1. WHAT PERSONAL INFORMATION WE COLLECT AND WHEN AND WHY WE USE IT
Breakaway primary purpose is to deliver the App to Breakaway subscribers. Our App assists our subscribers in reaching their peak physical potential. Our mission is to unlock the thrill, joy, and pursuit of peak performance for everyone who seeks it. The data we collect is always in service of this mission, and our ability to run a going concern to support this mission.
The information we collect from you allows you to log into, and use, our Services.
We will only collect, use, and share your personal information where we are satisfied that we have an appropriate legal basis to do this. Generally, the Personal information we may store includes first and last name, email, date of birth, gender, and time zone for our users. Additionally, when importing user activities we may have access to precise location information for the user’s rides. Location information is securely stored and not revealed to any other users.
All basic user information and personal information is stored in our Postgres database, which is currently provided by Heroku. Our database has strict access controls using industry best practices and is only accessible by our application servers and our engineering team. Our Postgres instances all utilize encryption-at-rest so any information on disk is encrypted.
Activity information is processed when it is sent to us and a backup of the raw data is kept in an access controlled Amazon Web Services (AWS) S3 bucket in the event that we may need to reprocess the information in the future. The S3 bucket is only accessible by our import processors and key members of the engineering team.
Breakaway does not store passwords, but rather utilizes external authentication providers, namely Apple and Google. As such, we do not utilize passwords directly and only store OAuth tokens, which are unique to our App and generated by our authentication providers. For storage policies related to the external providers please see
Apple and
Google.
The chart below summarizes when we collect personal information, the sources from which that information was collected, the types and categories of personal information we collect, how we use the personal information, and the legal basis for our use of such personal information.
Sources From Which We Collect Personal Information
Categories and Types of Personal Information We Collect
The Business or Commercial Purpose and Legal Basis for Collecting Your Personal Information
From you when you register for, and use, the App.
• Identifiers
• Information protected by California security breach law
• Internet/electronic activity
• Commercial information
• Inferences
• Geolocation
During the creation, management and use of the Services, and through social media login (to the extent applicable) we collect first and last name, email address, physical address, phone number, birth date, gender, password, personal description and preferences, physical attributes, physical performance data, information about your activities and interests, transaction information including payment information, and purchase history. We may, in the future, collect information related to your physical location when engaging the App.
We use this information to contact you to finalize your order, process your order, manage payment, manage any contact you have with us about the Services, manage any dispute relating to the Services, run analytics or collect statistics, and to communicate with you about your use of our Services. If you place a purchase using a registered account, we will add this transaction to your profile so we can understand your interests and preferences and you will see a record of your transactions.
Our legal basis for using this information includes (1) consent, (2) performance of a contract so you can create and manage your account, (3) our legitimate interests which include to improve our Services, better engage with you, prevent fraud, and secure our App and Website, and (4) to comply with a legal obligation.
From Cookies or similar technologies (“cookies”) when you visit our Website, or receive and view our emails.
• Identifiers
• Internet/electronic activity
• Inferences
We may collect data related to your use of our Website including where you came from, login details, pages you looked at, duration of your visit, your interaction with an email we send you, geographic location, and/or the links you click.
Technical information collected includes your browser type and operating system, device information, your Internet Protocol (“IP”) address, and your unique ID which is given to each visitor and expiration of date of the ID.
We use this information to tailor our Website for you, show you recommendations, marketing or content based on your profile and interests, understand your interaction with and measure the relevance and effectiveness of our emails. This information also allows our Website and App to function properly and enables us to display content properly, to remember your preferences, and remember your login details. We also use this information to record unique page visits and potentially to measure reactions to our advertising campaigns which enables us to improve future offers. (We provide additional information in this Notice about how to opt-out of targeted advertising and data sharing to third parties.)
Our legal basis to use this information includes (1) your consent (to store cookies on your device) and (2) our legitimate interests, including to improve our Website and Services, to better engage with you, and to secure our Website.
From you when you set your preferences for or subscribe to receiving our marketing communications.
• Identifiers
• Information protected by California security breach law
• Commercial information
• Inferences
We collect first and last name, email address and desired password, displayed name, date of birth, personal description or preferences, order details, user generated content, other information you have shared about yourself, subscription preferences and payment information.
We use this information to send you marketing communications. We use this information to keep an up to date suppression list if you have asked us not to be contacted and to run analytics or collect statistics.
Our legal basis for using this information include (1) our legitimate interests which include to improve our Website and Services and to better engage with you, and (2) consent.
From you when you ask questions relating to our Services, your subscription, your account or rights, and customer support.
• Identifiers
• Information protected by California security breach law
• Commercial information
• Audio data
We may collect first and last name, email address, phone number, date of birth, and other information you have shared with us about yourself in relation to your enquiry (which may include activities and interests). If you call and speak with a customer service representative, that call may be recorded for training purposes.
We use this information to communicate with you about your use of our Services.
Our legal basis for using this information includes (1) consent to provide you with the service you have requested or (2) our legitimate interests which include to improve our Services, to better engage with you and to secure our Website and App.
From External Services that our relied on, used by, and incorporated into our Services.
• Identifiers
• Information protected by California security breach law
• Internet/electronic activity
• Commercial information
Our External Service providers include Apple, Google, Garmin, Hammerhead, Peloton, Strava, Wahoo and Zwift. We use the authentication services of Google and Apple to provide an easy login in which we access, and store your account ID information, access token and refresh token. We use the APIs for Google, Garmin, Hammerhead, Peloton, Strava, Wahoo and Zwift to access your activity information (i.e., your rides and associated ride data) in which we also access your account ID information, user name and password which are all stored by us in encrypted form using AES-256-CBC.
We use this information to allow you gain access to, and use, the Services, run analytics or collect statistics, and to generally provide you with Services including improving your overall experience.
Our legal basis for using this information includes (1) consent, (2) performance of a contract so you can use and get the most out of the Services, (3) our legitimate interests which include to improve our Services, better engage with you, prevent fraud, and secure our App and Website, and (4) to comply with a legal obligation.
In addition to the purposes for collecting your information that are listed in the table above, we may also use your information for the following purposes which we consider to be everyday business purposes:
• For identity and credential management, including identity verification and authentication, system and technology administration
• To protect the security and integrity of systems, networks, applications and data, including detecting, analyzing and resolving security threats, and collaborating with law enforcement or other groups about imminent threats
• For fraud detection and prevention
• For legal and regulatory compliance,
• For audits, including financial, security, or compliance audits, and analysis and reporting,
• To enforce our contracts and to protect against injury, theft, legal liability, fraud or abuse, to protect people or property, including physical security programs,
• To make back-up copies for business continuity and disaster recovery purposes, and
• For corporate governance, including mergers, acquisitions and divestitures.
2. PERSONAL INFORMATION WE OBTAIN FROM EXTERNAL SERVICES
As explained in the chart above, the External Services providers such as Zwift, Strava and Wahoo provide us your activity data from using those External Services which is an important aspect to allowing Breakaway to provide you with the best possible experience and enjoyment with the use of our Services. Those External Services have their own privacy policies and rules and regulations about the use and sharing of your activity data.
3. HOW WE SHARE PERSONAL INFORMATION WITHIN BREAKAWAY AND WITH OUR SERVICE PROVIDERS, AND OTHER PARTNERS
We may share any of the categories of personal information we collect for our own business purposes, as further described below:
• With our affiliates or subsidiaries where such disclosure is necessary to provide you with our Services or to manage our business.
• With companies who help manage our business and deliver services, for example, IT service providers who help manage our IT and back-office systems, process credit card payments, or administer our Website and App. These companies have agreed to confidentiality restrictions and have agreed to use any personal information we share with them, or which they collect on our behalf, solely for the purpose of providing the contracted service to us.
• With AI models and companies that provide these models such as but not limited to OpenAI where we may share your data in order to better generate our own internal models and improve our offering to the user. It should be noted that no data shared with these third parties is used to train external or third party models, rather it is shared in order to leverage the generative AI models that when connected with our own trained models, can better improve our service for the user.
• Subject to applicable legal requirements, with another company in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business assets to such company.
4. HOW WE SHARE PERSONAL INFORMATION WITH THIRD PARTIES FOR THEIR OWN BUSINESS PURPOSES
Subject to any rights you may have as described in this Notice, Breakaway may also share your personal information with third-party partners for their own business purposes including for them to provide you offers of related products and services. The table below provides additional information about that sharing.
Sources of Personal Information We Share
Categories and Types of Personal Information We Collect
Categories of Third Parties with Whom Personal Information is Shared for their Own Business Purpose
Business Purpose for Sharing Personal Information
Information that you provide to us: We collect personal information that you provide to us when you set up an account with us, use our Services, or communicate with us.
Information collected through technology: When you visit our Website or App we may collect certain information about your location, usage, computer or device through technology such as cookies. We may collect geolocation in the App for the purpose of enabling location-based Services and enhancing the Services generally.
• Identifiers
• Commercial information
• Internet/electronic activity
• Geolocation
• Inferences (such as consumer preferences)
We may share your name, contact information including telephone number, email address, or postal address, information about the services we provide to you, information about your preferences including marketing preferences, information collected through your internet-based activity.
• Third-party partners who provide offers of related products and services
• Advertising networks
• Internet Service Providers
• Data analytics providers
• Government entities and agencies, law enforcement and regulators,
• Operating systems and Platforms
• Charities and Fundraising Platforms
• Social Networks
• Logistics service providers
• Provide you offers of related products and services
• For personalized marketing purposes
• To fulfill your request when you use the Services to sign up for or purchase a product or service from a partner company.
• To enable the delivery of packages to you
• To comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies.
We may share in aggregate, statistical form, non-personal information regarding the visitors to our Website, traffic patterns, and website usage with our partners, affiliates or advertisers.
5. COOKIES
Cookies are files with small amounts of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.
We use cookies to collect information to enable us to interact with you more efficiently, and to operate and improve the Website and our Services. For example, cookies help us with things like remembering your user name for your next visit, understanding how you are using our Services, and improving our Website and Services based on that information (essential purposes). We also use cookies for non-essential purposes like analytics and marketing that some of our third-party partners may use to contact you about products or services they offer. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Website.
Use By Non-US Residents
Our Website and App are operated in the United States under United States law. We do not intentionally offer goods and services to individuals outside of the United States. If you reside in another country, please be aware that any information you provide to us will be collected and stored in the United States or other countries that may have data privacy laws that are less protective than the laws where you reside.
6. HOW WE PROTECT AND STORE PERSONAL INFORMATION
Security
We have implemented and maintain appropriate technical and organizational security measures, policies and procedures designed to reduce the risk of accidental destruction, or loss, or unauthorized disclosure or access to such information appropriate to the nature of the information concerned, including:
• (where appropriate) password protection, encryption, and use of secure communication transmission software (known as "transport layer security" or "TLS") to protect our Website;
• placing confidentiality requirements on our employees and service providers;
• destroying or permanently anonymizing personal information if it is no longer needed for the purposes for which it was collected; and
• following strict security procedures in the storage and disclosure of your personal information to prevent unauthorized access to it. While we take appropriate technical and organizational measures to safeguard your personal information, no transmission over the Internet can ever be guaranteed to be secure. Therefore, we cannot guarantee the security of any personal information that you transfer over the Internet to us and any such transmission is at your own risk.
As the security of personal information depends in part on the security of the computer you use to communicate with us and the security you use to protect usernames and passwords, you should take steps to protect against unauthorized access to your password, computer, and web-enabled devices, among other things, by signing off after using a shared computer, inserting a password on your web-enabled device, choosing a password that nobody else knows or can easily guess, keeping your password private, and periodically changing your password. You should never share your log-in information with others. We are not responsible for any lost, stolen or compromised passwords, or for any activity on your account via unauthorized password activity.
Storing your personal information
We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this Notice. Where your information is no longer needed, we will ensure that it is disposed of in a secure manner. In some circumstances we may store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements.
In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
7. EXPLAINING MORE ABOUT MARKETING, PROFILING AND AUTOMATED DECISION MAKING
How we use personal information to keep you up to date with our Services
We may use personal information to let you know about our Services that we believe will be of interest to you. We may contact you by email, post, social media, telephone, or through other communications channels that we think you may find helpful. In all cases, we will respect your preferences for how you would like us to manage marketing activities with you.
We also work with third parties, such as promotional partners and others with whom we have marketing or other relationships. In accordance with applicable law, these third parties may contact you by email, SMS/text, social media or through other communications channels to tell you about products and services that they believe would be of interest to you.
How you can manage your marketing preferences
To protect privacy rights and to ensure you have control over how we manage marketing with you:
• We will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you;
• At any time you can update or correct your personal profile, or change your preferences for the way in which you would like us to communication with you, including how you receive details of latest offers from us;
• If you have an online account with us, the easiest way to make updates to your marketing preferences and/or change your personal details is to log onto your account. You can also click the “unsubscribe” link that you find on any online newsletters you receive or contact customer support team at support@breakaway.app. You can ask us to stop direct marketing at any time –you can ask us to stop sending email marketing by sending an email to the following email address:
info@breakaway.app;
• You can change the way your browser manages cookies, which may be used to deliver online advertising, by following the settings on your browser.
We recommend you routinely review the privacy notices and preference settings that are available to you in your account with us. Further, if (in accordance with your marketing preferences) you receive marketing from the third parties referred to above, we recommend you review any relevant third party's privacy notice for how they use your personal information. If you unsubscribe from marketing communications from us, you will still receive operational and service messages from us regarding your use of the Services.
When and how we undertake profiling and analytics
We may aggregate personal information and remove any identifying elements in order to better understand how users access and use our Website and Services for other research purposes.
We may undertake profiling and analytics to improve our Website and Services by providing personalized experiences, location customization, personalized help, and instructions.
This means that we may automatically process personal information to evaluate certain personal aspects about an individual, in particular to analyze or predict aspects concerning personal preferences, interests, behavior, location or movements. When we send or display personalized communications or content, we use some profiling techniques. This means we may collect personal data about you in the different scenarios mentioned above and use this data to analyze, evaluate, or predict your personal preferences, interests, behavior and/or location.
Based on our analysis, we then send or display communications or content specifically tailored to your interests and needs.
You may have the right to object at any time to the use of your personal data for “profiling”. Please see “LEGAL RIGHTS” section below.
Some of the legitimate purposes for which we profile personal information include:
• to obtain a better understanding of what you would like to see from us and how we can continue to improve our Services for you;
• to personalize the service and offers you receive from us;
• to provide you with tailored content online and optimize your experience of our Website and Services;
• to provide you with tailored advertisements on other websites you visit and social media and digital platforms;
• to share marketing material we believe may be of interest to you, including from other Breakaway affiliates and our third party partners;
• to help us operate our Services more efficiently;
• to authenticate log-ins on our Website and App and detect and prevent fraud.
Where required under applicable privacy laws:
• we will take steps to ensure that prior to profiling your personal information for a legitimate interest that our legitimate interest is not overridden by your own interests or fundamental rights and freedoms;
• you may have rights to opt out of sharing your personal information with third parties for their own business purposes. You can learn more about such rights in the “LEGAL RIGHTS” section; and
• you may have rights to object to us profiling your personal information. You can learn more about such rights in the “LEGAL RIGHTS “ section.
8. LEGAL RIGHTS
Right to access personal information
You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred. You can exercise this right by emailing us at info@breakaway.app and requesting a copy of your personal information. We will respond to your request within a reasonable timeframe.
Right to correct or delete personal information
You have a right to request that we correct inaccurate personal information. You can also request that we delete your personal information where:
• it is no longer needed for the purposes for which it was collected; or
• you have withdrawn your consent (where the data processing was based on consent); or
• following a successful right to object; or
You can exercise these rights by emailing us at
info@breakaway.app and requesting that we correct or delete your personal information.
We may not delete your personal information if the processing of your personal information is necessary:
• for compliance with a legal obligation; or
• for the establishment, exercise or defense of legal claims.
Right to object to the processing of your personal information
You can object to any processing of your personal information. If you raise an objection, we have the option to contest your objection on the grounds we have compelling legitimate interests which override your objection.
Right to object to how we use your personal information for direct marketing purposes
You can request that we change the manner in which we contact you for marketing purposes.
You can request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.
9. LEGAL RIGHTS AVAILABLE TO CALIFORNIA RESIDENTS
California residents have specific rights regarding their personal information.
Right to Know About Personal Information Collected, Disclosed, or Sold
You have the right to request what personal information of you we have collected, used, disclosed, or sold over the past 12 months. We have already provided above information about the categories of personal information we collect, the sources from which we collect, the purpose for which it was collect, and the third parties with whom we may share with above.
Right to Request Deletion of Personal Information
You have the right to request that we delete the personal information that we have collected or maintain about you, subject to certain exceptions.
Right to Opt-Out
You have the right to opt-out of the sharing of your personal information with third parties for their own business purposes by emailing us at info@breakaway.app and stating that you would like to opt-out of sharing your personal information with third parties for their own business purposes.
How to Exercise Your Rights to Access and Deletion
To exercise your right to access your personal information or your right to delete personal information, please submit a request to us in one of the following ways:
Email us at
info@breakaway.app or
In order for us to honor your access or deletion request, you must provide us with enough information to reasonably verify your identity. We may ask you for information associated with your account, which might include your name, email, address, and phone number. We will confirm receipt of your request within 10 business days and respond to requests for access and deletion within 45 days. We will also let you know if we are not able to verify your identify based on the information you have provided.
10. CONTACT US
Breakaway regularly reviews its policies, procedures and practices regarding personal information and this Notice.
The primary point of contact for all issues arising from this Notice is our CEO. Our CEO can be contacted in the following ways:
Email:
info@breakaway.app Attn: Data Protection Officer
Breakaway Industries, Ltd.
3495 Lakeside Drive # 1319
Reno, NV 89509
If you have any questions, concerns or complaints regarding our compliance with this Notice, the information we hold about you or if you wish to exercise your rights, we encourage you to first contact us. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honor your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.
We may update this Notice from time to time. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
