.3 Exercising Your Rights

To exercise these rights:

• Contact us using the information provided below
• We will verify your identity to protect your information
• Response will be provided within 30 days (45 days for complex requests)
• No fees will be charged unless requests are excessive or unfounded

8. Data Retention

8.1 Retention Periods

• Account Data: Retained while your account is active and for 2 years after closure
• Health and Performance Data: Retained for the duration of your account plus 5 years for research purposes
• Usage and Technical Data: Retained for 2 years from collection
• Communication Records: Retained for 3 years for customer service purposes

8.2 Deletion Process

When data is deleted:

• Information is removed from active systems within 30 days
• Backup systems are purged according to our retention schedule
• Some information may be retained longer if required by law
• Anonymized, aggregated data may be retained indefinitely for research

9. International Data Transfers

9.1 Cross-Border Processing

Your information may be processed in countries other than your residence, including:

• United States (where our primary servers are located)
• Countries where our service providers operate
• Locations necessary for providing global services

9.2 Transfer Safeguards

For transfers outside your jurisdiction, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by relevant authorities
• Certification schemes and codes of conduct
• Binding corporate rules where applicable

10. Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected information from a child under 18, we will delete such information promptly.

Parents or guardians who believe their child has provided personal information to us should contact us immediately.

11. Health Information Special Protections

11.1 Sensitive Health Data

We recognize that health information requires special protection:

• Enhanced Security: Health data receives additional encryption and access controls
• Limited Use: Health information is used only for providing our core Services
• Consent Management: You can control how health data is processed and shared
• Professional Standards: We follow healthcare industry best practices for data protection

11.2 HIPAA Considerations

While PerformUp is not a covered entity under HIPAA, we voluntarily adopt many HIPAA-like protections for your health information, including:

• Administrative, physical, and technical safeguards
• Minimum necessary standards for data access
• Employee training on health information protection
• Incident response procedures specific to health data

12. California Privacy Rights

12.1 California Consumer Privacy Act (CCPA)

California residents have additional rights under the CCPA:

• Right to Know: Categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of the sale of personal information (we don't sell data)
• Right to Non-Discrimination: Equal service and pricing regardless of privacy choices

12.2 California Shine the Light Law

California residents may request information about personal information disclosed to third parties for marketing purposes. Since we don't share personal information for third-party marketing, this typically won't apply.

12.3 Consumer Health Data

Under California law, we provide additional protections for "Consumer Health Data":

• Clear consent for collection and use
• Right to confirm whether we collect or share such data
• Right to access and delete Consumer Health Data
• Enhanced security measures for sensitive health information

13. European Union Privacy Rights

13.1 GDPR Compliance

If you're located in the EU/EEA, you have additional rights under the General Data Protection Regulation:

• Lawful Basis Transparency: Clear explanation of why we process your data
• Data Minimization: We collect only information necessary for our Services
• Purpose Limitation: Data is used only for stated purposes
• Storage Limitation: Information is retained only as long as necessary

13.2 Data Protection Officer

For EU-related privacy matters, you may contact our Data Protection Officer:

• Email: hello@performup.io
• Address: 7777 Westside Dr, San Diego, CA 92108

13.3 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

14. Updates to This Privacy Policy

14.1 Policy Changes

We may update this Privacy Policy from time to time to reflect:

• Changes in our Services or business practices
• New legal requirements or regulations
• Industry best practices and standards
• User feedback and concerns

14.2 Notification of Changes

When we make material changes to this Privacy Policy:

• The "Last Updated" date will be revised
• Registered users will receive email notification
• Prominent notices will be posted on our website and in our app
• For significant changes, we may request renewed consent

14.3 Your Continued Use

Your continued use of our Services after Privacy Policy updates constitutes acceptance of the changes. If you disagree with modifications, you may terminate your account.

This Privacy Policy is designed to be transparent about our data practices. We encourage you to read it carefully and contact us with any questions.