Privacy Statement (UK) - athlemetrics

This privacy statement was last updated on February 5, 2026 and applies to citizens and legal permanent residents of the United Kingdom.

In this privacy statement, we explain what we do with the data we obtain about you via https://athlemetrics.com. We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:

we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
we first request your explicit consent to process your personal data in cases requiring your consent;
we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
we respect your right to access your personal data or have it corrected or deleted, at your request.

If you have any questions, or want to know exactly what data we keep of you, please contact us.

1. Purpose, data and retention period

We may collect or receive personal information for a number of purposes connected with our business operations which may include the following: (click to expand)

2. Cookies

Our website uses cookies. For more information about cookies, please refer to our Cookie Policy.

3. Disclosure practices

We disclose personal information if we are required by law or by a court order, in response to a law enforcement agency, to the extent permitted under other provisions of law, to provide information, or for an investigation on a matter related to public safety.

If our website or organisation is taken over, sold, or involved in a merger or acquisition, your details may be disclosed to our advisers and any prospective purchasers and will be passed on to the new owners.

We have concluded a data processing agreement with Google.

Google may not use the data for any other Google services.

4. Security

We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorised access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.

5. Third-party websites

This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.

6. Amendments to this privacy statement

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.

7. Accessing and modifying your data

If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information below. You have the following rights:

You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
Right of access: You have the right to access your personal data that is known to us.
Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.

Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.

8. Submitting a complaint

If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Information Commissioner's Office:

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

9. Children

Our website is not designed to attract children and it is not our intent to collect personal data from children under the age of consent in their country of residence. We therefore request that children under the age of consent do not submit any personal data to us.

10. Contact details

Pumpkin active
27 Old Gloucester Street
LONDON
WC1N 3AX
UNITED KINGDOM
United Kingdom
Website: https://athlemetrics.com
Email: contact@ex.comathlemetrics.com
Phone number: 17607025019

11. Data Requests

For the most frequently submitted requests, we also offer you the possibility to use our data request form

Annex

Annex to the Privacy Statement (Details of Processing) This Annex provides additional transparency about the categories of personal data we process, the purposes and lawful bases for processing (where applicable), our retention approach, and the third parties that may process data on our behalf. 1) Controller / Contact • Controller: [Pumpkin Active] • Website: [https://athlemetrics.com/] • Contact email: [[email protected]] • Business address (if applicable): [27 Old Gloucester Street LONDON WC1N 3AX UNITED KINGDOM] 2) Categories of Personal Data We May Process Depending on how you interact with the site, we may process: • Account & Identity Data: name, username/alias, email, password (hashed), subscription status. • Billing & Transaction Data: billing name, billing address (if collected), payment status, invoices/receipts, partial payment identifiers (we do not store full card details). • Service Usage Data: plan tier, API key status/metadata, rate-limit events, feature usage, support history. • Device & Log Data: IP address, device identifiers, browser type, timestamps, referral URLs, error logs. • Analytics Data: page views, clicks, approximate location (derived from IP), cookie identifiers, session IDs (depending on your cookie choices). • Communications Data: messages sent via email/webforms, attachments you submit. 3) Purposes, Lawful Bases, and Examples Where the GDPR/UK GDPR applies, we rely on the following lawful bases (as appropriate): A. Provide the Service (Account, Subscription, Access) • Purpose: create and manage accounts, enable subscription access, deliver digital services/features (e.g., API access). • Lawful basis: Performance of a contract (to provide what you requested), and where needed legitimate interests (service security and quality). • Typical data: email, username, subscription status, service usage, IP/log data. B. Payments, Billing, and Fraud Prevention • Purpose: process payments, handle invoices/receipts, manage disputes/chargebacks, prevent fraud. • Lawful basis: Performance of a contract, legal obligation (accounting/tax where applicable), and legitimate interests (fraud prevention, security). • Typical data: billing identifiers, transaction status, IP/log data, limited payment metadata. C. Customer Support & Communications • Purpose: respond to requests, troubleshoot, provide customer support. • Lawful basis: Legitimate interests (support and service improvement) and/or performance of a contract. • Typical data: email, messages, logs related to the issue. D. Analytics & Product Improvement • Purpose: understand usage, improve site performance and user experience, measure marketing effectiveness (if enabled). • Lawful basis: Consent (for non-essential cookies/trackers where required) and/or legitimate interests for strictly necessary, privacy-respecting measurement (where permitted). • Typical data: cookie IDs, device data, usage events, approximate location (IP-derived). E. Compliance and Protection of Rights • Purpose: comply with applicable laws, enforce terms, protect our rights and users’ safety. • Lawful basis: Legal obligation and legitimate interests. • Typical data: account records, billing records, logs, correspondence. F. Marketing Emails (Only if you subscribe) • Purpose: send newsletters or promotions. • Lawful basis: Consent (opt-in) or other lawful basis permitted by local law; you can opt out anytime. • Typical data: email, subscription preferences, email interaction metrics (if enabled). 4) Data Retention (General Rules) We retain personal data only as long as necessary for the purposes described above. Common retention periods (unless law requires longer or you request earlier deletion where applicable): • Account & service records: kept during the active subscription and typically up to [12 months] after termination for dispute handling, security, and service integrity. • Billing & tax records: typically kept for [6 years] (or longer if local law requires). • Support communications: typically kept for [12–24 months]. • Security logs (IP, access logs): typically kept for [30–180 days]. • Analytics data: typically kept for [14 months] (or your configured analytics retention period). • Backups: retained for [X days/weeks] on a rolling basis. You may request deletion where applicable; some data must be retained due to legal obligations or legitimate interests (e.g., fraud prevention and security). 5) Cookies and Similar Technologies (Summary) We use cookies and similar technologies for: • Strictly necessary: login/session, security, checkout flow, fraud prevention. • Preferences: language or UI preferences. • Analytics: measurement and performance insights. • Marketing (if enabled): ad performance measurement / remarketing. Where required by law, non-essential cookies are used only after you provide consent via our cookie banner/settings. 6) Third Parties / Processors We May Use We may share limited personal data with trusted vendors who process it on our behalf, such as: • Payment processors: [STRIPE / PAYPAL / SURECART PAYMENTS] — process payments and billing-related data. • E-commerce/subscription platform: [SURECART / WOOCOMMERCE / OTHER] — manages checkout/subscription and customer portal. • Analytics providers: [GOOGLE ANALYTICS / OTHER] — usage measurement (subject to your cookie choices). • CDN / Security / DDoS protection: [CLOUDFLARE] — content delivery, security filtering, performance. • Hosting / infrastructure: [YOUR HOST / CLOUD PROVIDER] — website hosting, databases, storage. • Email delivery / newsletters: [MAILCHIMP / SENDGRID / OTHER] — email sending and list management (if used). • Customer support tools: [ZENDESK / INTERCOM / OTHER] — support ticketing/chat (if used). • Logging/monitoring: [SENTRY / DATADOG / OTHER] — error reporting and monitoring (if used). These vendors are contractually required to protect personal data and use it only for providing services to us. 7) International Transfers If personal data is transferred outside the UK/EEA, we use appropriate safeguards, such as: • adequacy decisions (where available), and/or • Standard Contractual Clauses (SCCs) and supplementary measures, and/or • equivalent UK transfer mechanisms. 8) EU/UK Consumer Digital Services Note (Withdrawal / Digital Delivery) If you purchase a digital service/subscription, access may start immediately after purchase. Where required, we may ask you to confirm that you request immediate performance of the service and acknowledge that, once performance begins, you may lose the statutory right of withdrawal for that digital content/service (where applicable under EU/UK consumer rules). 9) Your Rights (Where GDPR/UK GDPR Applies) You may have the right to request access, correction, deletion, restriction, portability, and to object to certain processing. You may also withdraw consent at any time for processing based on consent (this does not affect prior processing). To exercise rights: contact [[email protected]]. 10) Updates to This Annex We may update this Annex from time to time to reflect changes in legal requirements or our processing practices. The updated version will be posted on this website with an updated “Last updated” date. Last updated: [2.5.2026]