Data Processing Agreement

Effective Date: January 1, 2025
Company: StartXLR8

1. Data Controller

StartXLR8 acts as the data controller for all personal data collected through the XLR8 platform. We determine the purposes and means of processing your personal data and are responsible for ensuring compliance with applicable data protection laws.

2. Processing Purposes

We process your personal data for the following purposes:

  • Providing and maintaining our platform services
  • Generating personalized AI-driven recommendations and action plans
  • Tracking and analyzing your progress toward goals
  • Communicating service updates and relevant notifications
  • Ensuring platform security and preventing fraud
  • Complying with legal and regulatory obligations

3. Categories of Data Processed

We process the following categories of personal data:

  • Identity Data: Name, email address, and account credentials
  • Health & Fitness Data: Workout logs, nutrition tracking, health metrics, and fitness goals
  • Financial Data: Budget information, financial goals, and spending patterns
  • Career Data: Skills, career objectives, and professional development progress
  • Usage Data: Platform interaction logs, feature usage, and session data
  • Technical Data: Device information, IP addresses, and browser type

4. Security Measures

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Access controls and authentication via AWS Cognito
  • Regular security audits and vulnerability assessments
  • Data minimization and purpose limitation practices
  • Incident response and breach notification procedures

5. Sub-Processors

We use the following sub-processors to deliver our services:

  • Amazon Web Services (AWS): Cloud infrastructure, data storage, authentication, and compute services
  • OpenAI: AI-powered recommendation generation and personalized plan creation

All sub-processors are bound by data processing agreements that ensure equivalent levels of data protection.

6. Data Subject Rights

Under applicable data protection laws, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request limitation of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests

To exercise any of these rights, visit the Privacy Settings page in your account or contact us at privacy@xlr8.com.

7. Changes to This Agreement

We may update this Data Processing Agreement periodically to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or through our platform.

8. Contact Us

If you have questions about this Data Processing Agreement or how we handle your data, please contact us at privacy@xlr8.com or through our support center.