U.S. State Privacy Notice

This notice applies to residents of U.S. states with comprehensive privacy laws — including California (CCPA/CPRA), Virginia, Colorado, Connecticut, Texas, Oregon and others. It supplements our main Privacy Policy. For consumer health data specifically, see our Consumer Health Data Privacy Policy.

Last updated: 2 June 2026.

1. We do not sell or share your personal information

Brevet does not sell your personal information, and does not share it for cross-context behavioral (targeted) advertising — in the past 12 months or otherwise. We therefore do not offer a "sale" opt-out because there is nothing to opt out of. We also do not use or disclose sensitive personal information for purposes that would trigger the right to limit, beyond providing the service you requested.

Global Privacy Control (GPC): we honor the GPC browser/device signal as a valid opt-out of sale/sharing where applicable.

2. Categories of personal information we collect

CCPA category	Examples	Sold/Shared?
Identifiers	Email, display name, account/device identifiers, IP (rate-limiting only)	No
Customer records	Country, year of birth, sex, avatar	No
Internet/app activity	In-app usage needed to run features (we ship no analytics/advertising trackers)	No
Geolocation	Only the device permission your OS uses to populate workout distance/route; we never collect raw coordinates	No
Sensitive personal information	Health & biometric data (HRV, sleep, weight, VO2max, etc.) — see the Consumer Health Data Privacy Policy	No

3. Sources & purposes

Sources: you (account + entries), your connected health hub (Apple Health / Google Health Connect) and services (Strava) that you authorize, and data we derive. Purposes: to provide and secure the coaching platform, communicate with you, and comply with law. We do not process your data to make decisions that produce legal or similarly significant effects without meaningful human involvement.

4. Who we disclose to

Only service providers / processors under contract, for the purposes above: Google Cloud (Vertex AI in the EU for AI coaching — pseudonymized, not used to train Google's models; and Firebase Cloud Messaging for push), our EU hosting/email providers, and Strava (only when you connect it). None of these are "sales."

5. Your rights

Know / Access the personal information we hold and how we use it;
Delete your personal information;
Correct inaccurate personal information;
Opt out of sale or sharing (not applicable — we do neither);
Limit the use of sensitive personal information (we already limit it to providing the service);
Non-discrimination — we will not deny service or charge you differently for exercising these rights;
Appeal a denied request (reply to our decision email).

6. How to exercise your rights

In the app: export your data, delete your account, and manage consents in Settings.
By email: privacy@brevetcycling.club. We respond within 45 days (extendable once by 45 days). We may verify your identity. An authorized agent may submit a request with your written permission.

7. California "Shine the Light"

We do not disclose personal information to third parties for their own direct-marketing purposes, so no Shine the Light (Cal. Civ. Code § 1798.83) disclosure is required.

Main Privacy Policy · Consumer Health Data Privacy · Back to Brevet Cycling