Privacy Policy
Last Updated: February 27, 2026
Welcome to MyAthlete. This Privacy Policy describes how MyAthlete ("we," "us," or "our") processes information through our Data Integrity & Performance Engine. We provide a comprehensive Operating System for competitive swimming clubs, covering performance analytics, financial management, and safety governance.
1. Data Roles & Hierarchy
Under the General Data Protection Regulation (GDPR), your swimming club (the "Club") acts as the Data Controller. They determine why and how your data is processed.
MyAthlete acts as the Data Processor. We process data strictly according to the Club’s instructions to facilitate club operations, financial billing, and athlete performance tracking.
2. Information We Collect
Beyond basic account details, our engine processes the following specialized data categories:
A. Sensitive & Special Category Data
- Medical & Health Data: Information regarding allergies, chronic conditions (e.g., Asthma, Diabetes), and emergency medical treatment consents to ensure athlete safety on the pool deck.
- Safeguarding & Vetting: For coaches and volunteers, we host vetting documents (e.g., Garda Vetting/AccessNI), professional certifications, and qualification expiry dates.
B. Financial & Transactional Data
- Payment Mandates: Direct Debit details and payment metadata required for our Financial OS.
- Family Wallet & Ledger: A historical record of all liabilities, credits, and "netted" transactions related to squad fees and gala entries.
C. Performance & Intelligence Data
- Heuristic Data Points: Name, DOB, and Club History used by our "Self-Healing Engine" to maintain the integrity of your "Golden Record."
- Performance Analytics: Race splits, stroke rates, and AI-generated "Predict AI" trajectories.
- Behavioral Metrics: Training attendance streaks and engagement leaderboards.
D. Communication & Engagement
- Interactive Forms: Data provided via conditional forms (e.g., gala availability or camp sign-ups).
- Engagement Metadata: "Read Receipts" for admin broadcasts and emoji reactions within internal club channels.
3. How We Use Your Information
- Self-Healing Integrity: We use probabilistic matching to merge duplicate records and "heal" historical data gaps.
- Financial Automation: To calculate pro-rated squad fees, manage sibling discounts, and batch liabilities to reduce transaction costs.
- Operational Physics: To detect "Hard Conflicts" in scheduling (e.g., ensuring a coach is not double-booked).
- AI Forecasting: Using historical data to generate target pacing and career trajectory predictions.
4. Data Sharing & Identity Governance
MyAthlete utilizes a Polymorphic Identity Model, allowing a single login to navigate multiple roles (e.g., a Coach who is also a Parent). Access to data is not "all-or-nothing"; it is strictly governed by Granular Scoped Permissions and the Principle of Least Privilege.
A. Scoped Administrative Access
Club Administrative access is compartmentalized into specific business domains. An "Admin" user only has access to the data required for their specific function:
- Financial Controllers: Access to the Ledger, Batching, and Virtual Wallet data. Other administrators cannot view family financial records unless specifically granted this scope.
- Compliance Officers: Access to compliance records, safeguarding documents (e.g., Garda Vetting), and vetting status.
- Operations/Meet Managers: Access to meet entries, session planning, and roster management.
B. Third-Party Payment Processing (Mollie)
To facilitate secure payments, MyAthlete integrates with Mollie B.V., a regulated payment service provider.
- When you make a payment or set up a mandate, your financial data (such as IBAN or card details) is processed directly by Mollie.
- MyAthlete stores transactional metadata (amounts, dates, and status) to maintain your club ledger, but we do not store full credit card numbers or sensitive bank credentials on our servers.
- You can view Mollie’s privacy policy at mollie.com/privacy.
C. Competition Exports (SD3 Files)
MyAthlete does not currently transmit athlete data directly to third-party meet hosts or National Governing Bodies.
While the platform generates industry-standard files (such as SD3 exports) for competition entries, these files are generated only at the request of an authorized Club Admin. The Club is responsible for the manual download and secure transmission of these files to meet hosts.
5. Data Security & "The Golden Record"
We employ Atomic Transactions to ensure data is never partially or incorrectly saved. Our infrastructure uses industry-standard encryption (AES-256) and Multi-Factor Authentication (MFA). Since MyAthlete maintains historical sporting records, performance data is retained as part of the athlete’s career trajectory unless a deletion request is issued by the Data Controller.
6. Your Rights
As a user, you have the right to access, rectify, or request the erasure of your data. Because MyAthlete is a Data Processor, all requests regarding the exercise of your GDPR rights should be directed to your Club Secretary or Data Protection Officer.
7. Contact
For technical queries regarding our data handling practices, contact our Privacy Team at: support@myathlete.ie