Crimpd Privacy Notice

This is the Privacy Notice for Crimpd, Inc. (“Crimpd”, “us”, or “we”) describes how Crimpd collects and treats information when you visit www.crimpd.com and our other websites and online channels (collectively, the “Site”), use our mobile application (the “App”), use other products or services we offer, and through your interactions with Crimpd by any means (collectively, our “Services”). We encourage you to read this Privacy Notice carefully to understand how we collect and use your information. This Privacy Notice is governed by our Terms of Use, and any terms we use in this Privacy Notice without defining them have the definitions given to them in the Terms of Use.

If you have questions about our privacy practices or would like to make a complaint, please contact us at support@crimpd.com.

1. Consent

Your use of our Services is conditioned on your consent to this Privacy Notice and your agreement to our Terms of Use. BY ACCESSING OR USING OUR SERVICES, YOU ACCEPT AND CONSENT TO THIS PRIVACY NOTICE AND OUR TERMS OF USE. If you do not agree with this Privacy Notice, do not use our Services. We may provide additional, separate notices about our privacy practices, each of which will be considered to form part of this Privacy Notice.

Note that this Privacy Notice DOES NOT apply to information collected via a third-party website or platform, such as Lattice Training websites or applications. Crimpd has no control over third-party privacy practices.

2. PERSONAL INFORMATION

As used in this Privacy Notice, “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal Information is typically referenced within categories, such as:

• Identifiers (e.g., name, email, telephone number, address, username);
• Sensitive Personal Information (e.g., government identification number; precise geolocation; racial or ethnic origin; religious beliefs; health information; contents of messages when we are not the recipient; in some cases, information about a known child);
• Legally protected information (e.g., race, citizenship, marital status, sex);
• Employment-related information (e.g., your current or past employment);
• Non-public educational information, including information protected under the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g, 34 C.F.R. Part 99);
• Biometrics (e.g., DNA, face/voice prints, health data) and audio, electronic, visual, thermal, or olfactory information;
• Commercial information (e.g., products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies);
• Internet or other similar activity (e.g., browsing history; content interactions); and
• Inferences drawn from Personal Information to create a profile about preferences, characteristics, trends, predispositions, behavior, attitudes, intelligence, and aptitudes.

Note that information may not be protected by privacy laws if it is: (i) publicly available (ii) aggregated, meaning data about a group or category of services or users from which individual identities and other Personal Information has been removed; or (iii) deidentified so that it cannot be easily linked back to the individual.

3. CATEGORIES AND SOURCES OF PERSONAL INFORMATION

Crimpd collects Personal Information as a controller (i) with your consent as informed by this Privacy Notice and freely given at the time you provide the information; (ii) if we have a legitimate interest in doing so; or (iii) as authorized or required by law.

During the preceding 12 months, Crimpd has collected identifiers, legally protected information, biometrics, and internet and similar activity. We only collect, use, retain, and disclose Personal Information as reasonably necessary and proportionate to achieve our purposes, or for other purposes that we disclose to you and are compatible with the context of how we collected the Personal Information.

Crimpd collects Personal Information from the sources and for the purposes described below:

1. Your registration and use of the App, with your consent. To use the App, you must download the App and complete your Climber Profile by providing identifiers including your email address and a password. You then have the option to submit additional details about yourself, which may include protected personal information like your age and gender, and biometrics like your height and weight. When you use the App, you can input Climbing Settings like max sport grade and max boulder grade, as well as your training goals, workouts (including date, time, and location), climbs, and post-workout responses. We collect this information from you with your consent, and we use it to administer your App account and to offer you recommend App content.
2. Your interactions with Crimpd online, with your consent. If you interact with Crimpd via social media or if you contact us in any way, we will collect identifiers like your name and email address, along with any other Personal Information that you choose to include in your communication to us. We use this Personal Information to respond to your inquiries and to send you marketing messages, including targeted ads, in accordance with your stated communication preferences.
3. Your use of the App or the Site, with a legitimate interest. Crimpd may automatically collect technical data about your use of the App or interactions through the Site, such as your (i) geolocation and device network information when using the App; (ii) search queries; (iii) usage details like the content, features, or resources you access and use; and (iv) stored information (e.g., metadata). Crimpd uses analytics cookies provided by Amplitude, DataDog, and Google Analytics to track and analyze the use of the App and our other Services. You can disable all of our cookies automatically by updating settings on the Site cookie consent form or by setting the Do Not Track header on your browser.

In addition to the specific uses described above, Crimpd may use your Personal Information to (i) protect your privacy and the privacy of others; (ii) comply with a law, regulation, legal process, or order; (iii) monitor your compliance with this Privacy Notice and your agreements with us; (iv) if we believe it is necessary, to identify, contact or bring legal action against persons or entities who may be causing injury to you, to Crimpd, or to others; or (v) for any other purpose with your consent.

Crimpd will not collect additional categories of Personal Information or use your Personal Information for purposes that are incompatible with the purpose stated at the time of collection without first notifying you by updating this Privacy Notice or through other means.

4. Children's Privacy

Crimpd recognizes the need to provide additional privacy protections for children. We do not knowingly collect Personal Information from children under the age of 18. If we discover that a child has provided us with Personal Information without legal guardian consent, we will delete their information from our systems. Please contact support@crimpd.com if you believe we might have collected a child’s information online without legal guardian consent.

5. RETENTION OF PERSONAL INFORMATION

Crimpd retains Personal Information collected as part of your use of the App as long as your account remains active. When you delete your user account, your Personal Information will be immediately de-associated with the account and deleted. We may keep a record of your account deletion and system logs for up to 30 days following your deletion of an account. We may also retain geolocation data collected from your use of the Services in order to continue to improve the Services, but this data cannot be viewed by other users and will be de-associated with your name and other identifiers. Crimpd reserves the right to retain data from closed and deleted user accounts as needed to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations, enforce our terms and conditions, and take other actions permitted by law. All data is only retained while it is necessary and relevant to our operations, after which the data is de-identified and/or securely deleted.

6. DISCLOSURE OF PERSONAL INFORMATION

1. Categories of Personal Information Disclosed Crimpd will only disclose your Personal Information with your permission, as described in this section, or as required by law. In the preceding 12 months, Crimpd has disclosed identifiers, legally protected information, biometrics, and internet and similar activity to third parties for a business purpose. We will not disclose Personal Information to third parties except as described in this section or with your consent. Crimpd will be responsible for all onward transfers of Personal Information to our subcontractors and other disclosure recipients.
2. Disclosure Limitations Before disclosing any Personal Information, Crimpd will obtain assurances from the recipient that the recipient will only use the Personal Information to assist us in providing the Services and will provide at least the same level of protection for Personal Information as Crimpd promises by this Privacy Notice and in compliance with Data Privacy Framework Principles. All recipients of disclosed Personal Information are required to notify Crimpd if the recipient becomes unable to provide these protections. Upon notice of, or if we learn of any unauthorized processing of disclosed Personal Information, Crimpd will act promptly to discontinue and remediate the processing.
3. Recipients of Disclosed Personal Information Crimpd may disclose Personal Information to the following recipients, subject to Data Privacy Framework Principles and the above limitations:
   1. Lattice Training. Crimpd has an agreement withLattice Training to provide you with access to training plans, performance coaching, and related services through our App. Any Personal Information you input to the App may be disclosed to Lattice Training for the purpose of providing you with your subscribed-to Lattice Training services. Your use of Lattice Training is governed by Lattice Training’sPrivacy PolicyandTerms of Service. Crimpd does not control and is not responsible for the privacy practices of Lattice Training or any other third parties. Please direct any questions about these policies and practices to Lattice Training.
   2. Our Service Providers. Crimpd uses service providers like data analytics companies, payment processors, and email and data hosting providers. We may need to disclose your Personal Information to our service providers so they can perform their contractual obligations to us. Our service providers are subject to contractual agreements that protect your Personal Information, and we require all service providers to maintain confidentiality standards that are commercially reasonable to ensure the security of your Personal Information. The type of information that we provide to a Service Provider will depend on the service that they provide to us.
   3. Law Enforcement. We reserve the right to disclose your Personal Information to law enforcement or other government agencies as permitted or required by law.
   4. Other Third Parties. Crimpd may disclose your Personal Information to other third parties in certain circumstances as permitted by applicable law, for example: (i) if we go through a business transition (e.g., merger, acquisition, or sale of a portion of our assets); (ii) to comply with a legal requirement or a court order; (iii) when we believe it is appropriate in order to take action regarding illegal activities or prevent fraud or harm to any person; (iv) to exercise or defend our legal claims; or (v) for any other reason with your consent.
   5. Aggregated and Deidentified Information. Crimpd reserves the right to disclose aggregated, anonymized, or de-identified information about any individuals with nonaffiliated entities for research, marketing, or other purposes, without restriction.

7. CONTROLLING YOUR PRIVACY

This section describes your methods and options to directly control how we collect and use your Personal Information.

1. Your Crimpd Account. You have access to and control over your App account profile and the data collected from your use of the App at all times. You can make changes to your profile, download your Personal Information and other data, or delete your account data at any time by signing into your account and making those selections. If you would like assistance deleting and deactivating your account, please contact support@crimpd.com. Once deactivated, your account data cannot be reinstated.
2. Email Communications. If you provide us with your email address, we may send you informational or support emails or, if you opt-in, marketing emails about the Services. If you do not wish to receive these emails, you can change your preferences via the links provided in the emails or by sending a request to support@crimpd.com to be removed from our email list. Please note, however, you cannot opt out of emails relating to your account for the App, transactions you initiate, or changes to our Terms of Use, this Privacy Notice, or other policies or notices that may affect your access to and use of the Services.
3. Do Not Track. Do Not Track signals are signals sent through a browser informing us that you do not want to be tracked. Our systems are not set up to recognize browser “do-not-track” requests.
4. Privacy Requests.

   Depending on where you reside, you may be entitled to additional controls over your Personal Information. If you wish to exercise your privacy rights beyond the methods described above, or if you want to express concerns, lodge a complaint, or request information, please submit a request via our Privacy Request by email to support@crimpd.com.
   
   We can only legally fulfill a Privacy Request when we have sufficient information to verify that the requester is the person or an authorized representative of the person about whom we have collected Personal Information, and to properly understand, evaluate, and respond to the request. We do not charge a fee to process or respond to a verifiable request unless we have legal grounds to do so, such as requests that are excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
   
   We endeavor to respond to privacy requests in accordance with the requirements of the law applicable to your jurisdiction. If we do not fulfill your request within the legally required timeline, you can appeal our response by contacting support@crimpd.com.

8. NOTICE OF PRIVACY RIGHT

This section provides informational notices pursuant to consumer privacy laws that require companies to inform consumers about their privacy rights, such as the European Union’s General Data Protection Regulations and its counterpart in the United Kingdom, Canada’s Personal Information Protection and Electronic Documents Act and Québec’s provincial privacy law, and U.S. privacy laws such as the California Consumer Privacy Act and other state laws providing privacy rights to consumers. Some or all the protections afforded under these laws may not apply to Crimpd or your use of the Services. Crimpd will support your exercise of privacy rights to the extent a consumer privacy law applies to your use of our Services, subject to statutory exceptions and limitations.

Please note that, as a small business, Crimpd is currently exempt from certain U.S. state privacy laws. Even so, Crimpd provides you with methods to exercise many of these rights by following the instructions in Section 7. Please contact support@crimpd.com if you have any questions.

Depending on where you live, you may have some or all of the following privacy rights:

1. Right to know. You have the right to know how we collect and process your Personal Information. Crimpd provides the required information for a consumer’s right to know in this Privacy Notice. We may provide you with additional notices about other ways we process your Personal Information, such as by sending you a notice via email or posting information in the App.
2. Right to reasonable expectations. You expect us to collect, use or disclose Personal Information responsibly and not for any purpose other than which you consented. We set your expectations in this Privacy Notice, and we collect legally required consent at various stages of our interactions with you. If we collect or use your Personal Information based on your consent, we will also notify you of any changes and will request your further consent as required by law. You may withdraw your consent at any time with reasonable notice by contacting support@crimpd.com.
3. Right to accuracy, and the right to correct your Personal Information.You have the right to the accuracy of your Personal Information and the right to request that we correct inaccurate Personal Information about you on our systems. You can correct or update your Personal Information held by Crimpd by contacting support@crimpd.com. We will update our records to reflect your accurate information.
4. Right to access your Personal Information.You have the right to request confirmation that we have collected Personal Information about you and that we provide you with access to that Personal Information. If you submit an access request, we will provide you with copies of the requested pieces of Personal Information in a portable and readily usable format. Please note that certain laws may prohibit Crimpd from disclosing specific pieces of Personal Information, and we may be limited in the number or frequency of requests we must fulfill.
5. Right to deletion.You have the right to request that we delete or dispose of your Personal Information processed on our systems, with certain exceptions. Upon your request and when required by law, we will delete your Personal Information from our systems. This right is not absolute, and we may be entitled to retain and process your Personal Information despite your request. If you make this request, we balance certain legal, contractual, and business interests against your right to request the deletion of your Personal Information.
6. Right to data portability.In some cases, we are required to provide your Personal Information to another organization at your request and in a structured, commonly used machine-readable format, so that the other organization can read and use it.
7. No selling or sharing Personal Information.Some jurisdictions entitle consumers to opt out of the sale or sharing of their Personal Information or targeted advertising practices. Crimpd does not sell your Personal Information or share your Personal Information with third parties for cross-contextual behavioral advertising purposes. If this changes in the future, we will update this Privacy Notice and provide you with a method to opt out of such sale or sharing.
8. Limited use and disclosure of sensitive Personal Information.Crimpd does not collect sensitive Personal Information, and in no case will Crimpd use or disclose sensitive Personal Information for the purpose of inferring characteristics about a consumer.
9. Right to non-discrimination. If you reside in a jurisdiction that extends a right to non-discrimination related to the exercise of privacy rights, we will not (i) deny you goods or services, (ii) charge you different prices or rates for goods or services, (iii) provide you a different level or quality of goods or services, (iv) retaliate against you as an employee, applicant for employment, or independent contractor; or (v) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services, because you exercised your statutory right unless permitted by law.
10. Right to disclosure.You may request that we provide you with certain details about our collection and use of your Personal Information, such as: (a) the categories of Personal Information we have collected about you; (b) the categories of sources for the Personal Information we have collected about you; (c) categories of our team members who have access to your Personal Information and Crimpd’s business purpose for collecting, using, processing, sharing or selling that Personal Information, as applicable; (d) the categories of third parties with whom we share that Personal Information; and (e) if we sold or shared your Personal Information under the CCPA or a privacy law with similar provisions, two separate lists stating: (i) sales or sharing, identifying the Personal Information categories that each category of recipient purchased; and (ii) disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained. Certain laws may limit the number or frequency of requests we must fulfill.
11. Right to not be subject to automated decision-making and the right to opt out of profiling.You have the right to opt-out of automated decision-making or profiling. Crimpd does not use automated decision-making or any form of automated processing of Personal Information to evaluate, analyze, or predict your performance, preferences, choices, or behavior.
12. Right to restrict processing.You may have the right to request that we restrict the processing of your Personal Information if (i) the data is inaccurate, (ii) the processing is unlawful, (iii) we no longer need the Personal Information, or (iv) you exercise your right to object. Your right to restrict may be limited to Personal Information that is sensitive in nature, or that is sold or shared for certain purposes.
13. Right to object.You may have the right to request, under certain circumstances and where we are required to do so by law, that we limit our processing of your Personal Information as you request.
14. Right to disclosure of marketing information.If you are a resident of the State of California, California’s Shine the Light Act (Civil Code sections 1798.83-1798.84) entitles California consumers to request certain disclosures regarding Personal Information sharing with affiliates and/or third parties for marketing purposes.
15. Health Data Rights.Crimpd does not collect any health data. Some laws entitle consumers to certain details about health data collected about them, including (i) confirmation of whether the entity collects, shares, or sells the consumer’s health data and access that data, including a list of all third parties and affiliates with whom the entity has shared or sold the health data and a method to contact those third parties, (ii) a method to withdraw consent related to use of health data, and (iii) the right to have their health data be deleted.

9. CONSENT TO CROSS-BORDER DATA TRANSFERS

Crimpd owns and operates the Services in the United States. When transferring Personal Information across jurisdictional borders, we take measures to comply with applicable data protection laws related to such transfer. When your information is moved from your home country to another country, the laws and rules that protect your Personal Information in the country to which your information is transferred may be different from those of the country where you live. For example, if your information is transferred to the United States, it may be accessed by government authorities under United States law.

When a transfer of Personal Information requires a lawful data transfer mechanism, Crimpd relies on one or more of the following mechanisms:

1. Transfer to countries or recipients that are legally recognized as having an adequate level of protection for Personal Information.
2. Transfer under Data Privacy Framework, as detailed in our Data Privacy Framework Notice.
3. EU Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Addendum issued by the Information Commissioner’s Office.

Crimpd engages in cross-border data transfer on the legal basis that it is necessary to provide you with the Services you have requested. However, we do not warrant that our Services are appropriate or authorized for use in any other jurisdictions. Each user of our Services is solely responsible for determining whether their use of the Services complies with applicable laws.

By allowing us to collect Personal Information about you, you consent to the transfer and processing of your Personal Information as described in this paragraph.

10. DATA SECURITY

Crimpd is committed to safeguarding the Personal Information entrusted to our company. We have implemented and we maintain reasonable and appropriate security measures to help protect your Personal Information in our possession from unauthorized access, processing, alteration, or disclosure. We use a combination of technical and organizational measures, procedures, and standards to govern Personal Information processing and to safeguard the data in our possession. For example, Crimpd encrypts data using industry-standard Transport Layer Security (TLS) technology and stored on secure cloud servers. The Services are registered with website identification authorities so that your browser can confirm Crimpd's identity before any personally identifiable information is sent. We also engage an industry leader in online security and Services verification to strengthen the security of the Services. Employees and/or contractors who violate our policies are subject to disciplinary action, up to and including termination. Our security measures are implemented to be appropriate to the volume, scope, and nature of the Personal Information processed and designed to meet our duty of care with respect to your Personal Information.

Please note, however, that no transmission of data over the Internet or mobile platforms is 100% secure, and we cannot guarantee that unauthorized third parties will not defeat our security measures or use your Personal Information for improper purposes. The security of your Personal Information also depends on how you use the App. We encourage you to take steps to safeguard your Personal Information by signing off your device after use and keeping your login and password private. We are not responsible for any lost, stolen, or compromised passwords, or for any activity on your account via unauthorized activity.

11. THIRD-PARTY WEBSITES

This Privacy Notice applies only to information collected by Crimpd when you use the App or our other Services. The Services may include links to third-party websites or platforms for your convenience, but we have no ability to control, and we are not responsible for, the privacy and data collection, use, and disclosure practices of third parties. Crimpd is not responsible for the privacy practices of any third party, and your access to and use of third-party websites is governed by the privacy notices of those websites.

12. CHANGES TO THIS PRIVACY NOTICE

We may update this Privacy Notice from time to time. If we make material changes to how we treat your Personal Information, we will post the revised Privacy Notice on this page. The date that this Privacy Notice was last revised is identified at the top of the page. Your continued use of the Services after we make changes is deemed to be your acceptance of those changes. You are responsible for periodically visiting this Privacy Notice to check for any changes.

12. CONTACT CRIMPD

Please submit any questions or requests to support@crimpd.com.

Crimpd's Privacy Officer is Peter Klimek, Chief Technology Officer, and can be reached at support@crimpd.com