Consumer Health Data Privacy Policy

When an athlete links a wearable device (Garmin, Polar, Suunto, or a future supported provider) to the FleetFixer Race platform, we collect the following categories of consumer health data:

• Physical activity data: activity type, start time, duration, distance, calories.
• Cardiovascular data: heart-rate samples recorded during training sessions an athlete has attended and confirmed attendance for, plus a daily resting heart-rate measurement.
• Sleep data: total sleep duration per night (hours). We do not collect detailed sleep stages.
• Derived wellness signals: a daily "Rested / Normal / Tired" label and a weekly "Light / Normal / Heavy" training load label derived from the data above.

We do not collect or store SPO2, raw heart-rate variability traces, GPS routes, or location data.

Consumer health data is used exclusively for the following purposes:

• Showing the athlete their own training history and recovery signals in the Race app.
• Showing the athlete's coach the activities the athlete confirms against a scheduled training session, and any activities the athlete manually shares.
• Overlaying the athlete's heart-rate trace on coach-reviewed training videos from sessions the athlete attended, only if the athlete has opted in to that specific sharing scope.
• Sharing a resting-HR baseline sparkline or a daily Rested/Normal/Tired label with the coach, only if the athlete has opted in to each scope separately.
• Maintaining an audit log of every biometric access event for the athlete's transparency.
• Responding to subject-access, deletion, or portability requests.

We do not sell consumer health data. We do not share consumer health data with any third party for marketing, advertising, or any purpose outside those listed above.

We collect consumer health data from:

• The consumer directly, through their choice to link a wearable account and set sharing preferences in their FleetFixer profile.
• The wearable vendor the consumer has linked (Garmin, Polar, Suunto), through a unified API provided by the self-hosted Open Wearables service. Garmin, Polar and Suunto are listed on our sub-processor page.

Consumer health data is shared, in limited form, with:

• The consumer's coach(es) at the clubs they belong to, for the purposes listed in section 2 and only to the extent the consumer has opted in.
• A linked parent account, if the consumer is below the applicable parental-consent age.

Sub-processors that may process consumer health data on our behalf are limited to those listed on our sub-processor page. We do not authorise any of them to use the data for their own purposes.

Consumer health data is encrypted in transit (TLS) and at rest. Access is restricted by Firestore security rules that enforce a strict privacy wall: raw heart-rate samples and sleep data are readable only by the consumer; coaches can read only the narrower subsets described above. Biometric overlays are audit-logged on every access.

Retention windows:

• Activity summaries and daily metrics: 24 months rolling.
• Session biometric traces: 12 months rolling.
• Private raw samples: 6 months rolling.
• Biometric access logs: 7 years, anonymised on subject erasure.

For questions about this policy or consumer health data practices, email hello@fleetfixer.io.