Privacy Policy

Last updated: February 2, 2026

This Privacy Policy describes how Pump Science Inc, a Delaware corporation ("Pump Science," "we," or "us"), collects, uses, and protects personal information in connection with your use of the Pump Science platform, including services provided for our partner brands, and any associated services or tools (the "Services").

We act as the data controller for any personal data collected through the Services. By accessing or using the Services, you acknowledge and accept the practices described in this Privacy Policy.

1. Information We Collect

We currently collect only the minimum necessary data to operate and improve our Services. This includes:

  • Your IP address
  • Your referring URL (the web address you came from)
  • Actions you take on the application (e.g., page views, button clicks)
  • Cookie data used to track app interactions and improve user experience
  • Your Solana wallet address used to interact with the Services
  • If you choose to connect a WHOOP account, WHOOP-provided fitness and recovery data you explicitly authorize us to access (for example: profile, recovery, sleep, workouts, cycles/strain, and body measurements)
  • If you choose to connect an Oura Ring account, Oura-provided health and wellness data you explicitly authorize us to access (for example: daily activity, readiness scores, sleep data, and heart rate metrics)
  • If you choose to connect a Strava account, Strava-provided activity data you explicitly authorize us to access (for example: workouts, distance, heart rate, and performance metrics)
  • If you choose to connect a Garmin account, Garmin-provided health and fitness data you explicitly authorize us to access (for example: activity, sleep, stress, heart rate, and body battery metrics)

We do not collect your name, usernames, or social media information unless explicitly required for a specific interaction.

Wearable data (WHOOP, Oura, Strava, Garmin) is only collected after you complete the respective OAuth authorization flow and grant the requested scopes.

2. How We Collect Information

We use the following methods to collect limited user data:

  • Cookies and local storage: to remember preferences and track interactions on the platform
  • Server logs: to record IP addresses, referral links, and usage timestamps
  • Analytics tools: to monitor navigation and engagement within the app
  • Third-party integrations: WHOOP, Oura, Strava, and Garmin APIs to retrieve health and fitness data you authorize

3. How We Use Information

We use this data to:

  • Operate, maintain, and improve the Services
  • Understand user behavior and preferences
  • Enhance platform performance and stability
  • Detect and prevent security threats or abuse
  • Comply with legal obligations
  • If you connect WHOOP, display and analyze your WHOOP metrics inside the Services in a way that is consistent with the scopes you approve
  • If you connect Oura, display and analyze your Oura health metrics inside the Services in a way that is consistent with the scopes you approve
  • If you connect Strava, display and analyze your Strava activity metrics inside the Services in a way that is consistent with the scopes you approve
  • If you connect Garmin, display and analyze your Garmin health metrics inside the Services in a way that is consistent with the scopes you approve
  • Generate aggregated, anonymized insights across our user base to share with brand partners (see Section 6)

We do not use collected data for behavioral advertising or profiling.

4. Cookies and Tracking Technologies

Pump Science uses cookies and similar technologies to:

  • Analyze how the app is used
  • Track referrals and improve UX
  • Maintain session preferences

By continuing to use the Services, you consent to the use of these technologies. You may manage cookie preferences through your browser settings or by using provided controls in a cookie banner (where applicable).

5. Sharing and Disclosure of Information

We do not sell or rent your personal information.

We may share information with third-party service providers strictly for the purpose of operating, analyzing, or improving the Services. These subprocessors include:

  • Supabase
  • Google Cloud Platform
  • IPFS
  • WHOOP (as a data provider, when you choose to connect WHOOP)
  • Oura (as a data provider, when you choose to connect Oura Ring)
  • Strava (as a data provider, when you choose to connect Strava)
  • Garmin (as a data provider, when you choose to connect Garmin)

All subprocessors are obligated to protect your data and use it solely to provide services to Pump Science.

We do not sell, market, license, or lease your individual wearable data. Your personal health metrics are never shared with third parties in a way that could identify you. However, we may share aggregated, anonymized insights with brand partners as described in Section 6.

We may disclose information if required by law, court order, subpoena, or to comply with legal obligations.

6. Aggregated Insights for Brand Partners

We may share aggregated, anonymized insights derived from health and fitness data with brand partners (such as supplement and wellness product companies). This allows brands to understand how their products may affect user health metrics at a population level.

For example, a brand partner might receive insights such as:

  • "Users who purchased Product X showed an average 5% improvement in sleep scores over 30 days"
  • "Recovery scores among users of Product Y improved by 8% on average"

Important protections:

  • Aggregated data is combined across many users and cannot be used to identify any individual
  • Your personal health metrics are never shared with brand partners
  • No personally identifiable information (PII) is included in aggregated insights
  • Brand partners cannot access, view, or request your individual data

This aggregated data sharing enables us to provide valuable insights to wellness brands while maintaining strict protection of your individual privacy.

7. WHOOP Integration

If you connect your WHOOP account to the Services, the following additional terms apply:

  • We access WHOOP data only after you explicitly authorize access through WHOOP’s OAuth flow and approve specific scopes
  • We limit our access and use of WHOOP data to the scopes you approve and the features you request
  • We do not market, sell, license, or lease your individual WHOOP data to any third party, directly or indirectly
  • You can revoke our access at any time through your WHOOP account settings or by contacting us
  • If you revoke access or request deletion, we will stop new collection and delete or de-identify previously collected WHOOP data unless we are required to retain it by law
  • Our integration has been reviewed by WHOOP and adheres to their API Terms of Use

8. Oura Ring Integration

If you connect your Oura Ring account to the Services, the following additional terms apply:

  • We access Oura data only after you explicitly authorize access through Oura’s OAuth flow and approve specific scopes
  • We limit our access and use of Oura data to the scopes you approve and the features you request
  • We respect the privacy settings configured by Oura users
  • We do not disclose, market, sell, license, or lease your individual Oura data to any third parties including advertisers or data brokers
  • You can revoke our access at any time through your Oura app settings or by contacting us
  • If you revoke access or request deletion, we will stop new collection and promptly delete or de-identify previously collected Oura data unless we are required to retain it by law
  • We use and retain Oura data only so long as necessary for the purpose it was originally obtained
  • Our use of the Oura API is subject to the Oura API Agreement, which incorporates Oura’s Terms of Use and Privacy Policy

9. Strava Integration

If you connect your Strava account to the Services, the following additional terms apply:

  • We access Strava data only after you explicitly authorize access through Strava’s OAuth flow and approve specific scopes
  • We limit our access and use of Strava data to the scopes you approve and the features you request
  • We do not disclose, market, sell, license, or lease your individual Strava data to any third parties including advertisers or data brokers
  • You can revoke our access at any time through your Strava account settings or by contacting us
  • If you revoke access or request deletion, we will stop new collection and delete or de-identify previously collected Strava data unless we are required to retain it by law
  • Our use of the Strava API is subject to the Strava API Agreement

10. Garmin Integration

If you connect your Garmin account to the Services, the following additional terms apply:

  • We access Garmin data only after you explicitly authorize access through Garmin’s OAuth flow and approve specific data types
  • We limit our access and use of Garmin data to the data types you approve and the features you request
  • We do not disclose, market, sell, license, or lease your individual Garmin data to any third parties including advertisers or data brokers
  • You can revoke our access at any time through your Garmin Connect settings or by contacting us
  • If you revoke access or request deletion, we will stop new collection and delete or de-identify previously collected Garmin data unless we are required to retain it by law
  • Our use of the Garmin Health API is subject to the Garmin Connect Developer Program Agreement

11. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by applicable laws. For example, server logs may be retained for up to 90 days for diagnostic and security purposes, unless a longer retention is required for legal or operational reasons.

If you connect a wearable device (WHOOP, Oura, Strava, or Garmin), we retain that data only as long as needed to provide the related features you request, comply with legal obligations, and enforce our agreements.

12. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

If You Are Located in the European Economic Area (EEA) or United Kingdom (UK):

Under the General Data Protection Regulation (GDPR), you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete information
  • Request deletion of your data ("right to be forgotten")
  • Object to or restrict our processing of your data
  • Request data portability
  • Withdraw consent, where applicable

Our lawful basis for processing is our legitimate interests in operating, securing, and improving the Services, except where consent is required.

If You Are a California Resident:

Under the California Consumer Privacy Act (CCPA/CPRA), you have the right to:

  • Know what personal information we collect and how we use it
  • Request access to or deletion of your information
  • Opt-out of the sale or sharing of personal data (Pump Science does not sell or share data for cross-context behavioral advertising)
  • Correct inaccurate information

To exercise your rights under GDPR or CCPA/CPRA, contact us at: orders@pump.science

We may need to verify your identity before fulfilling your request.

13. International Data Transfers

If you are located outside the United States, please be aware that your information may be transferred to and processed in the United States. By using the Services, you acknowledge that your data may be processed in jurisdictions with different data protection standards.

We implement appropriate safeguards (such as data processing agreements with standard contractual clauses) to ensure adequate protection of your personal information.

14. Data Security

We use reasonable technical and organizational security measures to protect your data from unauthorized access, use, or disclosure. However, no system is 100% secure, and we cannot guarantee the absolute security of your data.

15. Children’s Privacy

The Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we learn that we have inadvertently collected such data, we will delete it immediately.

16. Business Transfers

In the event of a merger, acquisition, reorganization, financing, sale of assets, or bankruptcy, your information may be transferred to the acquiring entity or its advisors, subject to the same privacy commitments outlined in this policy.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via the app. Continued use of the Services after such changes indicates your acceptance of the revised policy.

18. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, or wish to exercise your rights, contact:

Pump Science Inc.

Email: orders@pump.science