Privacy Policy

1. Introduction

HoldMyWhoop, Inc. ("HoldMyWhoop," "we," "us," or "our"), a Delaware corporation headquartered in San Francisco, California, is committed to protecting the privacy of all individuals who use our wearable proxy services, including Members (those who engage a Holder to wear their device), Holders (the vetted athletes who perform biometric delegation services), and visitors to holdmywhoop.com (the "Site").

This Privacy Policy describes the types of information we collect, how we use and share that information, and the choices available to you regarding our use of your data. By accessing the Site or engaging our biometric delegation services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Information We Collect

We collect the following categories of information in connection with the provision of our wearable proxy services:

2.1 Account Information

When you create a HoldMyWhoop account, we collect your name, email address, phone number, billing address, payment information, and metropolitan area of residence. For Holder applicants, we additionally collect athletic credentials, competitive history, government-issued identification for background verification, and baseline physiological performance metrics.

2.2 Device Calibration Data

Upon device handoff, we collect calibration data from your wearable device including firmware version, sensor configuration, historical data patterns, and device-specific identifiers. This data is essential for our 48-hour calibration protocol, during which your matched Holder normalizes data patterns to ensure seamless biometric continuity between your baseline and the Holder's physiological output.

2.3 Preferred Score Ranges

During onboarding, you provide us with your desired recovery scores, target strain levels, acceptable sleep performance ranges, and any specific biometric goals (collectively, "Score Preferences"). These Score Preferences are used exclusively for Holder matching purposes and to calibrate your Holder's activity regimen. We do not judge your Score Preferences. We are not here to ask questions.

2.4 Lifestyle Narrative Preferences

Premium and Elite Members may provide lifestyle narrative preferences, including preferred workout types, fictional training schedules, dietary claims, and social media posting guidelines. This information is compiled into your personalized Lifestyle Narrative Guide and is stored in encrypted form. We understand the sensitivity of this data and treat it with the same rigor as financial records.

2.5 Device Handoff Logistics

We collect GPS-verified handoff location preferences, scheduling data, tamper-evident biometric pouch tracking numbers, and chain-of-custody documentation associated with device transfers at our network of secure drop points.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To match you with an appropriate Holder based on your Score Preferences, geographic proximity, and strain target compliance requirements
• To facilitate the device handoff protocol, including scheduling secure drop point access and verifying tamper-evident biometric pouch integrity
• To perform the 48-hour device calibration period and normalize biometric data patterns
• To generate weekly performance reports that present your Holder's physiological data as your own
• To compile and deliver your personalized Lifestyle Narrative Guide
• To process payments, administer the Green Score Guarantee, and manage subscription billing
• To activate the Rapid Rematch Protocol in the event of Holder injury, unavailability, or subpar strain output
• To administer the Soft Landing Program for Members who choose to transition back to self-generated biometric data
• To improve our proprietary matching algorithms and expand our wearable proxy service offerings

4. Data Sharing and Disclosure

HoldMyWhoop does not sell, rent, or trade your personal information to third parties for marketing purposes. We take Holder-Member confidentiality extremely seriously. Your data is shared only in the following limited circumstances:

4.1 With Your Matched Holder

Your Score Preferences, strain target compliance requirements, and device calibration data are shared with your matched Holder solely for the purpose of performing biometric delegation services. All Holders operate under a comprehensive non-disclosure agreement (NDA) that prohibits them from disclosing any aspect of the Member-Holder relationship, including but not limited to: the identity of the Member, the existence of the arrangement, the device being worn, or any data generated during active holding periods.

4.2 Service Providers

We engage third-party service providers to assist with payment processing, background check verification, secure drop point facility management, tamper-evident biometric pouch manufacturing, and cloud infrastructure. These service providers are contractually prohibited from using your data for any purpose other than providing services to HoldMyWhoop.

4.3 Legal Requirements

We may disclose your information if required to do so by law, subpoena, or other legal process. In such cases, we will make commercially reasonable efforts to notify you in advance, unless prohibited by law. We want you to know: we have never received a subpoena for biometric delegation records. We are prepared, but we have never needed to be.

5. Biometric Data Handling

HoldMyWhoop recognizes that biometric data is among the most sensitive categories of personal information. Under the Illinois Biometric Information Privacy Act (BIPA), the California Consumer Privacy Act (CCPA), and similar state and international regulations, biometric data is afforded heightened protection.

We acknowledge that our service model creates a unique circumstance in which biometric data generated by one individual (the Holder) is attributed to another individual (the Member). We classify this as "delegated biometric data" and treat it with the following safeguards:

• All delegated biometric data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3
• Biometric data is stored on SOC 2 Type II compliant infrastructure with geographic redundancy
• Access to raw biometric data is restricted to authorized personnel operating under strict biometric discretion protocols
• Delegated biometric data is automatically purged 90 days after account termination or completion of the Soft Landing Program, whichever occurs later
• Members may request a complete export or deletion of all delegated biometric data at any time by contacting privacy@holdmywhoop.com

To be clear: the biometric data displayed on your device is physiologically authentic. It was generated by a real human body performing real physical activity. It is simply not your body, nor your activity. We believe this distinction is important.

6. Cookies and Tracking Technologies

The Site uses cookies and similar tracking technologies to enhance your browsing experience, analyze site traffic, and personalize content. We use the following categories of cookies:

• Strictly Necessary Cookies: Required for core site functionality, including authentication, secure drop point scheduling, and device handoff coordination.
• Performance Cookies: Help us understand how visitors interact with the Site, which pages are most frequently visited, and where users abandon the Holder application form (most commonly at the background check consent step).
• Functional Cookies: Remember your preferences, such as preferred metro area, tier selection, and lifestyle narrative theme.
• Marketing Cookies: Used to deliver relevant advertising. We do not serve ads that reference biometric delegation, wearable proxy services, or anything that could compromise your arrangement. Our retargeting campaigns are designed to be indistinguishable from general fitness content.

You may manage your cookie preferences at any time through the Cookie Preferences link in our footer or through your browser settings.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide our wearable proxy services. Specific retention periods are as follows:

• Account information: Duration of active membership plus 3 years
• Score Preferences and Lifestyle Narrative Guides: Duration of active membership plus 1 year, or completion of the Soft Landing Program, whichever is later
• Device handoff records and chain-of-custody logs: 7 years (in compliance with applicable record-keeping requirements)
• Delegated biometric data: 90 days after account termination
• Holder NDAs: Indefinite, as they survive termination
• Tamper-evident biometric pouch tracking records: 2 years after last use

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Right to Access: You may request a copy of all personal information we hold about you, including your Score Preferences, Lifestyle Narrative Guide, and delegated biometric data history.
• Right to Correction: You may request correction of any inaccurate personal information. Please note that correcting your Score Preferences may trigger a Holder reassignment or recalibration period.
• Right to Deletion: You may request deletion of your personal information, subject to our retention obligations. Deletion of your account will initiate the device return protocol and may activate the Soft Landing Program at your election.
• Right to Portability: You may request your data in a machine-readable format. We note that porting delegated biometric data to another wearable proxy service provider is technically possible but socially inadvisable.
• Right to Object: You may object to certain processing activities. However, objecting to the processing of delegated biometric data will effectively render our core service inoperable.

To exercise any of these rights, please contact us at privacy@holdmywhoop.com. We will respond within 30 days, or sooner if your request involves an active Holder arrangement that requires immediate attention.

9. Security

We implement industry-standard security measures to protect your information, including but not limited to: encryption at rest and in transit, multi-factor authentication, role-based access controls, regular penetration testing, and employee security training that includes specific modules on biometric discretion and recovery score manipulation prevention.

Our physical security measures include tamper-evident biometric pouches for all device handoffs, GPS-verified secure drop points with 24/7 surveillance, and chain-of-custody documentation for every device transfer. Elite tier devices are transported in climate-controlled pouches to preserve sensor integrity.

No method of transmission or storage is 100% secure. However, we can confirm that in three years of operation, we have experienced zero data breaches, zero unauthorized disclosures of Member-Holder relationships, and zero instances of a Holder being publicly identified while wearing a Member's device. We intend to maintain this record.

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If you are a parent or guardian and believe your child has provided us with personal information or attempted to engage a Holder, please contact us immediately at privacy@holdmywhoop.com. We will promptly delete such information and cancel any pending Holder matches.

11. International Data Transfers

HoldMyWhoop currently operates exclusively within the United States. However, as we evaluate international expansion, we want our users to know that any cross-border transfer of delegated biometric data will be conducted in compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR). International Holders would be subject to the same NDA, biometric discretion, and strain target compliance requirements as domestic Holders. The Covert Wear Program is available in all jurisdictions where we operate and is designed to comply with local laws regarding wearable device usage in professional and amateur athletic contexts.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or service offerings. We will notify you of any material changes by posting the updated policy on the Site with a revised "Last updated" date. For changes that materially affect the handling of delegated biometric data or Holder-Member confidentiality obligations, we will provide at least 30 days' advance notice via email.

We encourage you to review this Privacy Policy periodically. Your continued use of our services after any changes constitutes your acceptance of the revised policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: