Privacy Policy

Last updated: 2025-01-01

1. Who We Are

This Privacy Policy explains how Cloudlete ("we", "us", "our") collects, uses, shares, and protects your personal data when you use the Cloudlete app, website, and related services ("Services").

For the purposes of UK and EU data protection law (including the UK GDPR and EU GDPR, where applicable), we are the data controller of personal data processed through the Services.

Contact details:

Cloudlete Ltd

Email: max@cloudlete.ai

2. Types of Data We Collect

Depending on how you use Cloudlete, we may collect the following categories of data:

1. Account and contact information

• Name
• Email address
• Password (stored in hashed form)
• Country or region
• Subscription and billing information (via our payment provider)

2. Profile and training information

• Date of birth, age range
• Gender (if provided)
• Height, weight, training history
• Goals, preferences, injuries, restrictions

3. Workout and activity data

• Planned and completed workouts
• Exercise details (movements, sets, reps, duration, load)
• Training plans, calendar, adherence

4. Health-related data (special category data) – with your explicit consent

Depending on integrations and your settings, we may process:

• Heart rate, heart rate zones
• Sleep data (e.g., duration, stages where available)
• Step count, distance, pace
• Energy expenditure (calories)
• VO2 max, HRV, or similar metrics
• Data imported from Apple Health, Google Fit, Strava, or other providers

5. Technical and usage data

• Device information (model, OS version, app version)
• IP address and approximate location (at city/region level)
• Log data and crash reports
• In-app actions and interaction with features

6. Communications and feedback

• Messages you send to support
• Feedback about the App or AI coach
• Survey responses and feature requests

3. How We Collect Data

We collect data:

• Directly from you when you register, update your profile, log workouts, interact with the AI coach, or contact us.
• Automatically through the App and website (e.g., usage and device data).
• From third-party integrations when you connect accounts (e.g., Apple Health, Google Fit, Strava), subject to your permissions and the third-party's own terms and privacy policy.

You can control what data is shared via your device/third-party settings (for example, within Apple Health permissions).

4. Legal Bases for Processing (UK/EU GDPR)

Where UK/EU data protection law applies, we rely on the following legal bases:

1. Performance of a contract (Art. 6(1)(b) GDPR)

To provide and operate Cloudlete, including:

• Creating and managing your account
• Providing workouts, plans, and AI coaching
• Processing subscription payments

2. Consent (Art. 6(1)(a), Art. 9(2)(a) GDPR)

• For processing health-related data (special category data) from you or third-party integrations;
• For certain analytics, marketing, and notifications where required.

You can withdraw your consent at any time via in-app settings or by contacting us (this does not affect processing prior to withdrawal).

3. Legitimate interests (Art. 6(1)(f) GDPR)

For example:

• Improving and developing the App and AI models;
• Preventing abuse or misuse;
• Securing our systems;
• Aggregated analytics that do not override your privacy rights.

4. Compliance with legal obligations (Art. 6(1)(c) GDPR)

We may process your data to meet legal, regulatory, tax, or accounting obligations.

5. How We Use Your Data

We may use your data to:

1. Provide and personalise the Services

• Generate workouts, plans, and recommendations;
• Tailor the AI coach to your goals, training history, and preferences;
• Track progress over time.

2. Integrate with third-party services

• Import activity/health data from connected services when authorised;
• Synchronise workouts and metrics as configured by you.

3. Improve the App and AI models

• Analyse usage patterns to identify product improvements;
• Train and evaluate models (where possible using aggregated, pseudonymised, or anonymised data).

4. Communicate with you

• Send service-related notifications (e.g., updates, subscription notices, security alerts);
• Respond to your support requests;
• Send optional marketing communications (where permitted and always with an unsubscribe option).

5. Security, fraud prevention, and legal compliance

• Detect, prevent, or investigate suspicious activity;
• Enforce our Terms;
• Comply with legal obligations or respond to lawful requests from authorities.

6. Sharing Your Data

We do not sell your personal data. We may share your data with:

1. Service providers / processors

• Cloud hosting, database, and infrastructure providers;
• Analytics and crash reporting tools;
• Payment processors;
• Email and notification providers.

These third parties act on our instructions and are bound by data protection obligations.

2. Third-party integrations (when you choose to connect them)

• For example, Apple Health, Google Fit, Strava, or similar platforms.
• You control what data is shared via your settings on those platforms and within the App.

3. Professional advisers and legal authorities

• Lawyers, accountants, auditors, insurers where necessary;
• Law enforcement or regulatory bodies when required by law or to protect our rights or those of others.

4. Corporate transactions

• In the event of a merger, acquisition, or sale of assets, your data may be transferred to another organisation, subject to appropriate safeguards and, where required, notice.

7. International Data Transfers

Your data may be processed and stored in countries outside the UK/EEA, where data protection laws may differ.

When transferring personal data internationally, we implement appropriate safeguards, such as:

• UK/EU-approved Standard Contractual Clauses;
• Other lawful mechanisms recognised by data protection authorities.

You can contact us for more information about international transfers and safeguards.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes set out in this Privacy Policy, including:

• For the duration of your account being active;
• For any period required by law (e.g., tax or accounting rules);
• For a reasonable period after account closure to handle queries, disputes, or legal claims.

When data is no longer needed, we will delete or anonymise it.

9. Your Rights (UK/EU GDPR)

Where UK/EU data protection law applies, you have the following rights (subject to certain conditions and exceptions):

1. Right of access – to obtain a copy of your personal data and information about how it is processed.
2. Right to rectification – to have inaccurate or incomplete data corrected.
3. Right to erasure ("right to be forgotten") – to request deletion of your data in certain circumstances.
4. Right to restriction of processing – to restrict how your data is used in certain situations.
5. Right to data portability – to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller.
6. Right to object – to object to processing based on legitimate interests or direct marketing.
7. Right to withdraw consent – where processing is based on your consent, you can withdraw it at any time.

You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO).

10. Children's Privacy

Cloudlete is not intended for children under 18 without parental or guardian consent.

If we become aware that we have collected personal data from a child in violation of applicable laws, we will take steps to delete that information.

11. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration, including:

• Encryption in transit (e.g., HTTPS) and at rest where appropriate;
• Access controls and authentication;
• Regular monitoring and testing of systems.

No system is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your password and account credentials confidential.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you in the App, by email, or by other appropriate means, and update the "Last updated" date.

Continued use of Cloudlete after changes take effect will signify your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, requests, or concerns about this Privacy Policy or our data practices, please contact:

Privacy Officer – Cloudlete Ltd

Email: max@cloudlete.ai