Privacy Policy
Effective Date: July 2, 2026
Spikes (“Spikes,” “we,” “our,” or “us”) provides a training app that helps athletes analyze wearable, recovery, and training signals.
Operator
Spikes Technologies LLC
315 Ashland Ave
Highwood, IL 60040
United States
Email: team@spikesapp.com
Website: spikesapp.com
1. Information We Collect
Information You Provide Directly
When creating an account, completing onboarding, or using the platform, we may collect:
- Account information, including email address and account ID
- Profile and onboarding answers, including birthday, training sex, height, weight, goals, schedule preferences, injury history, and consent timestamps when present
- Training data, including manual workouts, check-ins, notes, recent activities, and training history
- Support messages you choose to send
This information allows us to create accounts and provide training analytics services.
Wearable Device Data
Spikes allows users to connect supported wearable sources through ROOK in order to analyze training data.
Current supported sources are Garmin through ROOK, Polar through ROOK, and Apple Health through the ROOK SDK.
When users connect a wearable source, Spikes may access authorized data through ROOK and the provider.
This data may include:
- Activity records and recent activities
- Heart rate and HRV metrics
- Sleep metrics
- Step counts
- Distance and active energy
- Related wearable metrics you authorize
Spikes only accesses wearable data after explicit user authorization.
Apple Health permissions are managed in iOS Health settings. Users may disconnect wearable sources in Spikes or through the provider.
Automatically Collected Information
When using our platform, we may automatically collect certain technical information and first-party app activity including:
- IP address
- Browser type
- Device information
- Basic first-party app events such as onboarding completed, workout logged, check-in completed, and wearable connected
This information helps improve security, reliability, and performance.
2. How We Use Information
We use collected information to:
- Operate and maintain the Spikes platform
- Synchronize wearable device data
- Generate training plans, insights, and analytics
- Adapt training guidance and Body Score
- Provide account support
- Maintain system security and prevent abuse
Spikes may use aggregated and anonymized data to improve analytics and machine learning models. Spikes does not sell personal data and does not use personal data for advertising tracking.
3. Sharing of Information
Service Providers
Spikes uses trusted service providers to operate the platform, including:
- Supabase (accounts and data storage)
- ROOK (wearable connections and authorized wearable data)
- Spikes backend/compute service (training calculations and plan guidance)
- Resend (support and account-related email)
These providers process data only to support platform functionality.
Legal Requirements
Spikes may disclose information when required to comply with legal obligations, prevent fraud or abuse, or protect platform security.
4. Data Retention
Spikes retains personal data only for as long as necessary to operate the platform.
If a user deletes their account:
- Their Spikes account and data tied to it are permanently removed
- They may also disconnect wearable sources before deleting the account
Backup systems may temporarily retain data for disaster recovery but are automatically deleted during standard retention cycles.
5. Data Security
We implement reasonable security safeguards including:
- HTTPS encryption
- Secure authentication systems
- Role-based access controls
- Restricted infrastructure access
However, no system can guarantee complete security.
6. International Data Transfers
Spikes operates in the United States. If you access the platform from outside the United States, your information may be transferred to and processed in the United States. We implement safeguards to protect personal data during international transfers.
7. Children’s Privacy
Spikes is not intended for individuals under 13 years of age. If we learn that personal data from a child under 13 has been collected, we will delete it.
8. Health Disclaimer
Spikes processes wearable fitness data solely for analytics and training insights. Spikes is not a medical device and does not provide medical advice, diagnosis, or treatment. Users should consult qualified medical professionals regarding health concerns.
9. California Privacy Rights (CCPA / CPRA)
California residents have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:
- The right to know what personal information is collected
- The right to access personal information
- The right to request deletion of personal information
- The right to correct inaccurate personal information
- The right to limit use of sensitive personal information
- The right to non-discrimination for exercising privacy rights
Categories of personal information we may collect include:
- Identifiers (name, email address, IP address)
- Internet activity information
- Device information
- Wearable fitness data
- Account information
Spikes does not sell personal information.
California residents may submit privacy requests by contacting team@spikesapp.com.
10. European Privacy Rights (GDPR)
For users located in the European Economic Area (EEA), United Kingdom, and similar jurisdictions, Spikes processes personal data in accordance with applicable privacy laws including the General Data Protection Regulation (GDPR).
Under GDPR, users may have the right to:
- Access personal data
- Correct inaccurate data
- Request deletion of personal data
- Restrict processing
- Object to processing
- Request data portability
- Withdraw consent
Users may also lodge complaints with their local Data Protection Authority.
11. Automated Analytics and Machine Learning
Spikes may use automated analytics systems, including machine learning models, to analyze training patterns and generate insights. These systems are used solely for analytics purposes and do not make legal or medical decisions.
12. Changes to This Policy
We may update this Privacy Policy periodically. Updates will be posted on spikesapp.com.
13. Contact
For questions regarding this Privacy Policy or privacy rights requests:
Spikes Technologies LLC
Email: team@spikesapp.com