Privacy Policy

Effective Date: July 2, 2026

Spikes (“Spikes,” “we,” “our,” or “us”) provides a training app that helps athletes analyze wearable, recovery, and training signals.

Operator

Spikes Technologies LLC

315 Ashland Ave

Highwood, IL 60040

United States

Email: team@spikesapp.com

Website: spikesapp.com

1. Information We Collect

Information You Provide Directly

When creating an account, completing onboarding, or using the platform, we may collect:

  • Account information, including email address and account ID
  • Profile and onboarding answers, including birthday, training sex, height, weight, goals, schedule preferences, injury history, and consent timestamps when present
  • Training data, including manual workouts, check-ins, notes, recent activities, and training history
  • Support messages you choose to send

This information allows us to create accounts and provide training analytics services.

Wearable Device Data

Spikes allows users to connect supported wearable sources through ROOK in order to analyze training data.

Current supported sources are Garmin through ROOK, Polar through ROOK, and Apple Health through the ROOK SDK.

When users connect a wearable source, Spikes may access authorized data through ROOK and the provider.

This data may include:

  • Activity records and recent activities
  • Heart rate and HRV metrics
  • Sleep metrics
  • Step counts
  • Distance and active energy
  • Related wearable metrics you authorize

Spikes only accesses wearable data after explicit user authorization.

Apple Health permissions are managed in iOS Health settings. Users may disconnect wearable sources in Spikes or through the provider.

Automatically Collected Information

When using our platform, we may automatically collect certain technical information and first-party app activity including:

  • IP address
  • Browser type
  • Device information
  • Basic first-party app events such as onboarding completed, workout logged, check-in completed, and wearable connected

This information helps improve security, reliability, and performance.

2. How We Use Information

We use collected information to:

  • Operate and maintain the Spikes platform
  • Synchronize wearable device data
  • Generate training plans, insights, and analytics
  • Adapt training guidance and Body Score
  • Provide account support
  • Maintain system security and prevent abuse

Spikes may use aggregated and anonymized data to improve analytics and machine learning models. Spikes does not sell personal data and does not use personal data for advertising tracking.

3. Sharing of Information

Service Providers

Spikes uses trusted service providers to operate the platform, including:

  • Supabase (accounts and data storage)
  • ROOK (wearable connections and authorized wearable data)
  • Spikes backend/compute service (training calculations and plan guidance)
  • Resend (support and account-related email)

These providers process data only to support platform functionality.

Legal Requirements

Spikes may disclose information when required to comply with legal obligations, prevent fraud or abuse, or protect platform security.

4. Data Retention

Spikes retains personal data only for as long as necessary to operate the platform.

If a user deletes their account:

  • Their Spikes account and data tied to it are permanently removed
  • They may also disconnect wearable sources before deleting the account

Backup systems may temporarily retain data for disaster recovery but are automatically deleted during standard retention cycles.

5. Data Security

We implement reasonable security safeguards including:

  • HTTPS encryption
  • Secure authentication systems
  • Role-based access controls
  • Restricted infrastructure access

However, no system can guarantee complete security.

6. International Data Transfers

Spikes operates in the United States. If you access the platform from outside the United States, your information may be transferred to and processed in the United States. We implement safeguards to protect personal data during international transfers.

7. Children’s Privacy

Spikes is not intended for individuals under 13 years of age. If we learn that personal data from a child under 13 has been collected, we will delete it.

8. Health Disclaimer

Spikes processes wearable fitness data solely for analytics and training insights. Spikes is not a medical device and does not provide medical advice, diagnosis, or treatment. Users should consult qualified medical professionals regarding health concerns.

9. California Privacy Rights (CCPA / CPRA)

California residents have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

  • The right to know what personal information is collected
  • The right to access personal information
  • The right to request deletion of personal information
  • The right to correct inaccurate personal information
  • The right to limit use of sensitive personal information
  • The right to non-discrimination for exercising privacy rights

Categories of personal information we may collect include:

  • Identifiers (name, email address, IP address)
  • Internet activity information
  • Device information
  • Wearable fitness data
  • Account information

Spikes does not sell personal information.

California residents may submit privacy requests by contacting team@spikesapp.com.

10. European Privacy Rights (GDPR)

For users located in the European Economic Area (EEA), United Kingdom, and similar jurisdictions, Spikes processes personal data in accordance with applicable privacy laws including the General Data Protection Regulation (GDPR).

Under GDPR, users may have the right to:

  • Access personal data
  • Correct inaccurate data
  • Request deletion of personal data
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent

Users may also lodge complaints with their local Data Protection Authority.

11. Automated Analytics and Machine Learning

Spikes may use automated analytics systems, including machine learning models, to analyze training patterns and generate insights. These systems are used solely for analytics purposes and do not make legal or medical decisions.

12. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be posted on spikesapp.com.

13. Contact

For questions regarding this Privacy Policy or privacy rights requests:

Spikes Technologies LLC

Email: team@spikesapp.com