Privacy Policy

BATO Consulting LLC
Effective Date: November 13, 2025
Last Updated: November 13, 2025

1. Introduction

BATO Consulting LLC (“BATO,” “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (bato.com) and our services, including our AI Running Coach application.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Company Information

BATO Consulting LLC
Website: https://www.bato.com
Email: bill@bato.com
Privacy Contact: privacy@bato.com

3. Information We Collect

3.1 General Website Information

When you visit our website, we may collect:

  • Usage data (pages visited, time spent, browser type, IP address)
  • Contact information you provide through forms (name, email address, phone number)
  • Information you provide in comments or communications with us
  • Cookie data to improve your browsing experience

3.2 AI Running Coach Application Data

When you use our AI Running Coach service, we collect and process:

From Garmin Connect API:

  • Activity data (runs, workouts, distance, pace, heart rate, cadence)
  • Training metrics (VO2 max, training load, training status, recovery time)
  • Historical workout and performance data
  • Personal profile information (age, weight, gender, fitness level)
  • Device information (Garmin device model and firmware)

Application Usage Data:

  • Coaching interactions and preferences
  • Training goals and progress
  • Custom workout plans and schedules
  • User feedback and app usage patterns

4. How We Use Your Information

4.1 General Purposes

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Respond to your inquiries and provide customer support
  • Send administrative information, updates, and security alerts
  • Analyze usage patterns to enhance user experience
  • Comply with legal obligations

4.2 AI Running Coach Specific Uses

Your Garmin data is used to:

  • Analyze your training patterns and fitness trends
  • Provide personalized coaching recommendations
  • Generate customized workout plans
  • Track progress toward your training goals
  • Identify potential overtraining or injury risk
  • Optimize race-day strategies and pacing recommendations
  • Improve our AI coaching algorithms (using aggregated, anonymized data only)

5. Data Storage and Security

5.1 Storage Infrastructure

Your data is stored on secure cloud infrastructure with industry-standard security measures including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Automated backup and disaster recovery procedures
  • Data segregation between users

5.2 Data Retention

  • Activity Data: Retained for the duration of your active subscription plus 90 days, unless you request earlier deletion
  • Account Information: Retained until you close your account or request deletion
  • Aggregated Analytics: Anonymized data may be retained indefinitely for service improvement
  • Legal Compliance: Some data may be retained longer if required by law

5.3 Your Garmin Credentials

We use OAuth 2.0 authentication with Garmin Connect. Your Garmin username and password are never stored or transmitted through our systems. You authenticate directly with Garmin, and we receive only an access token to retrieve your fitness data.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

6.1 Service Providers

  • Garmin Connect API: To access your fitness data (governed by Garmin’s Privacy Policy at https://www.garmin.com/privacy)
  • Anthropic (Claude AI): To provide coaching intelligence (data processed according to Anthropic’s Privacy Policy at https://www.anthropic.com/privacy)
  • Cloud Infrastructure Providers: For secure hosting and data storage
  • Analytics Services: For aggregated, anonymized usage statistics

6.2 Legal Requirements

We may disclose your information if required by law, court order, or legal process, or to protect the rights, property, or safety of BATO Consulting LLC, our users, or others.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice on our website of any change in ownership or use of your personal information.

7. Your Rights and Choices

You have the following rights regarding your personal information:

7.1 Access and Portability

  • Request a copy of all personal data we hold about you
  • Export your data in a machine-readable format

7.2 Correction and Updates

  • Update your profile information at any time
  • Request correction of inaccurate data

7.3 Deletion

  • Request deletion of your account and all associated data
  • Revoke Garmin API access through your Garmin Connect account settings
  • Upon deletion request, data will be removed within 30 days (excluding legally required retention)

7.4 Data Processing Restrictions

  • Object to certain types of processing
  • Restrict processing in specific circumstances

7.5 Marketing Communications

  • Opt out of marketing emails via unsubscribe links
  • Adjust notification preferences in your account settings

To exercise these rights, contact us at: privacy@bato.com

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

8.1 Essential Cookies

Required for the website to function properly (authentication, security, session management).

8.2 Performance Cookies

Help us understand how visitors interact with our website by collecting anonymous usage data.

8.3 Functionality Cookies

Remember your preferences and settings for improved user experience.

You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable laws.

10. Children’s Privacy

Our services are not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

11. Health and Fitness Data

We recognize that fitness and health data is sensitive. We take additional precautions:

  • Health data is encrypted with enhanced security measures
  • Access is limited to essential personnel only
  • We do not share health data with third parties except as explicitly stated in this policy
  • We are not a covered entity under HIPAA, but we implement HIPAA-aligned security practices

12. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (Note: We do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at: privacy@bato.com or call: (upon request)

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

Legal Basis for Processing: We process your data based on:

  • Your consent (which you may withdraw at any time)
  • Performance of a contract with you
  • Compliance with legal obligations
  • Our legitimate business interests

14. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Notify affected users within 72 hours of discovery
  • Report to relevant authorities as required by law
  • Take immediate steps to secure systems and prevent further unauthorized access
  • Provide information about the breach and steps you can take to protect yourself

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated through:

  • Email notification to registered users
  • Prominent notice on our website
  • Updated “Last Updated” date at the top of this policy

Your continued use of our services after changes become effective constitutes acceptance of the revised policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

BATO Consulting LLC
Email: bill@bato.com
Privacy Inquiries: privacy@bato.com
Website: https://www.bato.com

We will respond to all requests within 30 days.

This Privacy Policy represents our commitment to protecting your privacy and handling your data responsibly. Thank you for trusting BATO Consulting LLC with your information.