Saltar al contenido principal
ZoneMetrics processes biometric health data (heart rate), which is classified as a special category under EU Regulation 2016/679 (GDPR) and the Spanish LOPD-GDD. This page explains what data is collected, why, and how it is protected.

What data is collected

Heart rate readings

Real-time heart rate telemetry captured from ANT+ sensors during sessions, used to calculate zones, effort, and performance metrics.

Session performance metrics

Per-session summaries including average, maximum, and minimum heart rate, estimated calories burned, effort points, and zone distribution (Z1–Z5).

Athlete profile

Basic profile data including age, weight, gender, and training goal — used to personalise performance calculations.

Account credentials

Your email address and a securely hashed password. Plaintext passwords are never stored.
ZoneMetrics processes special category health data under explicit consent (GDPR Art. 9(2)(a)). Athletes must actively check a consent box when creating their portal account. Without this consent, no account can be created and no biometric data is processed. Consent is recorded with a timestamp and version number.
You can withdraw your consent and request deletion of your account and all associated data at any time from your profile settings.

Data retention

Raw telemetry data (the individual heart rate readings collected during sessions) is automatically purged after 90 days. Processed session summaries and performance metrics are retained for as long as your account is active.

Your rights

You have the following rights regarding your personal data:
  • Right of access — request a copy of the data held about you
  • Right to rectification — correct inaccurate profile data from your athlete portal
  • Right to erasure — request deletion of your account and all associated data, including telemetry, session history, and biometric measurements, from your profile settings
Account deletion is permanent and irreversible. All your data — including session history and performance trends — will be removed and cannot be recovered.

Data security

ZoneMetrics applies the following technical measures to protect your data:
  • Encryption in transit — all data is transmitted over HTTPS/TLS. There are no unencrypted endpoints.
  • Encryption at rest — the database is encrypted at rest. The Edge App’s local buffer is stored in an encrypted SQLite database.
  • No plaintext credentials — passwords are hashed using a strong one-way algorithm before storage. No plaintext passwords are ever stored.
  • Secret management — no production credentials are hardcoded in the application. All sensitive configuration is injected securely at runtime and never committed to source control.

Multi-tenant isolation

ZoneMetrics is a multi-tenant platform. Your gym’s data — athletes, sessions, telemetry — is strictly isolated from other gyms at the database level. Staff and athletes from one gym cannot access data belonging to another.

Cookies and tracking

ZoneMetrics does not use tracking cookies and does not share your data with advertising networks or third-party analytics services. Stripe, our payment processor, handles payment data independently under its own privacy policy — ZoneMetrics never stores your payment card details.