privacy

00 / What you need to know

The short version.

AIDSTATION provides AI-driven coaching for endurance and multi-sport athletes. To do that, we collect information about your training, your goals, and (with your separate permission) your health and biometric data. We use this information to generate your training plans and to operate the service.

A few things we want to be clear about up front:

We do not sell your data, share it with advertisers, or send it to third-party AI providers for them to train their foundation models. We do use your training content to develop and improve our own AI coaching models — details in section 4.
Sensitive data — heart rate, sleep, body composition, injury history, and similar — is only collected with your explicit, separate opt-in, and these settings default to off.
You can access, correct, export, or delete your data at any time from within the app.
We do not collect or process pregnancy, menstrual cycle, gender identity, or genetic data. Our AI is instructed to refuse coaching on pregnancy-related topics.
Your training plans are generated by AI. We describe how this works in section 4.

This summary is for orientation only. The full terms below govern the relationship.

01 / Who we are

Who we are.

AIDSTATION Pro, LLC, a Texas limited liability company ("AIDSTATION," "we," "us," "our"), is the data controller for personal data processed through the AIDSTATION application and website.

Privacy contact: help@aidstation.pro
Postal address: AIDSTATION Pro, LLC, 509 Williams Avenue, Cleburne, TX 76033, United States
Website: www.aidstation.pro

Regional representatives (where applicable)

EU Representative: [TBD]
UK Representative: [TBD]
South Africa Information Officer: [TBD]

If your country has a data protection authority, you have the right to lodge a complaint with them. We hope you will contact us first so we can address your concern directly.

02 / Data we collect

The data we collect.

2.1 Account and profile data

We collect this when you create an account and use the service:

Name, email address, hashed password
Date of birth and biological sex (used for training calculations)
Country and time zone
Training history, goals, race targets, and discipline preferences
Equipment you have access to and training locations you use
Information you submit about gyms or training areas you contribute to our facility database

2.2 Activity data

This is the standard training data the service is built around:

Workouts you log or sync from connected devices
Pace, speed, cadence, distance, duration, elevation gain, power output
Training volume, frequency, and adherence to your plan
Subjective ratings (perceived exertion, fatigue, soreness)

2.3 Sensitive data (explicit opt-in required)

The following categories are sensitive under most privacy laws. We collect them only when you affirmatively enable each one. Each category can be toggled on or off independently, and each defaults to off:

Heart rate and heart rate variability (HRV)
Sleep duration and quality
Weight, body composition, and body fat percentage
VO₂ max and other derived health metrics
Resting and exercise blood pressure (if you choose to record)
Injury history and rehabilitation status
Medical conditions that affect training
Precise physical address
GPS route data from activities

You can change any of these settings at any time. Disabling a category stops new collection; previously collected data is handled per the rules in section 7.

2.4 Communications with us

Messages and prompts you send to the AI coach
Support tickets, feedback, and survey responses

2.5 Device and technical data

IP address, device type, operating system, app version
Diagnostic logs and crash reports
Cookies and similar technologies (see section 12 and our Cookie Policy)

2.6 Payment data

Payments are processed by a third-party payment processor. We do not receive or store full card numbers. We retain transaction confirmation, last four digits, billing country, and subscription status.

2.7 What we do not collect

Not collected · ever

Pregnancy status or pregnancy-related information
Menstrual cycle data
Gender identity (we collect biological sex only, for training calculations)
Genetic or genomic data
Information used to assess insurability or employability

Our AI coaching system is instructed to refuse engagement on pregnancy-related coaching and to direct you to qualified medical providers for those questions.

03 / How we use your data

How we use it.

We use data for the following purposes, on the following legal bases (where applicable):

Purpose

Data categories

Legal basis (EU/UK)

Provide coaching & generate plans

Account, activity, opt-in sensitive

Contract; explicit consent for sensitive data

Customer support

All categories as needed

Contract

Process payments

Payment, account

Contract

Account security & fraud prevention

Technical, activity

Legitimate interest

Marketing communications

Account, communications

Consent

Product improvement & analytics

Pseudonymized activity and account data

Legitimate interest; consent for non-essential analytics

AI model development & training (our own models)

Account, activity, communications; sensitive categories only when de-identified or aggregated

Legitimate interest (non-sensitive); explicit consent for sensitive categories

Research with academic partners

Pseudonymized data

Consent

Aggregated insights & facility crowdsourcing

Anonymized aggregates and user-contributed location data

Outside scope (anonymized) or contract

Legal compliance & protection of rights

As required

Legal obligation; legitimate interest

For users in jurisdictions that do not use the GDPR legal basis framework, we process data as necessary to provide the service you have requested, with separate consent for sensitive data and for any secondary uses.

04 / How AI coaching works

How AI coaching works.

AIDSTATION uses artificial intelligence to generate training plans, exercise recommendations, nutritional guidance, and other coaching outputs. We want you to understand this clearly:

Your training plan is generated by an AI system that draws on your profile, training history, goals, sport rules, exercise libraries, and (if you have enabled it) sensitive data such as heart rate and sleep.
The AI runs as a multi-layer process. Different layers handle race classification, athlete evaluation, plan generation, and validation. The system is designed to update plans when your situation changes (new performance data, an injury, a travel period).
Outputs are generated automatically. We retain the parsed coaching notes derived from your interactions. We do not retain raw conversation transcripts.
AI inference for live coaching outputs is currently performed by Anthropic under their commercial terms. Anthropic does not use your data to train their foundation models.
By default, AIDSTATION uses your training content and parsed coaching notes to develop, evaluate, and refine our own AI coaching systems, including our own models, prompts, retrieval systems, and datasets. This use is on by default; you can opt out at any time (see section 9). Where sensitive categories (as listed in section 2.3) are involved, we de-identify or aggregate inputs before they leave the production environment and we do not include sensitive categories in training without the same opt-ins that govern their collection. The license under which we use Your Content for these purposes is set out in section 8.2 of our Terms and Conditions.
You can object to the use of your data for our AI model training under the right to object described in section 9. Where sensitive categories are involved, you can also exercise the right to limit use of sensitive personal information (where applicable).

This is automated processing. Under EU and UK data protection law (Article 22 GDPR), you have rights regarding decisions made solely by automated means that produce legal or similarly significant effects. Coaching recommendations are advisory; they do not produce such effects, and you are free to follow, modify, or ignore them. If you would prefer not to use AI features, you can disable them in account settings.

AI does not provide medical advice. Coaching outputs are not a substitute for consultation with qualified medical providers. Discuss any health concerns with your physician before acting on training recommendations.

05 / Sharing your data

Sharing your data.

5.1 We do not sell or share for advertising

We do not sell personal data.
We do not share data with advertising networks or for cross-context behavioral advertising.
We do not allow third-party advertising on our service.

5.2 Service providers (subprocessors)

We engage third-party service providers to operate AIDSTATION. These providers process data on our behalf under contracts that require confidentiality and appropriate data protection.

A current list of our service providers is available at www.aidstation.pro/partners.

5.3 Integration partners

You can connect AIDSTATION to third-party services such as fitness device platforms, training data providers, and similar tools. When you authorize an integration:

You authorize the third party to share specified data with us, and vice versa where applicable.
Your relationship with that third party is governed by their privacy policy and terms, not ours.
If you disconnect an integration, we stop receiving new data from that source. Previously received data remains in your AIDSTATION account and continues to be governed by this policy.

We maintain a current list of integration partners on the same Partners page noted above.

5.4 Team features

When you join a team plan or train as part of a team, your teammates can see your training plan only. They cannot see your account information, contact details, sensitive data, or any other personal information. Teams are athlete-to-athlete; the service does not provide a human-coach role. You can leave a team at any time, at which point new plan information stops being shared.

5.5 Research partners

With your consent, we share pseudonymized data with academic research partners. Specifically:

Data is pseudonymized before sharing (your identity is replaced with a random token; the lookup table is held by us, not the researcher).
Researchers must have approval from an Institutional Review Board (IRB) or equivalent ethics committee.
Sharing is governed by a Research Data Use Agreement that prohibits re-identification, commercial reuse, and onward sharing.
Researchers must agree to data minimization (using only fields needed for the study) and to a defined retention period with destruction at study end.
Aggregate study results may be published; individual-level data may not.
You can opt out of research participation at any time in your account settings. Opt-out prevents new sharing; it does not retract data already shared with an active study.

5.6 Aggregated public insights

We may publish or share aggregated statistics derived from our user base (for example, average training metrics by sport, age band, and region). Aggregated statistics are derived from at least 25 contributing users, with small-cell suppression applied to prevent re-identification.

5.7 Legal disclosure

We disclose personal data when required by law, court order, or governmental authority, or when we believe in good faith that disclosure is necessary to protect rights, safety, or property. Where permitted, we will notify affected users.

5.8 Business transfers

If AIDSTATION is involved in a merger, acquisition, financing, or sale of assets, personal data may be transferred as part of that transaction. We will notify users and ensure that any successor entity is bound by commitments at least as protective as this policy.

06 / International data transfers

Where your data lives.

AIDSTATION is operated from the United States, and data is stored on servers located in the United States.

If you access AIDSTATION from outside the United States, your data is transferred to, stored in, and processed in the United States, which may not have data protection laws equivalent to those in your country.

For users in the European Economic Area, the United Kingdom, and Switzerland, we rely on Standard Contractual Clauses approved by the European Commission (and the UK addendum for UK users) as the legal mechanism for transfers. We conduct Transfer Impact Assessments and apply supplementary measures where required.

You can request a copy of the Standard Contractual Clauses applicable to your data by contacting help@aidstation.pro.

07 / How long we keep your data

Retention & deletion.

Active accounts

While your account is active, we retain your data to provide the service.

Inactive accounts

After 18 months of inactivity, we will notify you and give you the option to keep your account active.
After 24 months of inactivity with no response, your account is de-identified: personal identifiers such as your name, email, contact details, and account credentials are removed, and your remaining training history is decoupled from your identity. The decoupled data is retained in pseudonymized form, and any genuinely aggregated data in aggregated form, for product improvement and research.

Deletion requests

You can delete your account at any time from the app (Account → Privacy → Delete Account).
When you request deletion, your account is marked for deletion and you have 14 days to change your mind by logging back in.
If you don't cancel, your personal data is erased from our active systems and the process completes within 30 days of your request — the maximum period allowed under GDPR Article 12(3). For unusually complex requests we may extend this by up to two further months, and we will tell you if we do.
Data in routine backups is purged within 90 days as those backups roll over; backups are not selectively edited, and if a backup is ever restored, your deletion is re-applied.
We may retain limited information where required by law (e.g., tax records, fraud prevention).

Raw AI conversations

We do not retain raw conversation transcripts. Only the parsed coaching notes and structured outputs derived from your interactions are stored.

Aggregated and de-identified data

Data that has been irreversibly aggregated — combined across users so that it can no longer be linked to you — may be retained indefinitely, and once data reaches that state it is no longer personal data under applicable privacy laws. Pseudonymized data, including data left after an inactive account is de-identified, may still in principle be linked to you and therefore remains personal data; we continue to apply this Policy to it.

AI models and derivatives

AI models, prompts, embeddings, datasets, and other learning systems that were trained on or derived from your data may continue to operate after your account is deleted. These incorporate generalized learnings and do not retain identifiable copies of your data in their normal operation. We take reasonable technical measures to prevent memorization and identifiability in outputs. See section 8.2 of our Terms and Conditions for the license under which Your Content is used for these purposes.

Copyright notices

If you submit a DMCA notice or counter-notification about content on the service, we retain the notice, our records of action, and related correspondence as needed to comply with U.S. copyright safe-harbor requirements and to defend against potential copyright claims. Where content has been removed in response to a DMCA notice, it remains removed independent of any deletion or opt-out you exercise; restoration occurs only through a successful counter-notification. Our DMCA process and the Designated Agent contact are at aidstation.pro/dmca.

08 / Security

How we protect this.

We implement technical and organizational measures to protect your data, including:

Encryption in transit (TLS) and at rest
Authentication, role-based access controls, and least-privilege access for our personnel
Logging and monitoring of access to personal data
Regular review of security practices
Vendor due diligence on service providers

No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you and the relevant regulatory authority within the longest period permitted under applicable law in your jurisdiction, and sooner where required.

09 / Your rights

Your rights.

You have rights with respect to your personal data. The specific rights available to you depend on where you live, but the following rights are available to all AIDSTATION users:

Access: Receive a copy of the personal data we hold about you.
Correction: Correct inaccurate or incomplete data.
Deletion: Delete your account and personal data (self-service in the app).
Portability: Export your data. We provide tabular training data in CSV format and other stored data in an appropriate machine-readable format. We export only data we actually store; raw AI conversations are not stored and not part of exports.
Restriction: Limit certain processing in defined cases.
Objection: Object to processing based on our legitimate interests, including the use of your data to develop and train our own AI coaching models. You can object via account settings or by contacting us; objection stops new use of your data for the objected-to purpose. Trained models already produced may continue to operate as described in section 7.
Withdraw consent: Where processing is based on consent, withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Complain: Lodge a complaint with your local data protection authority.

9.1 How to exercise your rights

In-app: Account → Privacy → Manage Data
Email: help@aidstation.pro

We respond to requests within 30 days. Complex requests may be extended by up to an additional 60 days with notice to you.

9.2 Verification

We verify the identity of anyone making a request to protect your data. For most requests, this means confirming the request from your registered email address. For deletion or other sensitive requests, we may ask for additional verification.

9.3 Authorized agents (California and similar laws)

You can authorize an agent to make requests on your behalf. We require written authorization signed by you and direct confirmation from you that the agent is acting at your direction. We may verify the agent's identity.

9.4 Non-discrimination

We will not discriminate against you for exercising your privacy rights. Service, pricing, and features will not change based on whether you exercise these rights.

10 / Privacy by default

Privacy by default.

We design AIDSTATION so that the most privacy-protective settings are the defaults. In particular:

Sensitive data categories (heart rate, sleep, body composition, GPS routes, and others listed in section 2.3) are off by default. You must affirmatively enable each one.
Marketing communications require separate opt-in.
Research participation can be turned off at any time in settings.
Team plan visibility is limited to your training plan only; other personal data is never shared with teammates.

11 / Children

Children.

AIDSTATION is intended for users 16 years of age or older. We do not knowingly collect or process personal data from anyone under 16.

If you believe a person under 16 has provided us with personal data, please contact help@aidstation.pro and we will remove the information.

12 / Cookies & tracking

Cookies and tracking.

AIDSTATION uses cookies and similar technologies on our website and within the app. We use two categories:

Strictly necessary cookies: Required for the service to function (authentication, security). These do not require consent.
Analytics cookies: Help us understand how users interact with the service so we can improve it. These require your consent where applicable.

We do not use advertising or marketing cookies.

We honor Global Privacy Control (GPC) signals from your browser where applicable, treating them as a request to opt out of any data sharing that would qualify as a sale or share under U.S. state privacy laws.

For details, see our Cookie Policy at www.aidstation.pro/cookies.

13 / Marketing communications

Marketing communications.

We send marketing communications (newsletters, product announcements, promotional content) only with your separate opt-in consent. You can opt out at any time using the unsubscribe link in any marketing email or by changing your account settings.

Transactional communications (account verification, password reset, billing receipts, security alerts, important service notices) are not subject to marketing opt-out. You will continue to receive these as long as your account is active.

14 / U.S. state-specific disclosures

U.S. state-specific disclosures.

14.1 California residents (CCPA / CPRA)

Categories of personal information collected (in the past 12 months):

Identifiers (name, email, account ID, IP address)
Customer records (account information)
Internet or network activity (app usage, device information)
Geolocation data (general location; precise location only with opt-in)
Sensory information (none beyond user-input data)
Professional or employment-related information (none)
Inferences (training preferences, performance trajectory)
Sensitive personal information: health data, precise location (opt-in), account credentials

Sources of personal information: directly from you, from your connected integrations, automatically from your use of the service.

Categories of recipients: our service providers, integration partners you authorize, research partners with your consent, legal authorities where required.

Purposes: as described in section 3.

Your California rights:

Right to know what we collect, use, share, and how
Right to delete personal information
Right to correct inaccurate information
Right to opt out of sale or sharing (we do not sell or share)
Right to limit use of sensitive personal information
Right to non-discrimination
Authorized agent submissions

Notice at collection: We collect the categories listed above for the purposes described in this policy. We retain data per section 7. We do not sell or share personal information.

14.2 Other U.S. states

Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Delaware, New Hampshire, New Jersey, Kentucky, Maryland, Minnesota, Nebraska, Rhode Island, and other states with comparable privacy laws have rights including:

Right to access, correct, and delete personal data
Right to portability
Right to opt out of sale, targeted advertising, and certain profiling
Right to appeal denial of a privacy request

To exercise these rights, contact help@aidstation.pro or use in-app controls. We respond within 30 days (extendable by up to a further two months for complex requests, with notice to you), consistent with our response-time commitment in section 9.1. We honor Global Privacy Control signals from your browser.

15 / Regional information

Regional information.

15.1 European Economic Area and United Kingdom (GDPR / UK GDPR)

Legal bases for processing are listed in section 3.
You have the right to lodge a complaint with your supervisory authority. Find yours at edpb.europa.eu or, in the UK, with the ICO at ico.org.uk.
Our EU and UK representatives will be listed in section 1 when appointed.

15.2 Canada (PIPEDA, Quebec Law 25, and provincial laws)

We follow PIPEDA principles and the additional requirements of Quebec Law 25, including privacy by default and information about automated decisions.
You can complain to the Office of the Privacy Commissioner of Canada or to the Commission d'accès à l'information du Québec.

15.3 Australia (Privacy Act 1988 and Australian Privacy Principles)

We handle personal information consistent with the Australian Privacy Principles.
Complaints: Office of the Australian Information Commissioner at oaic.gov.au.

15.4 New Zealand (Privacy Act 2020)

We handle personal information consistent with the New Zealand Privacy Act 2020.
Complaints: Office of the Privacy Commissioner at privacy.org.nz.

15.5 South Africa (POPIA)

Our Information Officer will be listed in section 1 when appointed.
Complaints: Information Regulator at inforegulator.org.za.

16 / Changes to this policy

Changes to this policy.

We may update this policy from time to time. When we make material changes, we will:

Notify you in the app and by email at least 30 days before the changes take effect
Update the "Last updated" date at the top
Where required by law, request your renewed consent

If you do not agree with the updated policy, you can delete your account before the changes take effect.

17 / Contact us

Contact us.

For privacy questions, requests, or complaints:

Email: help@aidstation.pro
Postal: AIDSTATION Pro, LLC, 509 Williams Avenue, Cleburne, TX 76033, United States
In-app: Account → Privacy → Contact Us

If you have a complaint we have not resolved, you can contact the data protection authority in your country (see section 15).

This policy is effective as of the Effective Date above and supersedes any prior version.

Privacy Policy.