CONSUMER HEALTH DATA PRIVACY POLICY
Train Collective
A Division of Collective Media Group, LLC
Effective Date: January 16, 2026
Introduction
Train Collective, a division of Collective Media Group, LLC (“Train Collective,” “we,” “us,” or “our”), is committed to protecting your privacy and the security of your consumer health data. This Consumer Health Data Privacy Policy (“Policy”) describes how we collect, use, share, and protect consumer health data, and outlines your rights regarding such data.
This Policy applies to consumer health data collected through our fitness platform, mobile applications, websites, and related services (collectively, the “Services”). This Policy is provided separately from our general Privacy Policy as required by applicable consumer health data privacy laws, including but not limited to the Washington My Health My Data Act.
Scope of This Policy
This Policy applies to “Consumer Health Data,” which means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status. This includes, but is not limited to:
• Individual health conditions, treatment, diseases, or diagnosis
• Social, psychological, behavioral, and medical interventions
• Health-related surgeries or procedures
• Use or purchase of prescribed medication
• Bodily functions, vital signs, symptoms, or measurements of health information
• Diagnoses or diagnostic testing, treatment, or medication
• Gender-affirming care information
• Reproductive or sexual health information
• Biometric data
• Genetic data
• Precise location information that could reasonably indicate an attempt to acquire or receive health services or supplies
• Data that identifies a consumer seeking health care services
Categories of Consumer Health Data We Collect
Through our fitness platform and Services, we may collect the following categories of consumer health data:
Fitness and Wellness Data
• Physical activity data (workout history, exercise type, duration, frequency)
• Performance metrics (calories burned, distance traveled, steps taken)
• Fitness goals and progress tracking
• Sleep data (if provided)
• Nutrition and dietary information
Mental Health and Wellness Data
• Mood tracking information
• Stress level indicators
• Mental wellness goals and check-ins
• Meditation and mindfulness activity data
General Health Information
• Height, weight, and body measurements
• Age and gender
• Health assessments and surveys
• Heart rate and other biometric data (if provided through connected devices)
• Health conditions or limitations that affect exercise (voluntarily provided)
Sources of Consumer Health Data
We collect consumer health data from the following sources:
• Directly from you: Information you provide when creating an account, completing your profile, logging workouts, tracking progress, or communicating with us.
• Automatically: Information collected through your use of our Services, including app usage data and performance metrics.
• Third-party integrations: Information from fitness trackers, wearable devices, and health apps you choose to connect to our Services (with your consent).
• Service providers: Information from third parties who help us provide our Services.
Purposes for Collecting Consumer Health Data
We collect and use consumer health data for the following purposes:
• Providing our Services: To deliver personalized fitness programs, track your workouts and progress, provide health and wellness recommendations, and enable the core functionality of our platform.
• Personalization: To customize workout plans, content, and recommendations based on your fitness level, goals, and preferences.
• Communication: To send you progress updates, reminders, motivational content, and respond to your inquiries.
• Service improvement: To analyze usage patterns and feedback to improve our Services, develop new features, and enhance user experience.
• Safety and security: To protect the security and integrity of our Services and prevent fraud or misuse.
• Legal compliance: To comply with applicable laws, regulations, and legal processes.
Sharing of Consumer Health Data
We may share your consumer health data with the following categories of third parties:
• Service providers: Third parties who perform services on our behalf, such as cloud hosting, data analytics, customer support, and payment processing. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
• Affiliates: Other entities within the Collective Media Group, LLC corporate family, subject to the same privacy protections described in this Policy.
• With your consent: Third parties you authorize us to share data with, such as fitness device manufacturers or health apps you choose to integrate.
• Legal requirements: Government authorities or other third parties when required by law, court order, or to protect our legal rights.
• Business transfers: In connection with a merger, acquisition, or sale of assets, where consumer health data may be transferred to the acquiring entity.
Sale of Consumer Health Data
Train Collective does not sell consumer health data. We do not exchange consumer health data for monetary or other valuable consideration.
Your Rights Regarding Consumer Health Data
Depending on your location and applicable law, you may have the following rights regarding your consumer health data:
Right to Know/Access
You have the right to confirm whether we are collecting, sharing, or selling consumer health data concerning you, and to access such data. This includes the right to obtain a list of all third parties and affiliates with whom we have shared or to whom we have sold your consumer health data.
Right to Deletion
You have the right to request that we delete your consumer health data. Upon receiving a verified deletion request, we will delete your consumer health data and direct any processors, affiliates, contractors, or third parties with whom we have shared such data to delete it as well, subject to certain exceptions permitted by law.
Right to Withdraw Consent
You have the right to withdraw your consent to our collection and sharing of consumer health data at any time. Withdrawal of consent will not affect the lawfulness of any processing conducted prior to your withdrawal.
Right to Non-Discrimination
We will not discriminate against you for exercising any of your rights under applicable consumer health data privacy laws. This means we will not deny you goods or services, charge you different prices, or provide you with a different level or quality of goods or services based on your exercise of these rights.
How to Exercise Your Rights
To exercise any of the rights described above, you may submit a request by:
• Emailing us at: privacy@traincollective.com
• Visiting our online privacy request portal at: www.traincollective.com/privacy-request
• Writing to us at: Train Collective, Attn: Privacy Team, [Address]
We will respond to your request within fifteen (15) days of receipt. If we require additional time, we will inform you of the reason and extension period in writing. We may request additional information from you to verify your identity before fulfilling your request.
You may designate an authorized agent to make a request on your behalf. If you use an authorized agent, we may require proof that you have provided the agent with authorization to make requests on your behalf.
Data Security
We implement and maintain reasonable administrative, physical, and technical safeguards designed to protect consumer health data from unauthorized access, use, disclosure, alteration, and destruction. These measures include encryption, access controls, secure data storage, and regular security assessments.
Despite our efforts, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your consumer health data.
Data Retention
We retain consumer health data only for as long as necessary to fulfill the purposes for which it was collected, to provide our Services, or as required by applicable law. When consumer health data is no longer needed, we will securely delete or de-identify it in accordance with our data retention policies.
International Data Transfers
Our Services are operated from the United States. If you are accessing our Services from outside the United States, please be aware that your consumer health data may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using our Services, you consent to the transfer of your consumer health data to countries outside your country of residence, which may have different data protection rules.
We take appropriate steps to ensure that transfers of personal data are in accordance with applicable law and carefully managed to protect your privacy rights and interests.
Children’s Privacy
Our Services are not directed to individuals under the age of 16. We do not knowingly collect consumer health data from children under 16. If we become aware that we have collected consumer health data from a child under 16, we will take steps to delete such data promptly. If you believe we have collected data from a child under 16, please contact us immediately.
Changes to This Policy
We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated Policy on our website with a new effective date. We encourage you to review this Policy periodically to stay informed about how we protect your consumer health data.
Contact Us
If you have questions, concerns, or complaints about this Policy or our consumer health data practices, please contact us at:
Train Collective
A Division of Collective Media Group, LLC
Email: privacy@traincollective.com
Website: www.traincollective.com
Attention: Privacy Team
Right to File a Complaint
If you believe your rights under applicable consumer health data privacy laws have been violated, you have the right to file a complaint with us using the contact information above. You also have the right to file a complaint with the appropriate state attorney general or regulatory authority in your jurisdiction.
We will not retaliate against you for filing a complaint or exercising any of your rights under this Policy or applicable law.