Privacy Policy

Last updated: July 17th 2025

1. Who We Are

The Progress Project FZE (“The Progress Project,” “we,” “our,” “us”) is a UAE-registered Free Zone Enterprise that operates:

• SwimFast Monthly Coaching (remote swim-coaching service)
• DoZA Monthly Coaching (remote triathlon-coaching service)
• and related websites (collectively, the “Sites”)

This Policy explains how we collect, use, disclose, and protect your information when you visit or use any of our Sites, apps, or coaching services (the “Services”).

2. Scope

This Policy applies to information we process as:

• Data Controller for our athletes, subscribers, and site visitors; and
• Data Processor when coaches use the SwimFast Programming App to process data about their athletes.

It does not cover third-party websites or services that link to their own privacy statements.

3. Information We Collect

(a) Identity Data
➜ Examples: name, username, date of birth, gender
➜ How We Collect: sign-up and intake forms, questionnaires, billing forms
(b) Contact Data
➜ Examples: postal address, email, phone
➜ How We Collect: sign-up and intake forms, questionnaires, billing forms
(c) Account Data
➜ Examples: login credentials, authentication tokens
➜ How We Collect: account creation
(d) Payment Data
➜ Examples: last-4 of card, billing address code (processed by Telr; we never see full card)
➜ How We Collect: checkout via Telr
(e) Coaching Data
➜ Examples: swim videos, stroke analysis notes, performance metrics, training logs, Garmin activity files
➜ How We Collect: manual uploads; API integrations (Garmin Connect, TrainingTilt, etc.)
(f) Device / Usage Data
➜ Examples: IP, browser type, referring URLs, pages viewed, cookies, session IDs
➜ How We Collect: cookies, pixels, log files
(g) Marketing Data
➜ Examples: email preferences, survey responses
➜ How We Collect: opt-in forms, cookies

Training data: When you connect a Smart Watch account, we receive workout files, heart-rate data, GPS metrics, and other activity details through various Developer Program APIs. Collection and processing occur only after you grant explicit, revocable consent within Garmin Connect.

4. Legal Bases (GDPR / UK GDPR)

• Purpose: Provide and administer coaching Services
  Legal basis: Contract performance
• Purpose: Process payments via Stripe
  Legal basis: Contract performance & legitimate interest
• Purpose: Deliver targeted product updates or marketing
  Legal basis: Consent (where required)
• Purpose: Improve Sites & Apps (analytics, debugging)
  Legal basis: Legitimate interest
• Purpose: Comply with laws (tax, accounting, requests from authorities)
  Legal basis: Legal obligation

You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

5. How We Use Your Data

• Service delivery – personalize workouts, calculate pacing, analyze videos, generate reports.
• Integrations – pull/sync completed workouts from Garmin Connect; push planned sessions to TrainingTilt or your calendar.
• Payments & subscriptions – Telr processes card data; we receive tokens and status only.
• Support & communications – respond to emails, chat, or push notifications.
• Security & fraud prevention – monitor suspicious activity, enforce our Terms of Service.
• Analytics & product development – aggregate usage metrics (never identifying you) to improve features.

6. Sharing & Disclosure

We do not sell your personal information. We share it only with:

• Our service providers (hosting, email, authentication, payment gateway, video storage) bound by confidentiality agreements.
• Legal & compliance authorities to comply with subpoenas, court orders, or similar legal processes.
• Business transfers (e.g., mergers, acquisitions, asset sales) under this Policy.

7. International Transfers

Data is primarily stored in the United States. When transferring from the EEA/UK or Switzerland, we rely on:

• Standard Contractual Clauses approved by the European Commission
• Another valid transfer mechanism under GDPR

8. Data Retention

• Coaching records: 7 years after the last coaching interaction.
• Payment/transaction records: 7 years.
• Smart Watch data: until you disconnect your Smart Watch account or 30 days after account closure, whichever comes first.
• Marketing contact lists: until you unsubscribe or 2 years of inactivity.

9. Security

We use industry-standard safeguards: encryption in transit (TLS 1.3), encryption at rest (AES-256), role-based access, annual penetration testing, and PCI-DSS-compliant Stripe processing.

10. Cookies & Similar Tech

We use first-party cookies for:

• Session management (login)
• Preferences (dark mode, language)
• Analytics (aggregate traffic)

You can disable cookies via browser settings, but some features may break.

11. Your Rights

• EEA/UK: access, rectification, erasure, restriction, portability, objection, lodge complaint with supervisory authority
• California (CCPA/CPRA): know, delete, correct, opt-out of “sharing,” non-discrimination
• U.S. (general): notice, access, opt-out of marketing, data-breach notification
• Children: We do not knowingly collect data from anyone under 13 (COPPA). Parents may request deletion via the contact methods below.

To exercise rights, email hello@icanswimfast.com

12. Marketing & CAN-SPAM

We send email newsletters only with your opt-in. Every email includes an “Unsubscribe” link; we honor requests within 5 business days.

13. Telr Payment Compliance

All card data is handled by Telr; we never store full card numbers or CVV. Our checkout pages load Telr-hosted scripts over TLS. We provide notices and obtain any consents required for Stripe’s own processing.

14. Changes to This Policy

We may update this Policy. If we make material changes, we will post the revised Policy on our Sites at least 7 days before it takes effect, and email registered users.

15. Contact

The Progress Project FZE
Email: hello@icanswimfast.com