Thank you for choosing to be part of our community at TrainWithKurtis ("Company", "we", "us", or "our"). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our notice, or our practices with regards to your personal information, please contact us at trainwithkurtis@duck.com.
When you visit our website https://www.trainwithkurtis.com, and use our services, you trust us with your personal information. We take your privacy very seriously. In this privacy notice, we seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. We hope you take some time to read through it carefully, as it is important. If there are any terms in this privacy notice that you do not agree with, please discontinue use of our Sites and our services.
This privacy notice applies to all information collected through our website (such as https://www.trainwithkurtis.com), and/or any related services, sales, marketing or events (we refer to them collectively in this privacy notice as the "Services").
We are committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) to the extent they apply to us. We treat health and fitness data as sensitive and handle it with particular care.
Please read this privacy notice carefully as it will help you make informed decisions about sharing your personal information with us.
We collect personal information that you voluntarily provide when you register for the Services, express interest in obtaining information about us or our products, participate in activities on the Services, or otherwise contact us. This may include:
As a health and fitness service, we collect information about your physical activity and health, including:
We treat this information as "health information" and "sensitive information" and handle it accordingly under the Privacy Act 1988 (Cth). We collect and handle it with your consent, including where you choose to enter it into the Services. You may withdraw consent at any time by contacting us, though this may limit your ability to use the Services.
We automatically collect certain information when you visit, use or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies.
We use personal information collected via our Services to:
Marketing emails: We do not currently send marketing emails. If we do in the future, we will do so in compliance with applicable legislation and will use a clear opt-in process (including double opt-in where appropriate) and provide an easy unsubscribe mechanism.
We will only use your health information for the purposes for which it was collected (primarily to provide you with fitness coaching services) or for a directly related purpose, unless you consent otherwise or we are required to do so by law.
We may share limited data with third-party service providers who assist us in operating our Services. These providers are required to handle your information in accordance with our instructions and applicable law. Categories of recipients include:
We do not sell personal information.
Some of our service providers may be located or may process information outside Australia, including in the United States of America.
LLM processing in the United States: While our core application infrastructure is hosted in Australia (ap-southeast-2), our LLM features may run in AWS us-east-1. Depending on how you use the Services and what you submit, LLM processing may involve processing any data you enter into the app (including health and fitness information) in the United States.
Before disclosing your information to an overseas recipient, we take reasonable steps to ensure the recipient handles it in a way that is consistent with applicable privacy requirements. Overseas recipients may be subject to different privacy laws than those in Australia.
We may use cookies and similar technologies to collect information about how you use our site and app. These help us understand performance and improve our Services. You can disable cookies in your browser or block them entirely through your settings.
We collect basic website and application logs and metrics (for example, server logs and error reports) to help operate and secure the Services, troubleshoot issues, and understand usage at a high level.
We do not currently use third-party advertising trackers on the Services.
Crash and error reporting: We may use third-party crash and error reporting tools to help identify and fix bugs. These tools may receive limited technical information such as device and browser details, app version, timestamps, error diagnostics, and (in some cases) IP address. We do not use these tools for advertising.
We will only keep your personal information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law. Retention requirements may vary depending on the relevant legislative region and the types of records involved.
Legal/tax/compliance retention: Where we are required (or permitted) to retain certain information to comply with legal, tax, accounting, or regulatory obligations, we will retain it for the period required under the applicable laws in the relevant legislative region.
Deletion and de-identification: By default, we will de-identify personal information (including health information) within 30 days of a verified deletion request, or after 7 years following account closure, whichever is earlier. Where you request deletion and we are not required to retain the information for legal, tax, accounting, or regulatory reasons, we will delete it. Where retention is required, we will take reasonable steps to limit access to retained information and delete or de-identify it once it is no longer required.
To request deletion, contact us at trainwithkurtis@duck.com.
After these retention periods, we will take reasonable steps to securely destroy or de-identify your personal information.
We implement appropriate technical and organizational security measures to protect your personal information, such as access controls and operational safeguards. However, please remember that no method of electronic storage or transmission is 100% secure.
Notifiable Data Breaches: We are subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth). If we experience an eligible data breach that is likely to result in serious harm to you, we will notify you and the Office of the Australian Information Commissioner (OAIC) as soon as practicable.
In addition to our obligations under Australian law, we comply with data breach notification laws in all US states. If we experience a data breach that compromises the security of personal information of US residents, we will:
Our Services are not directed to children, however minors may use the Services only with the verified consent of a parent or legal guardian. If you are under 18, please do not create an account or provide personal information unless your parent or legal guardian has provided verified consent.
By registering a minor for our Services, the parent or legal guardian consents to the collection, use, and disclosure of the minor's personal information (including health information) as described in this notice.
We typically obtain documented consent from a parent or legal guardian using one of the following methods:
Our Services are not directed to children under 13 years of age. In compliance with the Children's Online Privacy Protection Act (COPPA), we may allow children under 13 to use our Services only with verified parental consent obtained through one of the following methods:
If we learn that we have collected personal information (including health information) from a child under 13 without verified parental consent, we will delete that information immediately.
Parents and legal guardians have the right to:
To exercise these rights or if you believe a minor's information has been collected without appropriate parental consent, please contact us at trainwithkurtis@duck.com and we will take steps to address your request promptly.
Under the Australian Privacy Principles, you have the right to:
To exercise any of these rights, contact us at trainwithkurtis@duck.com.
We do not currently send marketing emails. If we do in the future, we may send you marketing and promotional communications about our Services where you have consented to receive them, or where we are otherwise permitted to do so under applicable law.
If we send marketing communications, they will use a clear opt-in process (including double opt-in where appropriate) and will include a clear and easy way to opt out of receiving further messages (such as an unsubscribe link). You may also opt out at any time by contacting us at trainwithkurtis@duck.com.
We will action opt-out requests promptly and you will not receive further marketing communications once your request is processed.
If we send marketing emails to US recipients, we will comply with the CAN-SPAM Act. Every marketing email we send will include:
Opt-out requests are processed within 10 business days. After opting out, we will not send you further marketing communications, and we will not sell or transfer your email address to third parties.
We do not currently respond to DNT browser signals. If standards change, we will update this policy accordingly.
We are committed to complying with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) to the extent they apply to us. As a provider of health and fitness coaching services, we handle health information and aim to apply the APPs when collecting, using, disclosing, storing, and securing that information.
If you have a concern about how we have handled your personal information, please contact us first using the details in section 16. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
This section applies to California residents and describes their rights under the California Consumer Privacy Act of 2018 (as amended by the California Privacy Rights Act of 2020).
We may collect the following categories of personal information from California residents:
We collect personal information:
We use personal information for:
We share personal information with:
We do not sell or share personal information for cross-context behavioral advertising.
California residents have the right to:
To exercise any of these rights, contact us at:
We will verify your identity before processing requests. You may designate an authorized agent to make requests on your behalf by providing written authorization.
Response Time: We will respond to verifiable requests within 45 days (may be extended by an additional 45 days if necessary, with notice).
California residents may also request information about personal data shared for direct marketing purposes under California's "Shine The Light" law (Civil Code Section 1798.83) by contacting us at trainwithkurtis@duck.com.
If you are a resident of Virginia, Colorado, Connecticut, Utah, Montana, Oregon, Texas, or another state with a comprehensive privacy law, you may have rights similar to those described for California residents above, including:
To exercise these rights, contact us at trainwithkurtis@duck.com. We will respond within the timeframe required by your state's law.
We may update this privacy notice from time to time. The updated version will be indicated by a new “Last updated” date. We encourage you to review this notice periodically to stay informed about how we protect your information.
If you have questions, comments, or requests regarding this policy, please contact us:
If your concern relates to the handling of a privacy complaint and you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) as described in section 12.