EnduroLiving Data Privacy Policy

Effective Date: 20th April 2025

EnduroLiving is committed to protecting your personal data and your right to privacy. This Privacy Policy explains how we collect, use, store, and share your information when you interact with our website, services, and products — in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

EnduroLiving (“we”, “us”, “our”) is a wellness and performance brand based in Saltburn-by-the-Sea, United Kingdom. We provide performance and recovery experiences, digital memberships, and data-driven wellness recommendations through our platform, services, and Outpost facility.

2. What Data We Collect

We may collect the following types of personal data when you interact with us:

A. Information You Provide

Full name

Email address

Contact number (if applicable)

Payment details (processed securely via Stripe or similar provider)

Biometric data manually entered (e.g. HRV, resting heart rate, sleep hours)

Survey or feedback responses

B. Information Collected Automatically

IP address

Device type and browser

Website usage patterns (via cookies and analytics tools)

3. Wearable Device Data

A. What We Collect from Wearables (e.g. Garmin)

When you authorise EnduroLiving to connect with your wearable device — such as a Garmin, Apple Watch, WHOOP, or other compatible service — we may collect the following biometric and activity metrics, as made available through the device API:

Heart Rate Variability (HRV)

Resting Heart Rate (RHR)

Daily and nightly sleep data (duration, quality, stages)

Physical activity data (steps, calories, training load, elevation gain, strain)

Workout summaries (distance, pace, effort, GPS data where applicable)

Recovery scores and stress levels (if supported by the device)

We only collect the data points required to calculate your daily EnduroIndex and deliver your personalised protocol recommendations.

B. Purpose and Use

Your wearable data is used exclusively to:

Calculate your EnduroIndex score (1 to 5)

Generate personalised training, recovery, and supplement protocols

Display relevant wellness insights and performance trends over time

We do not use your wearable data for profiling, automated decision-making beyond protocol recommendations, or any other purpose unrelated to EnduroLiving services.

C. How We Access It

We use secure, encrypted API integrations with wearable providers (e.g. Garmin Connect)

You must explicitly authorise access during onboarding or in your dashboard

You can revoke permissions or disconnect devices at any time

For Garmin specifically, you can disconnect EnduroLiving through the Garmin Connect app under Settings > Connected Apps.

D. Data Control and Retention

You remain in control of your wearable data. At any time, you may:

Revoke access via your EnduroLiving dashboard or your wearable account settings

Request deletion of all wearable-derived data via email: info@enduroliving.co.uk

Wearable data is retained only while your account is active or until you disconnect the device. Upon disconnection or deletion request, all associated biometric data is permanently removed.

4. Lawful Basis for Processing

We process your data under the following lawful bases:

Consent – when you opt in to marketing or share wellness/wearable data

Contract – to fulfil our agreement when you purchase memberships or services

Legitimate Interests – for internal analytics, feature improvement, or product communication where appropriate

Legal Obligation – to meet compliance with applicable laws

5. Data Sharing

We will never sell your data. We only share your information with trusted third parties where necessary, such as:

Payment processors (e.g. Stripe)

Email platforms (e.g. Mailchimp, ConvertKit)

Secure hosting and analytics providers (e.g. Google Analytics, AWS)

Wearable data aggregators (Garmin Connect API, Apple HealthKit) — only where authorised by you

All vendors are GDPR-compliant and contractually required to handle your data securely.

6. Data Retention

Member account data: while account is active + 12 months

Email marketing data: until you unsubscribe

Booking and transaction data: 6 years (per HMRC)

Wearable data: only while connected or until deleted by request

7. Your Rights Under UK GDPR

You have the right to:

Access your personal data

Correct or update inaccuracies

Request deletion (“right to be forgotten”)

Restrict or object to processing

Withdraw consent at any time

Contact us at info@enduroliving.co.uk to exercise your rights.

8. Cookies and Tracking

We use cookies for:

Site performance

Usage analytics

Session tracking

You can control cookies in your browser preferences.

9. Data Security

We follow industry best practices including:

Encrypted data transfer (SSL/TLS)

Secure cloud infrastructure

Role-based access controls

Multi-factor authentication

Regular audits and penetration testing

All biometric and wearable data is encrypted both in transit and at rest.

10. Contact Us

Data Protection Officer

EnduroLiving

Email: info@enduroliving.co.uk

Saltburn-by-the-Sea, United Kingdom

If you are unsatisfied with our response, you may contact the UK Information Commissioner’s Office (ICO):

https://ico.org.uk