Skip to main content

Privacy Policy

Written on .

Privacy Policy (UK GDPR) — SprintCoach.run

Version: v2.0
Updated: 21 September 2025
Controller: Paul Franklin trading as SprintCoach.run (“we”, “us”).
Website: https://sprintcoach.run/
Contact: This email address is being protected from spambots. You need JavaScript enabled to view it.
Applies to: the Site, our apps, and all products/services offered by us.

Summary: We collect the minimum personal data needed to deliver coaching and run our services. We do not sell data. We protect children’s data with extra care. See Section 5 (Athlete Confidentiality) for sport-specific commitments, including group coaching and video.

1) Personal data we collect

  • Identity & contact: name, email, phone, parent/guardian details (for under-18s), club and event information.
  • Account & usage: log-in credentials, device/browser data, IP address, pages visited, referral sources, essential cookies (see Section 3).
  • Coaching/athlete data (“progress data”): times, tests, training notes, attendance you provide to us, wellness logs, goals, coach feedback; photos/video captured for technical review.
  • Health/injury data (special category): information you choose to provide so coaching can be safe and appropriate.
  • Payments & admin: transaction details (handled by external payment processor Stripe — we do not store full card numbers), consents, communications.

We collect data when you visit the Site, create an account, sign up to services, subscribe to communications, interact in apps/forms, or correspond with us. You may browse the Site without identifying yourself; some features may not work without certain data.

2) Non-personal data

We may collect aggregated, de-identified analytics such as browser type, operating system, and general Site interaction patterns. This information does not identify you on its own.

3) Cookies & similar technologies

We only set essential cookies required to operate the Site (for example, the website session cookie and security cookies from our Web Application Firewall). We do not use Google Analytics, Google Ads/AdWords, or similar advertising/behavioural trackers.

YouTube videos. We embed videos using either YouTube’s privacy-enhanced mode (youtube-nocookie.com) or a click-to-load player so that non-essential cookies are not placed until you choose to play the video. Playing a YouTube video may allow YouTube/Google to set cookies on your device — see their privacy information.

Because we only set essential cookies by default, we do not display a cookie consent banner. If we introduce any non-essential cookies in future (e.g., analytics or standard embeds that set cookies before you click), we will request consent and update this notice.

4) Why we use your data (purposes) & lawful bases

  • Deliver coaching/services (create accounts, schedule sessions, provide training content, analyse performance, support users) — Contract.
  • Video capture & technical analysis (recording technique during sessions, slow-motion review, angle tracking) — Contract; Legitimate interests. Showing identifiable clips to a group requires consent; without consent we review 1-to-1 or use anonymised examples.
  • Safety & safeguarding (contact in emergencies; suitability to train) — Vital interests; Substantial public interest; Consent (health).
  • Programme administration & communications (service emails, plan updates, billing) — Contract; Legitimate interests.
  • Analytics & improvement (usage metrics, troubleshooting) — Legitimate interests.
  • Marketing communications (newsletters, offers) — Consent (you can withdraw at any time).
  • Legal/regulatory compliance (records, incident reporting) — Legal obligation.

For health/injury data, we rely on your explicit consent; you can withdraw consent at any time (this may limit how we coach safely).

5) Athlete Confidentiality (addendum)

Parents rightly expect their child’s data (testing results, injury history, training notes, video, force–velocity profile, and progress through courses) to remain private between the family and the coaching team.

  • Group coaching reality. Sessions are delivered in groups. Individual technical cues (e.g., “first 1–8 steps”, “keep the foot low”, “hips tall”) are given out loud and may be overheard by others. We do not announce sensitive personal data (e.g., medical details) or publish named test results in group settings.
  • Use of video in groups. We may record athletes for extrinsic feedback and coaching analysis. We will only show identifiable video to the group with the athlete/parent’s prior consent; otherwise, we can continue to support your child in a 1-to-1 coaching format, with video review on your/your child’s device, or by using anonymised examples. Incidental appearance of athletes in the background of training footage may occur; we minimise this by careful camera positioning and framing.
  • No sharing of underlying data. We will not disclose an athlete’s private data (e.g., test scores, force–velocity profiles, injury history recorded in the SprintCoach.run Training Portal). Teaching examples will be anonymised or used with consent.
  • Placement by focus area. We organise training into neutral focus groups (e.g., acceleration or max-velocity, blocks, strength & conditioning). Grouping decisions are informed by benchmarking against public performance frameworks (e.g., thepowerof10.info, worldathletics.org, England Athletics PB Awards) and the athlete’s own progress and readiness.
  • No private data benchmarking. We will not use an athlete’s private data to benchmark, compare, or teach other athletes. Teaching material and examples are provided in the Training Portal, or we will use the subject athlete’s own materials with consent.
  • Benchmarks & public performance data. We benchmark each athlete against publicly available data and frameworks (e.g., thepowerof10.info, worldathletics.org, and the England Athletics PB Awards) to set goals and to place athletes into appropriate training groups that meet their needs. We will not disclose or use any athlete’s private data to benchmark or compare others. When discussing peers from the same training group, we avoid naming individuals unless the information is already public and there is a clear coaching need; otherwise, we anonymise.
  • Exceptions: safeguarding or medical emergencies; legal obligations; or strictly anonymised insights that cannot identify an individual.

6) How we protect your data

  • Role-based access for the coaching team only.
  • Encrypted transmission and, where supported, encryption at rest.
  • Secure devices (password/biometric), least-privilege access, regular updates.
  • Vendor due diligence and data processing agreements with all service providers.

Our providers & perimeter security: Our website is delivered via Webx Solutions Ltd and protected by the Sucuri CDN & Web Application Firewall (WAF). Webx Solutions Ltd is Cyber Essentials certified. Sucuri’s CDN/WAF provides network-level protections (e.g., DDoS mitigation, bot filtering, and virtual patching). Provider certifications belong to the providers and do not, by themselves, certify SprintCoach.run. We remain responsible as the data controller under UK GDPR.

7) Sharing your data

We do not sell, trade, or rent your personal data. We may share data with:

  • Assistant coaches/staff (to deliver services);
  • Service providers (hosting, email, payment, coaching platforms) acting on our instructions — including Webx Solutions Ltd (site delivery/hosting), Sucuri (CDN/WAF security), and Stripe (payments);
  • Private group messaging platforms used for logistics and coaching feedback (e.g., WhatsApp, Spond) — participation is invitation-only and limited to relevant athletes/parents;
  • Medical/safeguarding professionals when necessary and proportionate;
  • Authorities when required by law.

Where data is transferred outside the UK/EEA, we use appropriate safeguards (for example, the UK Addendum to Standard Contractual Clauses) and restrict access to the minimum necessary.

8) Retention

  • Coaching records: while you have an active relationship and up to 2 years thereafter.
  • Coaching media (photos/video): retained for up to 12 months unless you withdraw consent earlier or ongoing use is necessary for safeguarding/legal reasons. On withdrawal of consent, identifiable clips used for group teaching will be removed from shared locations within 30 days, and retained only where required for legal/safeguarding purposes.
  • Transactional/records required by law: retained per statutory limits.

When data is no longer needed, we securely delete or anonymise it.

9) Children & young people

For athletes under 18, we require a parent/guardian’s details and relevant consents. We take additional steps to minimise collection, restrict access to the coaching team, and avoid publishing identifiable images or data without explicit consent.

10) Your rights (UK GDPR)

You have the right to access, rectify, erase, restrict, and object to processing, and to data portability where applicable. You can withdraw consent at any time.

To exercise rights: email This email address is being protected from spambots. You need JavaScript enabled to view it. or write to 63 Hillfoot Rd, Collier Row, RM5 3LR. You can complain to the Information Commissioner’s Office (ICO): ico.org.uk or 0303 123 1113.

11) Emails & subscriptions

We send service/transactional emails as part of delivering your plan. For marketing emails, we rely on your consent. You can unsubscribe using the link in the email or by contacting us.

12) Third-party websites

Our Site may link to third-party sites. Their content and practices are outside our control, and their privacy notices apply to your use of those sites.

13) Changes to this notice

We may update this Privacy Policy. We’ll post the new date above and, for material changes, we’ll provide reasonable notice.