Privacy Policy
Last Updated: January 30, 2025 | Effective Date: January 30, 2025
Ultra0, LLC ("Ultra0", "we", "us", or "our") is committed to protecting your privacy and ensuring the security
of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your
data when you use our AI-powered injury prevention platform and related services (collectively, the "Service").
By using Ultra0, you consent to the data practices described in this Privacy Policy. If you do not agree with
our policies and practices, please do not use our Service.
1 Information We Collect
1.1 Information You Provide Directly
We collect information you voluntarily provide when creating an account or using our Service:
- Account Information: Name, email address, password, date of birth, gender
- Profile Data: Athletic experience, training goals, injury history, preferences
- Payment Information: Billing details, payment card information (processed securely through third-party processors)
- Communications: Feedback, support requests, survey responses
1.2 Information from Connected Devices
When you connect fitness tracking devices (e.g., Garmin, Strava), we collect:
- Activity Data: Workouts, distance, pace, duration, elevation, routes
- Physiological Metrics: Heart rate, heart rate variability (HRV), VO2 max, lactate threshold
- Recovery Indicators: Sleep patterns, stress levels, recovery time
- Training Load: Acute and chronic training loads, training stress balance
- Biomechanical Data: Cadence, ground contact time, vertical oscillation, stride length
- Environmental Data: Temperature, altitude, weather conditions during activities
1.3 Automatically Collected Information
We automatically collect certain technical information when you use our Service:
- Device Information: Device type, operating system, unique device identifiers
- Usage Data: Features accessed, time spent, interaction patterns
- Log Data: IP address, browser type, access times, referring URLs
- Location Data: GPS data from activities, approximate location from IP address
- Cookies and Tracking: Session cookies, preference cookies, analytics identifiers
2 How We Use Your Information
2.1 Primary Service Delivery
- Calculate your daily injury risk score using AI algorithms
- Generate personalized training recommendations
- Provide recovery guidance and load management advice
- Track progress and athletic performance trends
- Detect patterns that may indicate injury risk
2.2 Service Improvement and Development
- Enhance our AI models and prediction accuracy
- Develop new features and functionalities
- Conduct research on injury prevention methodologies
- Optimize user experience and interface design
2.3 Communication and Support
- Send service-related notifications and updates
- Respond to support requests and inquiries
- Provide training insights and recommendations
- Send promotional communications (with your consent)
2.4 Legal and Security Purposes
- Comply with legal obligations and regulations
- Prevent fraud and unauthorized access
- Enforce our Terms and Conditions
- Protect rights, property, and safety
3 Information Sharing and Disclosure
We do not sell, rent, or trade your personal information. We share your information only in
the following circumstances:
3.1 Service Providers
We share data with trusted third-party service providers who assist us in operating our Service:
- Cloud Infrastructure: Amazon Web Services (AWS) for secure data storage
- Payment Processing: Stripe, PayPal for transaction processing
- Analytics: Google Analytics, Mixpanel for usage analysis
- Communication: SendGrid, Twilio for email and notifications
- Customer Support: Zendesk for support ticket management
3.2 AI and Machine Learning Partners
With your explicit consent, we may share anonymized data with research partners to improve injury prevention
algorithms. This data is always de-identified and aggregated.
3.3 Legal Requirements
We may disclose information when required by law, including:
- Response to subpoenas, court orders, or legal process
- Cooperation with law enforcement agencies
- Protection of our legal rights or property
- Emergency situations involving potential harm
3.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the
successor entity, subject to the same privacy protections.
4 Data Security
We implement comprehensive security measures to protect your information:
- Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
- Access Controls: Role-based access, multi-factor authentication, principle of least privilege
- Infrastructure Security: Firewalls, intrusion detection, regular security audits
- Data Centers: SOC 2 Type II certified facilities with physical security
- Incident Response: 24/7 monitoring, breach notification within 72 hours
- Employee Training: Regular security awareness and data protection training
Security Commitment: While we implement industry-leading security measures, no method
of electronic transmission or storage is 100% secure. We continuously review and enhance our security
practices to protect your data.
5 Your Rights and Choices
GDPR Rights (European Users)
If you are located in the European Economic Area, you have the following rights:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit processing of your data
- Portability: Receive your data in a machine-readable format
- Objection: Object to certain processing activities
- Automated Decision-Making: Opt-out of solely automated decisions
5.1 Data Access and Control
You can access and manage your information through:
- Account Settings: Update profile information and preferences
- Privacy Dashboard: View and download your data
- Connection Management: Control device integrations and data sources
- Communication Preferences: Manage email and notification settings
5.2 Data Deletion
You may request deletion of your account and associated data at any time. We will delete your information
within 30 days, except where retention is required for legal or legitimate business purposes.
5.3 Opt-Out Options
- Marketing Communications: Unsubscribe link in emails or account settings
- Cookies: Browser settings or cookie preference center
- Analytics: Google Analytics opt-out browser extension
- Research Participation: Opt-out in privacy settings
6 Data Retention
We retain your information for as long as necessary to provide our Service and comply with legal obligations:
Data Category |
Retention Period |
Justification |
Account Information |
Duration of account + 90 days |
Service delivery, account recovery |
Activity Data |
3 years from collection |
Long-term trend analysis, model training |
Payment Records |
7 years |
Tax and accounting requirements |
Support Communications |
2 years |
Service improvement, dispute resolution |
Analytics Data |
26 months |
Usage analysis, product development |
7 Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience:
7.1 Types of Cookies
- Essential Cookies: Required for basic functionality and security
- Performance Cookies: Analyze usage patterns and improve performance
- Functionality Cookies: Remember preferences and settings
- Marketing Cookies: Deliver relevant advertisements (with consent)
7.2 Managing Cookies
You can control cookies through your browser settings or our cookie preference center. Note that disabling
certain cookies may limit Service functionality.
8 International Data Transfers
Your information may be transferred to and processed in countries other than your residence. We ensure
appropriate safeguards for international transfers:
- Standard Contractual Clauses: EU-approved data transfer agreements
- Privacy Shield: Compliance with EU-US and Swiss-US frameworks (where applicable)
- Adequacy Decisions: Transfers to countries with adequate data protection
- Consent: Your explicit consent for specific transfers
9 Children's Privacy
Ultra0 is not intended for users under 18 years of age. We do not knowingly collect personal information
from children. If we become aware that we have collected data from a child under 18, we will promptly
delete such information.
10 California Privacy Rights (CCPA)
California residents have additional rights under the California Consumer Privacy Act:
- Right to Know: Request disclosure of personal information collected
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Opt-out of the sale of personal information (we do not sell data)
- Right to Non-Discrimination: Equal service regardless of privacy choices
To exercise these rights, contact us at privacy@ultra0.com.
11 Third-Party Links and Services
Our Service may contain links to third-party websites and services. We are not responsible for the privacy
practices of these external sites. We encourage you to review their privacy policies before providing any
personal information.
12 Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify
you of material changes through:
- Email notification to your registered address
- Prominent notice within the Service
- Update to the "Last Updated" date
Continued use of Ultra0 after changes indicates acceptance of the updated Privacy Policy.
13 Data Protection Officer
We have appointed a Data Protection Officer to oversee our privacy practices and ensure compliance with
applicable data protection laws.
Data Protection Officer
Ultra0, LLC
Email: dpo@ultra0.com
14 Legal Basis for Processing (GDPR)
We process your personal data under the following legal bases:
- Contract: Processing necessary to fulfill our service agreement
- Consent: You have given explicit consent for specific purposes
- Legitimate Interests: Processing for business operations and improvements
- Legal Obligation: Compliance with applicable laws and regulations
- Vital Interests: Protection of your or others' vital interests
15 Automated Decision-Making
Ultra0 uses AI algorithms to calculate injury risk scores and generate recommendations. These automated
processes analyze your fitness data to provide personalized insights. You have the right to:
- Request human review of automated decisions
- Express your point of view regarding automated assessments
- Contest decisions based solely on automated processing
- Opt-out of certain automated decision-making processes
Privacy Commitment
At Ultra0, we believe that privacy is a fundamental right. We are committed to being transparent about
our data practices and giving you control over your personal information. Your trust is essential to us,
and we work continuously to earn and maintain it through responsible data stewardship.
Document Version: 1.0
Last Review Date: January 30, 2025
Next Scheduled Review: April 30, 2025
ISO 27001 Certified: Yes
SOC 2 Type II Compliant: Yes