Privacy

Boltt Privacy Policy

Boltt may update this Privacy Policy from time to time. Updated versions will be published on the website and become effective upon posting. Boltt will provide you with notice of updates to the Terms within 30 days’ with written notice.

1. Introduction and Scope

This Privacy Policy applies to all personal information collected by Boltt (we, us or our) via the website located at https://bolttband.com, the Boltt wearable tracker and associated Boltt athlete application and coaching portal.

Boltt acts as the data controller (or equivalent role under applicable law) of personal data processed in connection with its services.

At Boltt our mission is to give insight to power athletes, but this insight does not need to be shared with everyone. We appreciate your trust in our collection of data to ensure you receive the full optimised Boltt experience.

This Privacy Policy explains:

  • Introduction and scope
  • Data controller information
  • What information we collect
  • How we collect this information
  • Why we collect this information
  • Cross-border transfers of information
  • Data security and retention
  • User rights and choices
  • Complaints and contact information

Boltt processes personal data in accordance with the principles of lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability.

Based in Perth, Australia, this Privacy Policy has been modelled on the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

Where Boltt provides services to individuals located Internationally, in the European Economic Area or United Kingdom, personal data will also be processed in accordance with the General Data Protection Regulation (GDPR) where applicable.

Boltt Data Controller Information

For the purposes of applicable data protection laws, including the GDPR, the data controller responsible for the collection and processing of personal data is:

Boltt Pty Ltd

Perth, Western Australia, Australia

If you have any questions regarding this Privacy Policy or the handling of personal data, you may contact our Privacy Officer at:

info@bolttband.com

Where required under applicable data protection laws, Boltt may appoint a Data Protection Officer responsible for overseeing compliance with data protection obligations and acting as a contact point for supervisory authorities.

2. What Information Do We Collect

Personal Information and Sensitive Information have the meanings given in the Privacy Act 1988 (Cth).

Sensitive Information will only be used by us:

  • for the primary purpose for which it was obtained
  • for a secondary purpose directly related to the primary purpose
  • with your consent or where required or authorised by law

The kind of Personal and Sensitive Information we collect depends on how you use the website, tracker and associated applications.

Where practicable, users may interact with parts of the Boltt website without identifying themselves. However, use of the Boltt device and application requires account registration.

Biometric and physiological data collected by the Boltt device constitute health information and are treated as Sensitive Information. Certain data collected by Boltt, including biometric, physiological and health-related information, may also constitute Special Category Data under the GDPR. Such information will only be processed where explicit consent has been provided or where processing is otherwise permitted under applicable law.

The Personal and Sensitive Information we may collect includes:

Identity Data

Full name, username, date of birth or age, gender, profile photo, email address, phone number, mailing address and account identifiers.

Contact and Account Data

Login credentials, authentication tokens, customer service communications, subscription status and billing contact information.

Financial and Payment Data

Payment card details processed through secure third-party payment providers, billing address and payment history.

Device and Technical Data

Device identifiers, Boltt strap serial number, IP address, operating system version, app version, Bluetooth identifiers, diagnostic logs and cookie identifiers.

Location Data

Approximate location derived from IP address or GPS where enabled.

Usage and Behaviour Data

Application interaction logs, feature usage patterns, navigation behaviour and workout logging activity.

Fitness and Activity Data

Steps, movement patterns, exercise sessions, activity intensity levels, strain score and calorie expenditure.

Biometric Data

Heart rate, resting heart rate, heart rate variability, respiratory rate, blood oxygen saturation, skin temperature and accelerometer data.

Sleep Data

Sleep duration, sleep stages, sleep disturbances, sleep consistency metrics and sleep performance scores.

Health-Related Data

Recovery status, fatigue levels, training load indicators and physiological recovery metrics.

User-Entered Health Information

Height, weight, fitness level, training goals and lifestyle behaviour inputs.

Social and Community Data

Connections, team memberships, rankings and shared workout data.

Communication Data

Customer support communications, feedback and survey responses.

Marketing and Preference Data

Marketing preferences, promotional engagement and referral program participation.

Inferred or Derived Data

Performance analytics, recovery insights and training recommendations generated by Boltt algorithms.

3. How We Collect Information

Boltt collects Personal and Sensitive Information in two primary ways. The following examples provided are indicative not exhaustive of how Boltt collects information.

Direct Collection

Information you provide when you:

  • create an account
  • complete forms within the website or app
  • purchase devices or subscriptions
  • communicate with customer support
  • participate in surveys or feedback requests

Automatic Collection

Information collected automatically through the operation of the Boltt device and associated services including:

  • biometric sensor data recorded by the wearable device
  • synchronisation between the tracker and mobile application
  • device telemetry and diagnostic information
  • cookies or similar tracking technologies

Cookies and Tracking Technologies

Boltt uses cookies and similar technologies to operate the website and application to improve functionality.

Cookies may include:

  • essential cookies required for core functionality
  • analytics cookies measuring website usage
  • functionality cookies storing user preferences

Where required by law, users will be provided with a cookie consent mechanism allowing them to accept or decline non-essential cookies.

Sensitive biometric information is only collected with explicit opt-in consent, which can be withdrawn through account settings.

Boltt will only process personal data where a lawful basis exists, including consent, contractual necessity, legal obligations or legitimate interests.

4. Purposes for Collection, Holding and Use

Boltt processes Personal and Sensitive Information for the following purposes and legal bases.

Service Delivery – Contractual Necessity

To operate the Boltt wearable service, synchronise device data, provide performance insights and manage purchases or subscriptions.

Biometric Performance Analysis – Explicit Consent

Biometric data enables the platform to generate recovery insights, performance scores and training recommendations.

Athlete Coaching and Data Sharing – User Consent

Athletes may voluntarily share selected metrics with coaches or trainers through the Boltt coaching portal. Coaches may become independent controllers of the data once shared, Boltt is not responsible for processing undertaken by third-party coaches once data is shared. Users acknowledge that once data is shared with third parties, those parties are responsible for their own data handling practices.

Product Improvement – Legitimate Interests

Aggregated or de-identified data may be analysed to improve platform functionality and device accuracy.

System Communications – Legitimate Interests

Service notifications including firmware updates and safety communications.

Marketing – Consent

Promotional communications are sent only where consent has been provided.

Algorithm Training and Research – User Consent

De-identified or aggregated data may be used to improve algorithm performance and analytics accuracy.

4.1 Health and Biometric Data Processing

Health and biometric data constitute Sensitive Information and Special Category Data.

Processing occurs only where:

  • explicit user consent is provided
  • processing is necessary to deliver the core performance tracking service
  • processing is otherwise permitted by applicable law

Boltt safeguards biometric data through:

  • encryption during transmission and storage
  • strict internal access controls
  • separation of identifying and analytical data where feasible
  • aggregation or de-identification for research and development purposes

Users may withdraw consent for biometric tracking through account settings.

Withdrawal of consent may limit functionality of the Boltt service.

4.2 Automated Processing and Profiling

Boltt may use automated analytics to generate performance insights, recovery scores and training recommendations.

These analytics provide informational insights regarding athletic performance and recovery patterns and are not intended to produce legally significant decisions affecting users.

Where automated analytics are used, users may:

  • request access to underlying data used to generate insights
  • object to certain processing activities where permitted by law
  • withdraw consent for biometric analysis

Users located in jurisdictions governed by the GDPR also have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

5. Information Disclosure

Boltt may disclose personal information to trusted service providers assisting with:

  • cloud infrastructure and secure data storage
  • payment processing services
  • logistics and device fulfilment
  • analytics and infrastructure support
  • customer support operations

These service providers act as data processors and are contractually required to:

  • process data only on Boltt instructions
  • implement appropriate security safeguards
  • maintain confidentiality obligations
  • assist with data subject rights requests
  • delete or return personal data when services conclude

Boltt enters into data processing agreements with relevant providers in accordance with applicable data protection laws.

Boltt does not sell personal information.

Sensitive biometric or health data will never be used for advertising or behavioural marketing.

6. Cross-Border Transfers

Boltt operates globally and may store or process personal information outside Australia.

Personal information may be transferred to service providers located in jurisdictions including the United States, United Kingdom and European Union.

Boltt takes reasonable steps consistent with the Australian Privacy Principles to ensure overseas recipients handle personal information consistently with the Australian Privacy Principles.

Where personal data from the European Economic Area or United Kingdom is transferred internationally, Boltt implements appropriate safeguards including:

  • Standard Contractual Clauses approved by the European Commission
  • contractual data protection obligations
  • other lawful international transfer mechanisms

7. Data Security and Retention

Boltt implements technical and organisational measures to protect personal information from misuse, interference, loss, unauthorised access or disclosure.

Security measures include:

  • encryption of data in transit and at rest
  • strict access controls and authentication
  • monitoring and logging of access to sensitive systems
  • internal staff confidentiality and security policies

Retention periods may include:

  • account data retained while the user maintains an active account
  • transaction records retained to meet financial and tax obligations
  • support communications retained for dispute resolution and service improvement
  • aggregated or de-identified analytics retained for research and product development

Personal data will not be retained longer than necessary for these purposes.

Where information is no longer required it will be securely deleted, destroyed or permanently de-identified.

8. Data Breach Notification

If Boltt experiences a data breach likely to result in serious harm to individuals, we will comply with the Privacy Amendment (Notifiable Data Breaches) Act 2017.

Where required Boltt will:

  • notify affected individuals as soon as practicable
  • notify the Office of the Australian Information Commissioner
  • provide information regarding the nature of the breach and recommended actions

Where the GDPR applies, Boltt will also notify relevant supervisory authorities without undue delay and, where feasible, within 72 hours of becoming aware of a breach.

9. User Rights and Choices

Users have several rights regarding their personal information.

Access and Correction

Users may request access to their personal information and request corrections where data is inaccurate or outdated.

Deletion

Users may request deletion of their Boltt account and associated personal information subject to legal obligations requiring retention.

Withdrawal of Consent

Consent for biometric tracking, data sharing or marketing communications may be withdrawn at any time.

Data Sharing Controls

Users control whether performance data is shared with coaches, teams or integrations through platform settings.

Children's Privacy

Boltt services are intended for individuals aged 18 years or older unless parental consent is provided.

Where GDPR applies users may also have the right to:

  • data portability
  • restrict processing
  • object to processing based on legitimate interests

lodge complaints with supervisory authorities

10. Complaints and Contact Information

If you have a complaint concerning a possible breach of the Australian Privacy Principles please contact:

info@bolttband.com

Boltt will:

  • acknowledge complaints within 7 business days
  • investigate the issue and maintain records of findings
  • aim to resolve complaints within 30 business days

If unresolved, complaints may be referred to the Office of the Australian Information Commissioner.

Users located internationally may also contact relevant supervisory authorities in their jurisdiction.

Nothing in this agreement excludes, restricts or modifies any rights under the Australian Consumer Law.

11. Precedence

If there is any inconsistency between documents, the following order of precedence applies (highest to lowest):

(a) Service Terms of Use;

(b) Terms of Sale;

(c) Warranty;

(d) Terms of Use;

(e) Privacy Policy (except for data-related matters, where the Privacy Policy prevails).