House Icon
Log In
Get Started

Atlas Athlete Privacy Policy

Effective Date: May 1, 2025 This Privacy Policy describes how MyMedicalHub Corporation (“MMH,” “we,” or “us”) collects, uses, discloses, and protects the personal information of users (“you” or “User”) who access or use the Atlas Athlete platform and related services (the “Service”). We are committed to protecting your privacy and complying with applicable data protection laws in the United States and internationally. By using the Service, you consent to the data practices described in this Policy. If you do not agree with this Policy, please do not use the Service. We may update this Privacy Policy from time to time (see Section 12 Updates), and your continued use of the Service indicates acceptance of the revised Policy.

1. Information We Collect

We collect personal information and usage data from and about you when you use Atlas Athlete. The types of information we collect include:
  • Account Information: When you register, we collect information like your name, email address, username, password, and basic profile details. We may also ask for your age or date of birth to verify eligibility (for example, to determine if parental consent is required for minors).
  • Assessment and Performance Data: If you use our movement assessment tools, we collect the videos or images you upload, biometrics and metrics derived from your movements (such as posture, range of motion, or other performance indicators), and any feedback or annotations related to your performance. This may include health-related or fitness information you provide about yourself.
  • Device and Usage Information: We automatically collect technical information when you use the Service, such as your device type, browser type, operating system, IP address, device identifiers, and usage data like pages or screens visited, features used, links clicked, and the dates/times of access. We may use cookies or similar tracking technologies to collect some of this information (see Section 3 – Sharing regarding analytics).
  • Location Data: If you enable location services, we may collect approximate location data (e.g., your city or region) or precise GPS location with your permission. Location data can help with certain features (for example, locating nearby training resources) but is optional.
  • Wearable and Third-Party App Data: Atlas Athlete can integrate with third-party fitness or health apps and devices (like Apple HealthKit, Google Fit, Fitbit, Garmin, etc.) if you choose to connect them. With your consent, we will receive certain data from those sources – for example, step count, heart rate, workout summaries, or other wellness data – to incorporate into your Atlas Athlete profile and analyses. We will only access data from third-party apps that you explicitly permit.
  • Payment Information: If you make purchases or subscribe through the Service, payments are handled by third-party processors (e.g., Stripe). We do not collect or store full credit/debit card numbers. We may keep basic billing info (like your name and transaction records) as needed for receipts and accounting. All payment transactions are securely processed by the third party according to their policies.
  • Parental/Guardian Information: If a minor (under 18) uses the Service with parental consent, we may collect the parent or guardian’s contact information (such as name and email) and record of consent. This is used only for consent verification and correspondence regarding the minor’s account.
  • Communications: If you contact us (for support, feedback, or otherwise) or if you participate in surveys or promotions, we will collect the information you provide (such as your email, questions, and any other details). We also collect information when you participate in any community forums or comment features within our Service.
We limit our collection to information that is relevant for providing and improving our Service and complying with our legal obligations. You may choose not to provide certain information (for example, you can decide not to connect a wearable device), but this may limit some features.

2. How We Use Your Information

We use the collected information for the following purposes:
  • Provide and Personalize the Service: We use your information to create your account, authenticate you, and provide you with the features and services you request. For example, we analyze your assessment videos and performance data to deliver personalized movement scores, exercise recommendations, and reports.
  • Improve and Develop the Platform: We continuously work on improving Atlas Athlete. Your data (including feedback and usage patterns) helps us fix issues, train and refine our AI models (like the Ask EMMA assistant), and develop new features and tools. For instance, we may use machine learning on collected movement data to enhance our guidance algorithms, in a manner that does not identify you personally in any published research or results.
  • Communication: We use contact information (email or in-app notifications) to send you Service updates and account notifications. This includes administrative messages (e.g., password resets, confirmation of account actions) and, if you opt-in, promotional communications such as newsletters or special offers. You can opt out of marketing emails at any time. We may also respond to your inquiries or support requests using your contact details.
  • Analytics and Performance: We use usage and device data to understand how our Service is used, which features are popular, and how users navigate the app. This helps us optimize the user experience, test performance, and improve security. We may use third-party analytics services (such as Google Analytics or similar tools) to assist in this analysis (see Section 9 – Third-Party Services).
  • Enforce Policies and Ensure Security: We may process your data to enforce our Terms of Service, to monitor for fraudulent or suspicious activity, and to maintain the integrity and security of our platform. This can include reviewing logs for troubleshooting, preventing misuse, and protecting against illegal activities (like cheating in assessments or unauthorized access attempts).
  • Legal Compliance: In certain cases, we will use or disclose your information as necessary to comply with laws and regulations. For example, we might retain transaction records for tax and accounting purposes, or disclose information in response to valid legal process (subpoenas, court orders) after following the required procedures.
  • Aggregated Insights: We may aggregate and/or de-identify personal data to the point that it can no longer be linked to any individual. We use this aggregated data for purposes like publishing research about movement trends, improving AI accuracy, or demonstrating product efficacy. For example, we might report, “users improved their flexibility score by X% on average after 4 weeks,” without revealing any personal identities.
We will only use your personal information for the purposes described above or as otherwise disclosed to you at the time of collection. If we need to use your data for a materially different purpose, we will update this Privacy Policy and, if required, request your consent.

3. Sharing of Information

We value your privacy. We do not sell or rent your personal information to third parties for their own marketing purposes. However, we do share certain information with third parties in the following circumstances:
  • Service Providers (Processors): We share information with trusted third-party companies that perform services on our behalf. These include cloud hosting providers (for data storage and servers), analytics providers (to analyze app performance and user behavior), AI processing partners (if we use third-party AI APIs to augment our own algorithms), email/SMS delivery services (to send verification codes or notifications), and payment processors. These service providers are bound by contractual obligations to process personal information only under our instructions and to implement appropriate security measures.
  • Third-Party Integrations at Your Request: If you choose to connect Atlas Athlete with third-party platforms or wearable devices, we will share data with those platforms at your direction. For example, if you link a Garmin account to import your heart rate data, or you authorize sharing your Atlas Athlete performance results with a coach or a healthcare provider through the platform, we will transmit the relevant information to that third party with your consent. Likewise, if you participate in a team or group feature, data like your performance scores may be visible to the team administrator or coach as you authorize.
  • Coaches, Teams, or Enterprise Programs: If your use of Atlas Athlete is part of an organization’s program (e.g., a sports team, employer wellness program, or school), we might share certain performance data or reports with the designated program administrators or coaches only with appropriate authorization and in accordance with our agreements. For example, if a parent consents to a minor’s data being shared with a youth sports coach, we will allow the coach to see that minor’s relevant performance metrics. All such shared data is limited to the purposes of the program and covered by confidentiality obligations.
  • Business Transfers: If MMH is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be transferred as part of that transaction. We will ensure any successor entity honors the commitments of this Privacy Policy or notifies you of any changes.
  • Legal and Safety Reasons: We may disclose your information if required to do so by law or if we have a good-faith belief that such action is necessary to: (i) comply with a legal obligation or respond to legal process (e.g., a court order or subpoena); (ii) protect and defend the rights, property, or safety of MMH, our users, or the public; (iii) investigate or assist in preventing any violation of law or these Terms of Service; or (iv) detect, prevent, or address fraud, security, or technical issues.
  • Advertising and Marketing Partners: Currently, Atlas Athlete does not use third-party advertising networks to serve behavioral ads within our Service. If in the future we introduce advertising-supported features, we will update this Policy and comply with all relevant laws (for example, obtaining consent for cookies or not sharing minors’ data for targeted ads). We may share limited data (like device identifiers or general demographic info) with marketing partners who assist us in promoting our Service, but only after ensuring compliance with privacy laws and obtaining any necessary opt-in consents. We will never knowingly direct targeted advertising to users we know are under 16 years old, or disclose children’s data to ad partners without parental consent (kirkland.com).
  • Aggregated Insights: We may share aggregated, anonymized statistics or insights (for example, average performance improvements, or total number of users in a region) publicly or with partners. These reports contain no personally identifiable information.
When we share personal information with third parties, we take steps to ensure they uphold equivalent levels of privacy protection. For international data sharing, we utilize approved safeguards (see Section 6 – International Data Transfers). If you have questions about third parties we use, you can contact us for more information.

4. Cookies and Tracking Technologies

Cookies are small text files placed on your device to store data that can be recalled by a web server in the domain that placed the cookie. We and our analytics or service partners may use cookies and similar technologies (such as web beacons, pixels, or local storage) to collect and store information when you use our Service via a web browser. For example:
  • Essential Cookies: These are necessary for the website or app to function (e.g., keeping you logged in, remembering your preferences). Without these, certain features may not work.
  • Analytics Cookies: These help us understand how users engage with our Service. They may track things like how often you visit, which pages you view, and what site or ad brought you to us. We use this information to improve user experience and troubleshoot issues.
  • Functional Cookies: These might be used to remember choices you make (like language or region) to provide enhanced features.
We do not use cookies to collect sensitive personal information or to facilitate third-party advertising on our site at this time. If in the future we add features that use cookies for advertising, we will update our consent management to comply with laws (for example, providing a “Do Not Sell or Share My Personal Information” link for California or honoring Global Privacy Control signals (natlawreview.com). Your Choices: Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or prompt you before accepting. However, if you disable cookies, some parts of the Service (especially the web-based aspects) may not function properly. On our mobile app, cookies are less relevant, but we may use device identifiers or SDKs for similar purposes; you can reset your mobile advertising ID or limit ad tracking in your device settings as applicable. We may also respect “Do Not Track” signals if your browser or device sends them, although there is currently no universal standard for DNT. We will treat it as a preference to disable analytics cookies. For more details on our use of cookies and how to manage them, please see our Cookies Policy (if provided) or contact us.

5. Data Storage and Security

We take data security seriously and use industry-standard measures to protect your personal information. All user data is stored on secure servers (for example, in reputable cloud data centers) located in the United States. We employ encryption in transit and at rest for sensitive data wherever feasible.For instance, our databases are encrypted and any transmission of personal data (such as login credentials or videos) is protected via HTTPS/TLS encryption. We also implement administrative, technical, and physical safeguards such as: controlled access to databases, staff training on data handling, pseudonymization or hashing of certain data, regular security audits, and monitoring for potential vulnerabilities or attacks. Our employees and contractors are only allowed to access personal data on a need-to-know basis and are subject to confidentiality obligations. However, please note that no method of transmission over the Internet or electronic storage is 100% secure.While we strive to protect your data, we cannot guarantee absolute security. You also play a role in security: keep your account credentials confidential and notify us immediately if you suspect any unauthorized access to your account. In case of any data breach that affects your personal information, we will notify you and the appropriate authorities as required by law, and we will take prompt action to mitigate the breach.

6. International Data Transfers

Atlas Athlete is operated from the United States. If you are located outside the U.S., be aware that your information will be transferred to and stored on servers in the United States (and potentially in other countries where our service providers are located). The data protection laws of these countries may be different from those in your jurisdiction. However, when we transfer personal data from jurisdictions like the European Economic Area (EEA), United Kingdom, or Canada to the U.S. or other countries, we take steps to ensure an adequate level of protection for your information. These measures include:
  • Standard Contractual Clauses (SCCs): For data coming from the EEA/Switzerland, we rely on the European Commission’s approved Standard Contractual Clauses (kirtonmcconkie.com) as a legal mechanism for transfer. These clauses contractually require the recipient to protect personal data according to EU privacy standards.
  • UK International Data Transfer Agreement/Addendum (IDTA): For personal data from the United Kingdom, we have incorporated the UK’s International Data Transfer Addendum or Agreement, which works with the SCCs to comply with UK Data Protection Act 2018 requirements (kirtonmcconkie.com).
  • Additional Safeguards: We implement supplementary technical and organizational measures as needed. For example, data encryption, strict access controls, and policies to handle government requests for data in compliance with the Schrems II decision and related guidance.
  • Data Privacy Framework (if applicable): As of the effective date of this Policy, the U.S. has established the EU-U.S. Data Privacy Framework and UK Extension. If MMH becomes certified under these or other adequacy frameworks, we may rely on them for relevant transfers. We will update this Policy if we adopt such frameworks.
By using the Service, you understand that your information may be transferred to our facilities and those third parties with whom we share it as described in this Policy, including to the United States which may not provide the same level of data protection as your home country kirtonmcconkie.com. We will only transfer data as permitted by law and will take steps to ensure it remains protected. protected. If you would like more information about our international transfer safeguards, or to request a copy of the SCCs we use, you can contact us using the details in Section 12 – Contact Us.

7. Your Privacy Rights and Choices

You have rights and choices regarding your personal data. We believe in giving you control and access, in line with applicable laws such as the California Consumer Privacy Act (CCPA) (as amended by the CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and Canada’s PIPEDA. This section describes those rights and how you can exercise them. General Choices for All Users:
  • Access and Update: You can access and update certain profile information directly in your account settings (such as your name, contact info, or password). Please keep your information current.
  • Delete Account: You may request deletion of your account at any time by contacting us at [email protected] or using any self-service delete function if available. Upon verification of your request, we will delete or anonymize your personal data, except for information we are required or permitted to retain by law (see Data Retention below).
  • Communication Preferences: If you no longer want to receive marketing emails from us, you can opt out by using the unsubscribe link in those emails or by adjusting your account notification settings. Transactional and service-related communications (like account notifications or customer service responses) are necessary and you may not opt out of them.
  • Third-Party Permissions: If you have linked Atlas Athlete to any third-party apps (e.g., wearables or social logins), you can revoke those permissions at any time via the third-party service or in your Atlas account settings. This will stop further data sharing with that third party, though data already collected may remain with them.
Privacy Rights for U.S. State Residents: Residents of certain U.S. states have specific legal rights regarding personal data. We extend many of these rights to all our users in the spirit of transparency, but if you are a resident of the states listed below, you are explicitly afforded these rights under state law:
  • California Residents (CCPA/CPRA): If you are a California resident, you have the following rights with respect to your personal information, subject to certain exceptions and limitations:
    • Right to Know: You can request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources of that information, the business or commercial purpose for collecting (or selling/sharing, if applicable) the information, and the categories of third parties with whom we share it (cppa.ca.gov). This is sometimes called a “request to know” or “data access request.”
    • Right to Delete: You can request that we delete personal information that we have collected from you and retained, subject to certain exceptions (for example, we may retain data needed to complete a transaction you initiated, to detect security incidents, for legal compliance, etc.)(cppa.ca.gov).
    • Right to Correct: You have the right to request that we correct inaccuracies in the personal information we hold about you (cppa.ca.gov).
    • Right to Opt-Out of Sale or Sharing: We do not sell personal information for money; however, California defines “sale” and “sharing” broadly to include certain uses of data for advertising. We do not share your personal information for cross-context behavioral advertising, and we will honor any “Do Not Sell or Share My Personal Information” requests. If in the future we plan to engage in any activity that falls under “sale” or “sharing,” we will provide a clear opt-out mechanism on our website (such as a link titled “Do Not Sell or Share My Personal Info”) (natlawreview.com). California residents also have the right to opt out of our use of their sensitive personal information for certain purposes beyond what is reasonably expected (the “Right to Limit Use of Sensitive PI”) (cppa.ca.gov). In our case, we only use sensitive data (like precise location, health data, etc.) to provide the Service you request, and not for additional undisclosed purposes, so a limit request should not be necessary.
    • Right to Equal Service and No Discrimination: We will not discriminate against you for exercising any of your CCPA rights (cppa.ca.gov). This means we won’t deny you our services, charge you different prices, or provide a different level of quality just because you exercised your rights. (However, please note that deleting certain data or opting out of certain uses may affect our ability to offer you some features – for example, if you ask us to delete all your assessment data, you will no longer see past analysis results.)
    • Authorized Agent: You can designate an authorized agent to make requests on your behalf. We will take steps to verify the identity and authority of the agent in accordance with California law.
  • Virginia, Colorado, and Connecticut Residents (VCDPA, CPA, CTDPA): If you are a resident of Virginia, Colorado, or Connecticut, you have similar rights under those states’ laws:
    • Access: Right to confirm whether we are processing your personal data and to access that data (upguard.com).
    • Correction: Right to correct inaccuracies in your personal data, taking into account its nature and purpose of processing (upguard.com).
    • Deletion: Right to request deletion of personal data that you have provided or that we have obtained about you (upguard.com).
    • Data Portability: Right to obtain a copy of your personal data in a portable and, to the extent feasible, readily usable format to transfer to another service (this is fulfilled by providing the access request data in a commonly used electronic format) (upguard.com).
    • Opt-Out: Right to opt out of certain data processing activities, namely: (i) targeted advertising, (ii) the sale of personal data (as defined by law – we do not sell data for money, and also treat targeted advertising opt-outs as covered), and (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you (upguard.com). If we engage in any of these activities, you may direct us to stop via an opt-out request. For targeted ads, we honor browser signals like the Global Privacy Control as an opt-out preference when legally required (natlawreview.com) (Colorado will implement a universal opt-out mechanism requirement (natlawreview.com), which we intend to comply with).
    • Appeal: If we decline to take action on a request you make under this section, you have the right to appeal our decision. We will provide instructions if we deny a request. Generally, you can initiate an appeal by contacting us and referencing the prior request. We will review appeals within the timeframe required by law. If your appeal is ultimately denied, Virginia, Colorado, and Connecticut allow you to contact your state Attorney General to submit a complaint.
  • Utah Residents (UCPA): Utah’s privacy law provides a more limited set of rights, but we extend the following to Utah residents:
    • Access: Right to confirm whether we process your personal data and to access a copy of that data (velotix.ai).
    • Deletion: Right to request deletion of personal data you provided to us (velotix.ai). (Note: Under UCPA this right applies to data you provided directly; nonetheless, we will consider deletion requests for all personal data we have about you, subject to exceptions.)
    • Data Portability: Right to obtain your data in a format that can be transferred to another entity (similar to above).
    • Opt-Out: Right to opt out of the processing of your personal data for targeted advertising and sale of personal data (velotix.ai). UCPA does not require an opt-out for profiling, and it does not provide a right to correct data (velotix.ai). (If you need something corrected, you may still request it and we will honor it as a courtesy.)
    • Non-Discrimination: UCPA, like other laws, prohibits discrimination for exercising rights (velotix.ai). We will not penalize you for making a privacy request.
How to Exercise Your State Privacy Rights: If you are a resident of CA, VA, CO, CT, or UT (or any user who wishes to exercise similar rights), you may submit a request to us by emailing [email protected] with the subject line “Privacy Rights Request” and detailing your request (e.g., “California Access Request” or “Colorado Opt-Out of Targeted Ads”). We will need to verify your identity to a reasonable degree of certainty before fulfilling requests – this may involve confirming details we have on file (such as sending the request from your registered email or providing other identifying information). For certain requests (like access or highly sensitive deletions), we may use a higher verification standard (for example, asking for additional confirmation). Authorized agents must provide proof of authorization. We will respond to your request within the timeframes required by law (generally, within 45 days for CCPA/CPRA (natlawreview.com) and within 45 days for VCDPA/CPA/CTDPA, with the possibility of a reasonable extension). If we need more time or cannot comply with your request in full, we will inform you and explain the reason (e.g. certain data may be exempt or we couldn’t verify your identity). There is no fee for making a request, unless requests become excessive or manifestly unfounded, in which case a reasonable fee may be charged or the request denied (as allowed by law). Privacy Rights for European Union/EEA and UK Individuals: If you are in the EU, EEA, Switzerland, or United Kingdom, you have the following data subject rights under the GDPR or UK Data Protection Act:
  • Right of Access: You can ask us to confirm if we are processing your personal data and request a copy of the data we hold about you (ico.org.uk), along with information on how we use it. This is similar to the access rights described above.
  • Right to Rectification: You have the right to have inaccurate personal data corrected or completed if it is incomplete (ico.org.uk). (You can often do this through your account settings as well.)
  • Right to Erasure: You have the right to request deletion of your personal data in certain circumstances (also known as the “right to be forgotten”) (itgovernance.eu). For example, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent and we have no other legal basis to keep it. This right is not absolute – sometimes we may retain data if we have a compelling legitimate ground or a legal obligation (we will inform you if so).
  • Right to Restrict Processing: You can ask us to limit the processing of your data in certain situations (ico.org.uk). For instance, if you contest the accuracy of data, or we no longer need the data but you want us to keep it just to exercise or defend legal claims, we will mark it and only process it for those limited purposes.
  • Right to Data Portability: You have the right to receive your personal data that you provided to us in a structured, commonly used, machine-readable format, and you have the right to transmit that data to another controller where technically feasible (upguard.com). This applies to data processed by us by automated means, based on your consent or on a contract. We fulfill this by providing CSV or JSON exports upon request, for example.
  • Right to Object: You may object to our processing of your personal data when it is based on our legitimate interests or for direct marketing purposes (ico.org.uk). If you object on legitimate interests grounds, we will evaluate your request and will stop or adjust processing unless we have compelling legitimate grounds that override your interests or if needed for legal claims. If you object to direct marketing, we will stop processing your data for those purposes immediately (this includes profiling related to direct marketing).
  • Automated Decision-Making: Atlas Athlete does not make any legally significant decisions about you solely by automated means. However, to the extent we ever do, you would have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal or similarly significant effects. You would also have the right to have any such decisions reviewed by a human. (Currently, AI insights provided by Ask EMMA or scoring algorithms do not constitute such decisions, as they are for informational purposes and you are free to accept or ignore them.)
  • Right to Withdraw Consent: If we rely on your consent for any processing of personal data (you will know because we would have asked you), you have the right to withdraw that consent at any time. For example, if you consented to share data from a third-party app, you can disconnect it (withdrawing consent won’t affect processing already done, but we will stop the processing going forward).
  • Right to Information: You have the right to clear and transparent information about how we use your data, which this Privacy Policy aims to provide (this corresponds to the GDPR “right to be informed”(edpb.europa.eu).
  • Right to Lodge a Complaint: If you believe we have infringed your data protection rights or processed your data unlawfully, you have the right to lodge a complaint with a Supervisory Authority in the EU member state where you reside, work, or where the issue occurred. For UK users, you can complain to the Information Commissioner’s Office (ICO). We would, however, appreciate the chance to address your concerns first – so we encourage you to contact us with any complaint, and we will do our best to resolve it.
To exercise any of the above EU/UK rights, please contact us at [email protected] (or [email protected]). We may need to verify your identity and residence country before processing your request. We will respond within one month of receiving your request, or inform you if we need more time (we can extend to two months for complex requests, but we’ll let you know within the first month if so). There is generally no fee, unless requests are excessive, in which case a reasonable fee might be charged as permitted by GDPR. Privacy Rights for Canadian Residents (PIPEDA): If you are in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) provides you with rights to access and correct your personal information, among other principles (termageddon.com):
  • Right to Access: You can request information about the existence, use, and disclosure of your personal information and be given access to that information (termageddon.com). This means you can ask us what data we have about you and get a copy. We will provide an account or description of the information within a reasonable time (generally within 30 days as per PIPEDA guidelines) (termageddon.com). We may need to verify identity and there are some exceptions (for example, we might not be able to provide information that reveals personal data about another individual, etc., without their consent).
  • Right to Correction: If any personal information we have is inaccurate or incomplete, you have the right to request a correctiontermageddon.com. If we agree, we will correct the information and, if reasonable, send the corrected info to any organization it was disclosed to. If we do not correct it (e.g., if we disagree that it’s inaccurate), we will note your challenge in the record.
  • Consent and Withdrawal: PIPEDA is largely consent-based. By using our Service, you consent to our collection, use, and disclosure of your personal information as outlined. You have the right to withdraw your consent at any time, subject to legal or contractual restrictions (termageddon.com). For example, you can withdraw consent for marketing emails by unsubscribing. If you withdraw consent for a purpose that is integral to the Service (like processing your assessment data), we will inform you of any consequences (such as no longer being able to provide that service).
  • Complaints: If you have a privacy concern, you can contact us (see Contact Us section). Additionally, Canadian residents have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC) if they believe their privacy rights have been violated. We will provide guidance on this if needed.
We will not require you to consent to the collection, use, or disclosure of information beyond what is necessary to provide the Service (this is known as not requiring “overly broad” consent). We also abide by Canada’s Anti-Spam Law (CASL) for commercial communications. Verification and Authorized Requests: For any privacy-related request (whether under state, federal, or international law), we will take steps to verify that the request is coming from the affected individual (or their authorized representative). This may involve asking you to confirm certain personal details we already have, or using existing authentication (logging in to your account to make the request, etc.). We will only use the information you provide in a request to verify and fulfill that request. Limitations: These rights are subject to certain exemptions and limitations by law. For example, we cannot provide access to information that contains legal privilege, or providing a copy of data might not include proprietary algorithms or data generated for internal analytics that is not personal data. If we deny a request, we will explain our reasoning to the extent permitted.

8. Children’s Privacy

Atlas Athlete is not directed to children under 13 in the United States or under the applicable age of consent in other jurisdictions (16 in the EU/UK by default, unless lowered by a member state to no less than 13). We do not knowingly permit children under 13 to use Atlas Athlete without verifiable parental consent. If you are under the age of 13, do not use or register for the Service unless your parent or guardian has provided consent through our verified parental consent process. For minors between 13 and 17 (or under the age of majority in your jurisdiction) who wish to use the Service, a parent or legal guardian must create the account, provide consent, and supervise the use of the Service. We require the parent/guardian to review and accept this Privacy Policy and our Terms of Service on the minor’s behalf. We do not knowingly collect personal information directly from a child – instead, we collect from the parent or from the child’s use under the parent’s oversight. COPPA Compliance: In compliance with the U.S. Children’s Online Privacy Protection Act, if we become aware that we have collected personal information from a child under 13 without proper parental consent, we will delete that information. Parents who have given consent for their child’s use can review the personal information collected from their child, revoke consent, or request deletion of their child’s information at any time by contacting us (see Contact Us). We will not require a child to provide more information than is reasonably necessary to use the Service. EU/UK Minors: For users in the EU or UK, we adhere to GDPR’s provisions on children’s data. If you are under 16 (or the lower age that your country has set for valid consent, which ranges from 13 to 16), please have your parent or guardian sign up and consent on your behalf. We will take steps to verify that parental consent is obtained for users under the required age. Advertising and Third-Party Distribution: We do not show targeted ads on the Atlas Athlete platform, and certainly not to minors. If our content is available on third-party platforms that include advertising (for example, if Atlas Athlete content is distributed through a partner app or service), we do not provide personal data of users we know to be under 16 (or under 13) to those platforms for targeted advertising purposes (kirkland.com). We also contractually require such third-party distribution partners to comply with applicable laws regarding children’s advertising (for example, to only serve contextual ads appropriate for general audiences, or to obtain parental consent if they were to personalize ads). However, we cannot control the advertisements that a third-party platform might show generally. Parents should supervise their children’s use of any platform to ensure content (including ads) is appropriate. In summary, if you are a parent or guardian and you allow your minor child to use Atlas Athlete, we will collect and use their information only as described in this Policy and with your consent. You can exercise the child’s privacy rights on their behalf (see Section 7), including accessing or deleting their data. We strongly encourage you to closely monitor your child’s usage of the Service. Please see Section 10 below for details on providing and revoking parental consent.

9. Third-Party Services and APIs

Atlas Athlete may integrate with or provide links to third-party services that are outside our control. This includes:
  • Wearable and Fitness Integrations: As noted, you may connect devices or apps (Apple Health, Google Fit, Fitbit, Garmin, etc.) to import or export data. When you do so, information will flow between Atlas Athlete and the third party. For example, if you sync a workout from Atlas to another app, or fetch your heart rate from a wearable into Atlas, that data exchange is governed by the third party’s terms. Their privacy policies will apply to any data they receive. We encourage you to review those policies and manage your permissions in those apps. We only share data with third-party integrations at your direction and consent.
  • Analytics and Measurement: We use third-party analytics tools (like Google Analytics, Mixpanel, or similar) to better understand usage of our Service. These providers may set cookies or use device identifiers to collect usage data (see Section 4 – Cookies). The information collected (such as page visits, session length, device info, etc.) is typically anonymized and aggregated. It helps us measure the effectiveness of product features and marketing campaigns. We do not allow our analytics providers to use the data for their own purposes; they act on our behalf under data processing agreements. However, if you prefer to opt out of analytics, you can disable cookies or use browser-based opt-out tools (as discussed in Section 4).
  • Advertising Partners: If in the future we partner with advertisers or ad networks (for instance, to promote Atlas Athlete on other platforms), those partners might use cookies or pixels on our site to measure ad performance (like a Facebook Pixel or Google Ads tag). We would list such partners here and ensure we obtain any necessary consent. Currently, we do not have such advertising pixels in our app experience.
  • Social Media or Sharing Features: The Service might enable you to share content to social media (for example, share a badge of your performance improvement to Instagram or Twitter). If you use these features, the information shared is subject to that social network’s policies. We will not post to your social accounts without your initiative.
  • External Links: Our website or app might contain links to external websites or services (for example, a link to a blog post, or an educational video on YouTube, or even Stripe’s terms as shown in our Payments section). If you click on a third-party link, you will be directed to that third-party’s site. We do not control and are not responsible for the content or privacy practices of external sites. We recommend you review the privacy policy of every site you visit through external links.
In all cases, any personal information you provide to a third-party service is provided directly to that third party and is subject to their policies. If a third-party integration is acting on our behalf (like an API that processes data for us), we’ll have a contract in place to protect your information. If the third party is providing their own service (like a wearable syncing data both ways), your information may be independently collected by them. Importantly, we do not share any health or personal data with third parties except as necessary to provide the Service or as described in this Policy. We do not share your data with any third-party advertisers without consent. If we introduce a new integration or third-party service that will access your data in a new way, we will update this Policy and notify you if appropriate, giving you the choice to utilize that integration or not.

10. Parental/Guardian Consent for Minors

Because Atlas Athlete may be used by minors with parental supervision, obtaining verifiable parental consent is crucial. The following outlines our parental consent requirements and process (applicable for parents/guardians of users under 18, and especially under 13 in the US):
  • Account Creation for Minors: A parent or legal guardian must create the account for a minor user. During signup, we will ask for the age or birth date of the user. If the age is under 18, we will either direct the minor to have a parent complete registration or request parent/guardian contact details to seek consent. For users under 13, we do not permit registration without completing a COPPA-compliant consent verification.
  • Consent Agreement: By creating or authorizing an account for your minor child on Atlas Athlete, you (the parent/guardian) acknowledge and agree to this Privacy Policy and our Terms of Service. Your acceptance gives us permission to collect, use, and share the child’s information as described.
  • Scope of Consent: You confirm the following when providing consent:
    • You are the parent or legal guardian of the minor user and have the authority to provide consent.
    • You authorize MMH to collect and process the minor’s personal data, which may include personal identifiers (name, etc.), contact info (for you and perhaps an email for the child if applicable), assessment videos, biometric and movement data, location (if enabled), wearable device data (if linked), and usage/activity logs.
    • You understand and allow that we will use this data to provide the Atlas Athlete services to your child (e.g., to generate fitness assessments, track progress, enable Ask EMMA questions) and for the other uses outlined in this Privacy Policy (like improving the service or ensuring security).
    • You permit MMH to disclose the minor’s performance data to specific third parties only when you initiate or approve it. For example, if you decide to share your child’s results with a coach, or join a team feature where a coach or group can see the child’s data, you authorize us to share that information with those designated parties. We will not share a child’s data with anyone else (except service providers as necessary) unless you direct us to or as required by law.
    • You understand that no personal information of your child will be used for targeted advertising or profiling. We will not show personalized ads to minors, and we will comply with COPPA’s requirement of obtaining additional consent for any potential third-party advertising uses (kirkland.com )(as of now, we simply avoid those uses entirely for minors).
    • You have the right to withdraw your consent at any time and can request deletion of your child’s personal data. If you revoke consent or delete the account, we will promptly stop collecting further data from the child and will delete the child’s personal information (subject to any retention rights under COPPA/GDPR for safety, legal claims, etc.). Revoking consent will likely result in termination of the child’s access to the Service, since we cannot provide it without processing their data.
    • You can review the information collected from your child at any time by contacting us (we may require verification to ensure we’re speaking with the parent). We will provide a description of the data we have for the child and honor any valid requests as detailed in Section 7 (such as access or deletion requests on the child’s behalf).
    • You acknowledge that consent is given electronically (e.g., by checking a consent box or signing an electronic form) and that we may employ methods such as requiring a credit card transaction (with no or minimal charge), video chat verification, or government ID check to verify you are indeed the parent or guardian, in line with COPPA rules for obtaining verifiable parental consent (kirkland.com). The specific verification method will be communicated during sign-up.
  • Parental Controls: As a parent/guardian, you may have access to a parent dashboard or settings in the app that allow you to manage your child’s experience. This could include viewing their progress, controlling certain privacy settings, and managing connections (e.g., approving coach access). We encourage you to utilize these controls and maintain an active role in supervising your child’s activity on Atlas Athlete.
  • Revoking Consent: To revoke consent and terminate your child’s account, you can contact us at [email protected] with the subject “Revoke Child Consent” or use any provided in-app tool. We will verify your identity and relationship, then deactivate and remove the child’s personal data as requested. Note that some residual information (like logs or backups) might persist for a short period, but we will not use it except for legal reasons if needed.
Our goal is to create a safe environment for young users interested in improving their fitness, while prioritizing their privacy and safety. If you have any questions about our children’s privacy practices, please contact us.

11. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, or as required or permitted by law. In practice, this means:
  • Active Accounts: For as long as you have an active account with us, we will keep your information. This allows us to provide the Service to you (for example, maintaining your historical performance data so you can track progress over time).
  • Inactive Accounts: If you stop using Atlas Athlete without formally deleting your account, we may eventually classify your account as inactive. We may retain your information for a period (e.g., up to 24 months) after your last interaction in case you return, to make it easy to reactivate and restore your data. After such period of inactivity, we may delete or anonymize the data associated with the account, unless we are required to keep it longer.
  • Account Deletion Requests: If you request deletion of your account (or specific data), we will delete the requested personal information from our active systems, and instruct any service providers to do the same, subject to the exceptions below. Backup copies might not be immediately deleted but will be purged in the normal backup rotation. We will also retain a record of your deletion request and basic information (like email or account ID) to ensure we don’t inadvertently recreate your account and for legal record-keeping.
  • Legal and Business Necessities: We may retain certain information after account deletion or inactivity for the following purposes:
    • Compliance with Law: To comply with legal obligations (e.g., maintaining records of transactions for tax, audit, and accounting purposes, or retaining information required by medical device or health regulations if applicable). For instance, financial transaction records might be kept for the legally required period (7 years in some jurisdictions).
    • Dispute Resolution and Enforcement: If we are resolving a dispute or enforcing our Terms (for example, an account that was banned for misuse), we might retain information necessary to prove the facts of the matter or to block re-registration. We also retain any information we reasonably believe may be needed for litigation or investigations by authorities.
    • Safety and Prevention: Information that is needed for detecting security incidents, fraud, and abuse may be kept as long as reasonably necessary. For example, IP addresses associated with suspected malicious activity might be retained to block future attacks.
    • Research or Statistics: As permitted by law, we may retain de-identified or aggregated data (which is no longer personal information) indefinitely for research, statistical analysis, and product development. For example, even if you delete your account, anonymized averages or AI learning derived from your data may be retained, but not in a form that could identify you.
When we no longer have a legitimate need or legal obligation to keep your personal data, we will securely delete or anonymize it. We take care to ensure that deletion is carried out in a secure manner to prevent any unauthorized access to the data in the process. Data Storage Periods:
  • Personal profile information and assessment data – retained until account deletion, then removed.
  • Communications (support emails, etc.) – retained for at least 2 years after resolution for quality and training, potentially longer if necessary.
  • Device and usage logs – raw logs may be rotated or deleted after a few months, but summarized analytics may be kept longer.
  • Parental consent records – retained as long as the associated child account exists, plus a reasonable period (e.g., 3 years) thereafter to demonstrate compliance with COPPA/GDPR.
  • Backup data – securely stored with encryption; typically overwritten within 30-90 days on a rolling basis.
If you have specific questions about our retention practices for a certain type of data, feel free to contact us.

12. Updates to This Policy

We may revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we update the policy, we will change the “Effective Date” at the top to the date of the latest revision. If we make material changes to how we collect, use, or share your personal information, we will provide a prominent notice to you of those changes. This may include posting a notice within the app or on our website, or contacting you via the email address associated with your account. For example, if we were to start collecting a new type of sensitive data or start using data for a new purpose not previously disclosed, we would let you know and obtain any required consent. We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting your information. Your continued use of the Service after any changes to this Policy constitutes your acceptance of the updated terms, to the extent permitted by law. If you do not agree with any updates, you should stop using the Service and may request that we delete your data. For significant changes affecting users in certain jurisdictions (e.g., if a new law requires new disclosures), we will tailor our notice and approach to ensure compliance (for instance, obtaining renewed consent if required).

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us. We are here to help and will respond as promptly as we can. Contact Information:
  • Email: [email protected] or [email protected] (please include “Privacy” in the subject line for privacy-related queries)
  • Address: MyMedicalHub Corporation – PO Box 663, Safety Harbor, FL 34695
You may also contact us through any in-app support chat or web contact form, if available, and indicate that your inquiry is about privacy. If you are contacting us to exercise a specific privacy right (as described in Section 7), please clearly describe your request and the jurisdiction you are in (so we can process it under the correct law). For example, “I am a California resident and would like to access my personal information” or “Please delete the account and data for [username/email].” We will make every effort to address your inquiry and resolve any concerns. Your privacy is important to us, and we welcome feedback on our privacy practices. Thank you for reading our Privacy Policy. By using Atlas Athlete, you trust us with your personal information, and we strive to honor that trust by handling your data responsibly and transparently.