Citius Privacy Policy

Privacy Policy for Citius Strength and Conditioning

Effective Date: May 23, 2025

1. Introduction

Citius Strength and Conditioning ("we," "us," or "our") is committed to protecting the privacy and security of the personal information of our athletes and clients ("you," "your"). This Privacy Policy outlines how we collect, use, disclose, store, and protect your personal and sensitive information in connection with our athlete development services, including the use of various assessment technologies and our custom athlete management platform.

By engaging with our services and providing your information, you consent to the practices described in this Privacy Policy.

2. Information We Collect

We collect various types of personal information, including sensitive health and performance data, to provide our specialized athlete development services. This information may be collected directly from you, through physical assessments, or automatically via integrated third-party platforms.

a. Personal Identifiable Information (PII):

  • Contact Information: Name, address, email address, phone number.

  • Demographic Information: Date of birth, gender, sport, position.

  • Emergency Contact Information.

b. Performance and Biometric Data (Sensitive Information): This data is crucial for assessing and improving your athletic performance, tracking progress, and aiding in injury prevention. This includes, but is not limited to:

  • Whoop Data: Recovery scores, strain, sleep performance, HRV (Heart Rate Variability), resting heart rate, respiratory rate.

  • Vald ForceDecks Data: Peak force, Rate of Force Development (RFD), jump height, impulse, landing forces.

  • Vald ForceFrame Data: Isometrics (e.g., hip adduction/abduction strength, shoulder rotation strength).

  • Vald Timing Gates Data: Sprint times, acceleration, split times.

  • Plantiga Gait Data: Ground contact time, pronation/supination angles, load rates, gait symmetry, stride length.

  • Darimotion Data: Movement patterns, joint angles, range of motion, asymmetry indices, functional movement scores.

  • Other Assessment Data: Any additional metrics collected during physical screenings or performance tests.

c. Technical and Usage Data: When you access our online platforms or services, we may collect:

  • IP addresses, browser type, operating system.

  • Usage patterns within our platform (e.g., pages visited, features used).

d. How We Collect Information:

  • Directly from You: Through intake forms, interviews, and direct physical assessments.

  • From Third-Party APIs/Integrations: We integrate with platforms such as Whoop, Vald, Plantiga, and Darimotion to automatically import your performance and health data once you have provided your explicit consent for us to do so.

  • From Coaches/Parents/Guardians: Information necessary for scheduling, communication, or, for minors, consent and health details.

3. How We Use Your Information

Your personal and performance data is used solely for the following purposes:

  • Athlete Assessment & Development: To conduct comprehensive assessments, analyze performance, identify strengths and weaknesses, and track progress over time.

  • Personalized Programming: To design, implement, and adjust individualized training programs, strength and conditioning plans, and rehabilitation protocols.

  • Performance Reporting: To generate detailed, easy-to-understand reports for you, your coaches, or guardians (with your consent) summarizing your performance metrics, trends, and recommendations.

  • Injury Prevention & Management: To identify potential injury risks, monitor recovery, and inform return-to-play decisions.

  • Communication: To communicate with you regarding your training, appointments, progress, and any relevant updates.

  • Internal Research & Analysis: To improve our services, develop new programs, or conduct aggregated, anonymized statistical analysis (where individual identities cannot be determined).

  • Legal Compliance: To comply with legal obligations and regulatory requirements.

We do not sell, rent, or trade your personal information to third parties for marketing or any other purpose.

4. Consent

Your consent is paramount, especially for the collection and use of sensitive performance and health data.

  • Explicit Consent: We will obtain your explicit, informed consent, typically in writing, before collecting sensitive information (such as performance, biometric, or health data). This consent will specify the data collected, the purposes for which it will be used, and to whom it may be disclosed.

  • Minors: For athletes under the age of [e.g., 18 or 16, depending on provincial law and common practice for your services], we will obtain consent from their parent or legal guardian.

  • Withdrawal of Consent: You have the right to withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawing consent may limit our ability to provide certain services.

5. How We Share Your Information

We share your information only under specific circumstances and with appropriate safeguards:

  • With Your Consent: We will share your reports or data with third parties (e.g., your sport coaches, medical professionals, or parents/guardians) only with your explicit consent.

  • Service Providers: We may share information with trusted third-party service providers who assist us in operating our business and providing our services (e.g., cloud hosting providers, database management services, API partners like Whoop/Vald/Plantiga/Darimotion). These providers are contractually obligated to protect your information and use it only for the purposes for which we disclose it to them.

  • Legal Requirements: We may disclose your information if required to do so by law, court order, or governmental authority, or to protect our rights, property, or safety, or the rights, property, or safety of others.

  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction, provided the recipient agrees to protect your information in a manner consistent with this Privacy Policy.

6. Data Storage and Security

  • Secure Storage: Your data is stored on secure, encrypted cloud-based servers and databases managed by reputable cloud providers (e.g., AWS, Google Cloud, DigitalOcean). These providers implement robust physical and technical security measures.

  • Encryption: Data is encrypted both in transit (using technologies like SSL/TLS for all communication) and at rest (data stored in our database is encrypted).

  • Access Control: Access to your personal and performance data is strictly limited to authorized personnel (e.g., Citius Strength and Conditioning staff) who require the information to perform their duties. Access is controlled through strong authentication (including Multi-Factor Authentication) and role-based permissions, ensuring that only necessary individuals can view specific types of data.

  • Secure Coding Practices: Our custom platform is developed with security best practices in mind, including input validation and protection against common web vulnerabilities.

  • Regular Backups: We implement automated, encrypted backups of our database to prevent data loss.

  • No Unsecured Local Storage: Sensitive data is not stored unsecured on local computers or portable devices.

7. Your Rights

Under applicable privacy laws, you have certain rights regarding your personal information:

  • Right to Access: You have the right to request access to the personal information we hold about you.

  • Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal information we hold about you.

  • Right to Withdraw Consent: As noted in Section 4, you can withdraw your consent at any time.

  • Right to Deletion (Right to be Forgotten): You may have the right to request the deletion of your personal information, subject to certain legal obligations or legitimate business purposes for retention.

  • Data Portability (where applicable): In some circumstances, you may have the right to request a copy of your personal data in a structured, commonly used, machine-readable format.

To exercise any of these rights, please contact us using the information provided in Section 11. We will respond to your request in accordance with applicable laws.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for the provision of services, compliance with legal obligations (e.g., tax, audit), and to resolve disputes. When your information is no longer needed, we will securely dispose of it in a manner that prevents unauthorized access.

9. International Data Transfer

  • Your personal information may be stored and processed on servers located outside of Canada, including in the United States, where privacy laws may differ from those in your jurisdiction. By providing your information, you acknowledge and agree to such transfers. We ensure that any such transfers comply with applicable laws and that your data remains protected by appropriate safeguards.

10. Children's Privacy

Our services are generally not directed at children under the age of 12. For athletes who are minors, we explicitly require the consent of a parent or legal guardian for the collection and processing of their personal information, in accordance with Section 4 of this policy.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the revised policy on our website and update the "Effective Date" at the top of the policy. We encourage you to review this policy periodically.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Privacy Officer at:

Citius Strength and Conditioning

privacy@citiusperformance.ca