Privacy Policy — PerformIQ

1. Introduction

PerformIQ (“we”, “us”, “our”) respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform.

2. Information We Collect

Account Information: Name, email address, and password when you register.

Profile Data: Date of birth, height, weight, sport, position, training experience, and other onboarding questionnaire responses.

Training Data: Workout logs, exercise history, strength metrics, velocity-based training data, and performance analytics.

Nutrition Data: Food entries, calorie and macro tracking, and bodyweight logs.

Movement Data: Video and pose estimation data submitted for biomechanical analysis.

Device Data: Health and fitness data imported from connected devices (e.g., Apple Health, wearables) with your permission.

Usage Data: Browser type, IP address, pages visited, and session duration collected automatically for analytics.

3. How We Use Your Information

To provide, personalize, and improve the Service.
To generate AI-powered readiness scores, recommendations, and performance insights.
To track your training progress and athletic development over time.
To send account-related communications (confirmations, password resets, important updates).
To improve our algorithms using anonymized, aggregated data.

4. Data Storage & Security

Your data is stored on secured servers hosted by Railway (cloud infrastructure).
Passwords are hashed using industry-standard algorithms and are never stored in plain text.
We use HTTPS encryption for all data transmission.
We implement reasonable technical and organizational measures to protect your data, but no system is 100% secure.

5. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share data only in the following cases:

Service Providers: Third-party services that help us operate the platform (e.g., email delivery, hosting) may process data on our behalf under strict confidentiality agreements.
Legal Requirements: If required by law, regulation, or legal process.
Safety: To protect the rights, safety, or property of PerformIQ, our users, or the public.

6. Cookies & Tracking

We use essential session cookies to maintain your login state. Optional analytics and performance cookies can be enabled or disabled via the cookie consent banner shown on your first visit, or through Settings > Data & Privacy.

Essential Cookies: Required for authentication and security. Cannot be disabled.
Analytics Cookies: Help us understand platform usage to improve features. Optional.
Performance Cookies: Enable faster load times and personalized experiences. Optional.

We do not use third-party advertising cookies or trackers. No data is shared with advertising networks. You may withdraw cookie consent at any time via Settings.

7. Your Rights

Under GDPR (for EU users), PIPEDA (for Canadian users), and applicable privacy laws, you have the right to:

Access your personal data stored on the platform.
Correct inaccurate information via the Settings page.
Delete your account and all associated data at any time via Settings > Data & Privacy > Delete My Account. Deletion is processed after a 30-day grace period during which you may cancel the request.
Export your data in a portable JSON format via Settings > Data & Privacy > Export My Data (GDPR Article 20).
Withdraw consent for optional data processing (analytics, AI model training) at any time via Settings > Data & Privacy.
Object to processing of your data for specific purposes.
File a complaint with your local data protection authority if you believe your rights have been violated.

8. Data Retention

We retain your data for as long as your account is active. If you delete your account, your personal data will be permanently removed from our systems within 30 days. Anonymized, aggregated data may be retained indefinitely for research and improvement purposes.

9. Children’s Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will promptly delete the data.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will reflect the most recent revision. Continued use of the Service after changes constitutes acceptance.

11. Sub-Processors

We use the following third-party service providers (“sub-processors”) to operate the platform. Each processes data on our behalf under strict confidentiality agreements:

Provider	Purpose	Data Location
Railway	Application hosting & PostgreSQL database	US (AWS)
Resend	Transactional email delivery (password resets, confirmations)	US
Google (Gemini AI)	AI-powered photo analysis (when user initiates)	US
Health Canada / USDA	Nutrition database lookups (no personal data sent)	CA / US
GitHub	Source code repository & CI/CD	US

This list was last updated on March 2, 2026. We will update this list when sub-processors change and notify affected users.

12. Data Breach Notification Procedure

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

Within 72 hours: Notify the relevant supervisory authority (as required by GDPR Article 33) and the Office of the Privacy Commissioner of Canada (as required by PIPEDA).
Without undue delay: Notify affected users via email with a description of the breach, the data involved, the likely consequences, and the measures taken to address the breach.
Document: Maintain an internal record of all breaches, including facts, effects, and remedial actions taken (GDPR Article 33(5)).
Remediate: Take immediate steps to contain the breach, assess the scope, and implement measures to prevent recurrence.

To report a suspected security issue, contact us immediately at [email protected].

13. PIPEDA Compliance (Canada)

As a Canadian platform, PerformIQ complies with the Personal Information Protection and Electronic Documents Act (PIPEDA). Key principles:

Meaningful consent: We obtain consent before collecting, using, or disclosing your personal information. You can withdraw consent for optional processing at any time via Settings.
Limiting collection: We only collect information necessary to provide and improve the Service.
Accuracy: You can review and correct your personal information at any time.
Safeguards: We protect personal information with security measures appropriate to the sensitivity of the data.
Accountability: Our designated privacy contact is responsible for compliance and can be reached at the address below.

14. Data Protection Officer

For privacy-related questions, data access requests, or to exercise any of your rights under GDPR or PIPEDA, contact our designated privacy representative:

Justin Sillar
PerformIQ — Privacy Contact
Email: [email protected]

We aim to respond to all privacy requests within 30 days.

15. Data Processing Agreement

For institutional or B2B customers (e.g., sports teams, coaching organizations) where coaches access athlete data, a Data Processing Agreement (DPA) is available. View our standard DPA template or contact us to request a customized agreement.

16. Contact

For privacy-related questions or requests, contact us at [email protected].