Skip to main content
Back to Home
Compliance : Data Security

Privacy Policy

TL;DR: The Short Version

We collect your data to ship your supplements and calculate your performance plans. We use Google Cloud / Firebase for secure storage and Stripe for encrypted payments. If you choose to connect Strava, we receive only the training-activity data needed to compute your measured sweat rate. We do not sell your data. You can disconnect, delete, or opt-out at any time.

PRIVACY STATEMENT

Last updated: May 18, 2026

Notice at Collection

IdentifiersName, Email, IP, Shipping Address
Physiological DataBody weight, training volume (for plans)
Financial DataEncrypted tokens via Stripe
Retention3 years post-active transaction

SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?

When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.

When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.

SECTION 2 - CONSENT

How do you get my consent?

When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.

If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.

How do I withdraw my consent?

If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at support@beetrootpro.com.

SECTION 3 - DISCLOSURE

We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.

SECTION 4 - INFRASTRUCTURE & DATA STORAGE

Our platform is built on Google Cloud and Firebase. They provide us with the secure, high-performance hosting, database infrastructure, and authentication services that allow us to deliver your performance plans and manage your orders.

Your data is stored within encrypted Firebase Firestore instances and authenticated via Firebase Auth. These services utilize industry-standard security protocols, including encryption-at-rest and multi-region redundancy.

Payment Processing:

Payment transactions are processed via Stripe. We do not store your raw credit card data on our servers. Stripe is PCI-DSS Level 1 certified and handles all card-data encryption. Your purchase transaction data is stored by Stripe only as long as is necessary to complete your purchase transaction and meet legal/audit retention obligations.

SECTION 4A - THIRD-PARTY DATA INTEGRATIONS

Race Lab Pro features can optionally connect to third-party fitness platforms to derive a measured sweat rate from your real training data. Connection is always opt-in, you can disconnect at any time, and we never post anything back to these platforms.

Strava (live)

When you click Connect with Strava, you authorize Beetroot Pro to read the following data from your Strava account via the Strava API v3:

  • Your public and private profile information (name, sex, weight, FTP) under the profile:read_all scope
  • Your activity history including private activities (distance, duration, heart rate, power, temperature, cadence, calories, GPS metadata) under the activity:read_all scope

We use this data exclusively to (a) infer your per-session sweat rate from each activity's actual temperature and intensity, and (b) compute an aggregated measured sweat rate that pre-fills the Race Lab Pro sodium calculator. We do not share Strava data with other athletes, do not display it publicly, and do not use it for marketing or advertising.

Retention: activity data is purged within 24 hours of disconnection. If you click Disconnect Strava on /account/strava, we (1) call Strava's deauthorization endpoint to revoke our access tokens, (2) mark your local connection as disconnected, and (3) clear the activity subcollection on a scheduled basis. Disconnect also fires automatically if you revoke access from within Strava's settings.

Strava is identified as a sub-processor in this policy. Your Strava data remains subject to Strava's own privacy policy at strava.com/legal/privacy.

Garmin (planned)

We are evaluating a Garmin Connect integration that would provide the same measured-sweat-rate inference for athletes who train with Garmin devices but do not sync to Strava. If we ship Garmin Connect support, the same opt-in, opt-out, and retention rules will apply. This policy will be updated and you will receive an email notification before any Garmin data is ingested.

If you are a coach using the Race Lab Coach tier ($29/month), your athletes grant you read-only access via an explicit consent screen. You see the same aggregated sweat rate, race plans, and post-race feedback they see; you do not see raw activity-level data. Athletes can revoke your access at any time from their /account/coaches page; revocation takes effect immediately.

SECTION 5 - YOUR 2026 PRIVACY RIGHTS (CCPA/GDPR/VCDPA)

As of 2026, you have the following expanded rights regarding your personal information:

  • Right to Know & Access: You may request a report of all data collected since January 1, 2022.
  • Right to Deletion: You may request that we purge all non-transactional data from our systems.
  • Right to Opt-Out of ADMT: You may opt-out of "Automated Decision-Making Technology" used for performance plan generation or personalized pricing.
  • Right to Correction: You may correct inaccurate physiological data in your profile.

To exercise these rights, please email privacy@902sports.com with the subject line "Data Rights Request."

SECTION 6 - SECURITY

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

All sensitive data is encrypted using 256-bit AES encryption and transmitted via TLS 1.3 secure socket layers.

SECTION 7 - AGE OF CONSENT & RESTRICTIONS

By using this site, you represent that you are at least the age of majority in your state or province of residence. Furthermore, as per 2026 regulations in specific jurisdictions (including NY, NJ, and MI), you must be 18 years or older to purchase products marketed for athletic performance or muscle building.

QUESTIONS AND CONTACT INFORMATION

If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at support@beetrootpro.com or by mail:

Beetroot Pro® and Endurance360® Official Site
[Re: Privacy Compliance Officer]
829 W 25 N Clearfield UT 84015