Privacy
Boltt Privacy Policy
Boltt may update this Privacy Policy from time to time. Updated versions will be published on the website and become effective upon posting. Boltt will provide you with notice of updates to the Terms within 30 days’ with written notice.
1. Introduction and Scope
This Privacy Policy applies to all personal information collected by Boltt (we, us or our) via the website located at https://bolttband.com, the Boltt wearable tracker and associated Boltt athlete application and coaching portal.
Boltt acts as the data controller (or equivalent role under applicable law) of personal data processed in connection with its services.
At Boltt our mission is to give insight to power athletes, but this insight does not need to be shared with everyone. We appreciate your trust in our collection of data to ensure you receive the full optimised Boltt experience.
This Privacy Policy explains:
- Introduction and scope
- Data controller information
- What information we collect
- How we collect this information
- Why we collect this information
- Cross-border transfers of information
- Data security and retention
- User rights and choices
- Complaints and contact information
Boltt processes personal data in accordance with the principles of lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability.
Based in Perth, Australia, this Privacy Policy has been modelled on the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
Where Boltt provides services to individuals located Internationally, in the European Economic Area or United Kingdom, personal data will also be processed in accordance with the General Data Protection Regulation (GDPR) where applicable.
Boltt Data Controller Information
For the purposes of applicable data protection laws, including the GDPR, the data controller responsible for the collection and processing of personal data is:
Boltt Pty Ltd
Perth, Western Australia, Australia
If you have any questions regarding this Privacy Policy or the handling of personal data, you may contact our Privacy Officer at:
info@bolttband.com
Where required under applicable data protection laws, Boltt may appoint a Data Protection Officer responsible for overseeing compliance with data protection obligations and acting as a contact point for supervisory authorities.
2. What Information Do We Collect
Personal Information and Sensitive Information have the meanings given in the Privacy Act 1988 (Cth).
Sensitive Information will only be used by us:
- for the primary purpose for which it was obtained
- for a secondary purpose directly related to the primary purpose
- with your consent or where required or authorised by law
The kind of Personal and Sensitive Information we collect depends on how you use the website, tracker and associated applications.
Where practicable, users may interact with parts of the Boltt website without identifying themselves. However, use of the Boltt device and application requires account registration.
Biometric and physiological data collected by the Boltt device constitute health information and are treated as Sensitive Information. Certain data collected by Boltt, including biometric, physiological and health-related information, may also constitute Special Category Data under the GDPR. Such information will only be processed where explicit consent has been provided or where processing is otherwise permitted under applicable law.
The Personal and Sensitive Information we may collect includes:
Identity Data
Full name, username, date of birth or age, gender, profile photo, email address, phone number, mailing address and account identifiers.
Contact and Account Data
Login credentials, authentication tokens, customer service communications, subscription status and billing contact information.
Financial and Payment Data
Payment card details processed through secure third-party payment providers, billing address and payment history.
Device and Technical Data
Device identifiers, Boltt strap serial number, IP address, operating system version, app version, Bluetooth identifiers, diagnostic logs and cookie identifiers.
Location Data
Approximate location derived from IP address or GPS where enabled.
Usage and Behaviour Data
Application interaction logs, feature usage patterns, navigation behaviour and workout logging activity.
Fitness and Activity Data
Steps, movement patterns, exercise sessions, activity intensity levels, strain score and calorie expenditure.
Biometric Data
Heart rate, resting heart rate, heart rate variability, respiratory rate, blood oxygen saturation, skin temperature and accelerometer data.
Sleep Data
Sleep duration, sleep stages, sleep disturbances, sleep consistency metrics and sleep performance scores.
Health-Related Data
Recovery status, fatigue levels, training load indicators and physiological recovery metrics.
User-Entered Health Information
Height, weight, fitness level, training goals and lifestyle behaviour inputs.
Social and Community Data
Connections, team memberships, rankings and shared workout data.
Communication Data
Customer support communications, feedback and survey responses.
Marketing and Preference Data
Marketing preferences, promotional engagement and referral program participation.
Inferred or Derived Data
Performance analytics, recovery insights and training recommendations generated by Boltt algorithms.
3. How We Collect Information
Boltt collects Personal and Sensitive Information in two primary ways. The following examples provided are indicative not exhaustive of how Boltt collects information.
Direct Collection
Information you provide when you:
- create an account
- complete forms within the website or app
- purchase devices or subscriptions
- communicate with customer support
- participate in surveys or feedback requests
Automatic Collection
Information collected automatically through the operation of the Boltt device and associated services including:
- biometric sensor data recorded by the wearable device
- synchronisation between the tracker and mobile application
- device telemetry and diagnostic information
- cookies or similar tracking technologies
Cookies and Tracking Technologies
Boltt uses cookies and similar technologies to operate the website and application to improve functionality.
Cookies may include:
- essential cookies required for core functionality
- analytics cookies measuring website usage
- functionality cookies storing user preferences
Where required by law, users will be provided with a cookie consent mechanism allowing them to accept or decline non-essential cookies.
Sensitive biometric information is only collected with explicit opt-in consent, which can be withdrawn through account settings.
Boltt will only process personal data where a lawful basis exists, including consent, contractual necessity, legal obligations or legitimate interests.
4. Purposes for Collection, Holding and Use
Boltt processes Personal and Sensitive Information for the following purposes and legal bases.
Service Delivery – Contractual Necessity
To operate the Boltt wearable service, synchronise device data, provide performance insights and manage purchases or subscriptions.
Biometric Performance Analysis – Explicit Consent
Biometric data enables the platform to generate recovery insights, performance scores and training recommendations.
Athlete Coaching and Data Sharing – User Consent
Athletes may voluntarily share selected metrics with coaches or trainers through the Boltt coaching portal. Coaches may become independent controllers of the data once shared, Boltt is not responsible for processing undertaken by third-party coaches once data is shared. Users acknowledge that once data is shared with third parties, those parties are responsible for their own data handling practices.
Product Improvement – Legitimate Interests
Aggregated or de-identified data may be analysed to improve platform functionality and device accuracy.
System Communications – Legitimate Interests
Service notifications including firmware updates and safety communications.
Marketing – Consent
Promotional communications are sent only where consent has been provided.
Algorithm Training and Research – User Consent
De-identified or aggregated data may be used to improve algorithm performance and analytics accuracy.
4.1 Health and Biometric Data Processing
Health and biometric data constitute Sensitive Information and Special Category Data.
Processing occurs only where:
- explicit user consent is provided
- processing is necessary to deliver the core performance tracking service
- processing is otherwise permitted by applicable law
Boltt safeguards biometric data through:
- encryption during transmission and storage
- strict internal access controls
- separation of identifying and analytical data where feasible
- aggregation or de-identification for research and development purposes
Users may withdraw consent for biometric tracking through account settings.
Withdrawal of consent may limit functionality of the Boltt service.
4.2 Automated Processing and Profiling
Boltt may use automated analytics to generate performance insights, recovery scores and training recommendations.
These analytics provide informational insights regarding athletic performance and recovery patterns and are not intended to produce legally significant decisions affecting users.
Where automated analytics are used, users may:
- request access to underlying data used to generate insights
- object to certain processing activities where permitted by law
- withdraw consent for biometric analysis
Users located in jurisdictions governed by the GDPR also have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.
5. Information Disclosure
Boltt may disclose personal information to trusted service providers assisting with:
- cloud infrastructure and secure data storage
- payment processing services
- logistics and device fulfilment
- analytics and infrastructure support
- customer support operations
These service providers act as data processors and are contractually required to:
- process data only on Boltt instructions
- implement appropriate security safeguards
- maintain confidentiality obligations
- assist with data subject rights requests
- delete or return personal data when services conclude
Boltt enters into data processing agreements with relevant providers in accordance with applicable data protection laws.
Boltt does not sell personal information.
Sensitive biometric or health data will never be used for advertising or behavioural marketing.
6. Cross-Border Transfers
Boltt operates globally and may store or process personal information outside Australia.
Personal information may be transferred to service providers located in jurisdictions including the United States, United Kingdom and European Union.
Boltt takes reasonable steps consistent with the Australian Privacy Principles to ensure overseas recipients handle personal information consistently with the Australian Privacy Principles.
Where personal data from the European Economic Area or United Kingdom is transferred internationally, Boltt implements appropriate safeguards including:
- Standard Contractual Clauses approved by the European Commission
- contractual data protection obligations
- other lawful international transfer mechanisms
7. Data Security and Retention
Boltt implements technical and organisational measures to protect personal information from misuse, interference, loss, unauthorised access or disclosure.
Security measures include:
- encryption of data in transit and at rest
- strict access controls and authentication
- monitoring and logging of access to sensitive systems
- internal staff confidentiality and security policies
Retention periods may include:
- account data retained while the user maintains an active account
- transaction records retained to meet financial and tax obligations
- support communications retained for dispute resolution and service improvement
- aggregated or de-identified analytics retained for research and product development
Personal data will not be retained longer than necessary for these purposes.
Where information is no longer required it will be securely deleted, destroyed or permanently de-identified.
8. Data Breach Notification
If Boltt experiences a data breach likely to result in serious harm to individuals, we will comply with the Privacy Amendment (Notifiable Data Breaches) Act 2017.
Where required Boltt will:
- notify affected individuals as soon as practicable
- notify the Office of the Australian Information Commissioner
- provide information regarding the nature of the breach and recommended actions
Where the GDPR applies, Boltt will also notify relevant supervisory authorities without undue delay and, where feasible, within 72 hours of becoming aware of a breach.
9. User Rights and Choices
Users have several rights regarding their personal information.
Access and Correction
Users may request access to their personal information and request corrections where data is inaccurate or outdated.
Deletion
Users may request deletion of their Boltt account and associated personal information subject to legal obligations requiring retention.
Withdrawal of Consent
Consent for biometric tracking, data sharing or marketing communications may be withdrawn at any time.
Data Sharing Controls
Users control whether performance data is shared with coaches, teams or integrations through platform settings.
Children's Privacy
Boltt services are intended for individuals aged 18 years or older unless parental consent is provided.
Where GDPR applies users may also have the right to:
- data portability
- restrict processing
- object to processing based on legitimate interests
lodge complaints with supervisory authorities
10. Complaints and Contact Information
If you have a complaint concerning a possible breach of the Australian Privacy Principles please contact:
info@bolttband.com
Boltt will:
- acknowledge complaints within 7 business days
- investigate the issue and maintain records of findings
- aim to resolve complaints within 30 business days
If unresolved, complaints may be referred to the Office of the Australian Information Commissioner.
Users located internationally may also contact relevant supervisory authorities in their jurisdiction.
Nothing in this agreement excludes, restricts or modifies any rights under the Australian Consumer Law.
11. Precedence
If there is any inconsistency between documents, the following order of precedence applies (highest to lowest):
(a) Service Terms of Use;
(b) Terms of Sale;
(c) Warranty;
(d) Terms of Use;
(e) Privacy Policy (except for data-related matters, where the Privacy Policy prevails).