Privacy Policy
Effective Date: March 4, 2026
Spikes (“Spikes,” “we,” “our,” or “us”) provides a training analytics platform that helps athletes and coaches analyze training data and performance insights.
Operator
Spikes Technologies LLC
315 Ashland Ave
Highwood, IL 60040
United States
Email: team@spikesapp.com
Website: spikesapp.com
1. Information We Collect
Information You Provide Directly
When creating an account or using the platform, we may collect:
- Name
- Email address
- Password
- Team affiliation
- Demographic information
- Training history
This information allows us to create accounts and provide training analytics services.
Wearable Device Data
Spikes allows users to connect wearable fitness platforms in order to analyze training data.
Current integration: Garmin Connect
Future integrations may include Apple Health, COROS, WHOOP, Polar, Strava, and other wearable ecosystems.
When users connect a wearable platform, Spikes may access authorized data through the provider’s API.
This data may include:
- Activity records
- Heart rate metrics
- Sleep metrics
- VO₂ max estimates
- Step counts
- Stress metrics
- Body Battery metrics
- Device information
- Other fitness metrics
Spikes only accesses wearable data after explicit user authorization.
Users may revoke access at any time through their wearable provider or Spikes account settings.
Automatically Collected Information
When using our platform, we may automatically collect certain technical information including:
- IP address
- Browser type
- Device information
- Usage activity
- Cookies and analytics identifiers
This information helps improve security, reliability, and performance.
2. How We Use Information
We use collected information to:
- Operate and maintain the Spikes platform
- Synchronize wearable device data
- Generate training insights and analytics
- Allow coaches to monitor athlete training patterns
- Improve platform features and analytics systems
- Maintain system security and prevent abuse
Spikes may use aggregated and anonymized data to improve analytics and machine learning models. Spikes does not sell personal data.
3. Sharing of Information
Coaches and Team Staff
Athlete data may be visible to authorized coaches and assistant coaches within the athlete’s team organization.
Service Providers
Spikes uses trusted service providers to operate the platform, including:
- Supabase (database and authentication)
- Vercel (hosting infrastructure)
- Google Analytics (analytics)
- Wearable platform APIs (Garmin and others)
These providers process data only to support platform functionality.
Legal Requirements
Spikes may disclose information when required to comply with legal obligations, prevent fraud or abuse, or protect platform security.
4. Data Retention
Spikes retains personal data only for as long as necessary to operate the platform.
If a user deletes their account:
- Personal information is deleted
- Wearable integration tokens are revoked
- Associated activity data is removed
Backup systems may temporarily retain data for disaster recovery but are automatically deleted during standard retention cycles.
5. Data Security
We implement reasonable security safeguards including:
- HTTPS encryption
- Secure authentication systems
- Role-based access controls
- Restricted infrastructure access
However, no system can guarantee complete security.
6. International Data Transfers
Spikes operates in the United States. If you access the platform from outside the United States, your information may be transferred to and processed in the United States. We implement safeguards to protect personal data during international transfers.
7. Children’s Privacy
Spikes is not intended for individuals under 13 years of age. If we learn that personal data from a child under 13 has been collected, we will delete it.
8. Health Disclaimer
Spikes processes wearable fitness data solely for analytics and training insights. Spikes is not a medical device and does not provide medical advice, diagnosis, or treatment. Users should consult qualified medical professionals regarding health concerns.
9. California Privacy Rights (CCPA / CPRA)
California residents have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:
- The right to know what personal information is collected
- The right to access personal information
- The right to request deletion of personal information
- The right to correct inaccurate personal information
- The right to limit use of sensitive personal information
- The right to non-discrimination for exercising privacy rights
Categories of personal information we may collect include:
- Identifiers (name, email address, IP address)
- Internet activity information
- Device information
- Wearable fitness data
- Account information
Spikes does not sell personal information.
California residents may submit privacy requests by contacting team@spikesapp.com.
10. European Privacy Rights (GDPR)
For users located in the European Economic Area (EEA), United Kingdom, and similar jurisdictions, Spikes processes personal data in accordance with applicable privacy laws including the General Data Protection Regulation (GDPR).
Under GDPR, users may have the right to:
- Access personal data
- Correct inaccurate data
- Request deletion of personal data
- Restrict processing
- Object to processing
- Request data portability
- Withdraw consent
Users may also lodge complaints with their local Data Protection Authority.
11. Automated Analytics and Machine Learning
Spikes may use automated analytics systems, including machine learning models, to analyze training patterns and generate insights. These systems are used solely for analytics purposes and do not make legal or medical decisions.
12. Changes to This Policy
We may update this Privacy Policy periodically. Updates will be posted on spikesapp.com.
13. Contact
For questions regarding this Privacy Policy or privacy rights requests:
Spikes Technologies LLC
Email: team@spikesapp.com