Welcome to Perch! This policy governs the collection, use, sharing, security, and other matters related to digital data collected by Catalyft Labs, Inc., a Delaware corporation, doing business as Perch (“Perch,” “we,” “us”, and/or “our” as used in this Policy) through its website located at https://perch.fit (the “Site”), the web application located at https://app.perch.fit (the “App”), and the tablet application and related camera and other hardware products Perch installs to track and optimize workouts (collectively, the “Gym Devices”). In this Policy, we refer collectively to the Site, App, and Gym Devices, along with the business operations that support these digital assets, certain other websites and applications which we may operate in connection with them, and such other products and services as we may develop and offer to you in connection with our business, as our “Services.”
References in this Policy to “you” or “your” refer to end-users of our Services, including without limitation account administrators, coaches, athletic staff, and individual athletes (collectively, “Users”). We also refer to anyone who creates a Perch account, whether on your personal behalf or on behalf of your organization, as an “Admin.” Please refer to our Terms for more information about the obligations applicable to an Admin.
Any entity that has entered into an agreement for Perch to provide Services to that entity and/or its constituents and in that entity’s facility is referred to in this Policy as a “Participating Organization.”
What information do we collect?
We collect Personal Information, Depth Video, and Usage Information through our Services, both directly and indirectly:
When we say “Personal Information” in this Policy, we mean information that, alone or in combination with other information in our possession, personally identifies you. Personal Information does not include information that is aggregated or information that cannot be reasonably linked to you. References to “Athlete Information” in this Policy mean a User’s height, weight, and gender, but not all of these items are required to be entered for all Users. Athlete Information, to the extent entered, in combination with the User’s name, email, and login credentials is referred to collectively in this Policy as “Account Information.” To the extent Perch requests other items of Personal Information in the course of creating your account, those items will also be referred to as “Account Information” in this Policy.
When we say “Usage Information” in this Policy, we mean information about (i) hardware, networks, bluetooth, non-personal mobile devices, and other similar infrastructure relating to our Services and (ii) the general usage of our services by Users as reflected by usage analytics, logs, routines, and other software systems and tools. As of the date of this Policy, Perch does not consider Usage Information, standing alone, to be practically capable of identifying any particular individual. Like most websites, we collect this information through a variety of mechanisms on our Site:
When we say “Depth Video,” we mean a camera-generated depth video of workouts. Depth Video Information is not color video, but rather a record of the distance of a point in space from the camera. Depth Video information alone cannot be used to identify a natural person by Perch or any other party as it exists on Perch systems. It is possible, but not easy, to identify a distinctive human being you know well from depth video information generally, but Perch does not provide any individuals with access to the raw Depth Video information.
We collect non-personal information through the Site, the App, and the Gym Devices as follows:
- When Users use Gym Devices, we collect Depth Video through a connection between the equipment’s camera, the local tablet device, and our servers.
- We collect Usage Information about visitors to our Site and App.
We collect Personal Information through the Site, the App, and the Gym Devices as follows:
- When any visitor of our Site completes and submits a contact form, information submitted through that form (“Contact Information”) is transmitted to third party Services that help us maintain and manage our information about contacts and potential customers and is available to Perch through those services. You may choose to, but do not have to, schedule a call with Perch directly through the Site; if you choose to schedule a call, the information you submit about your name and email to do so will be collected by Hubspot, the scheduling tool. Please consult the section of this Policy relating to third party services below for more information about the data handling involved with such services.
- When a User clicks to contact support from the App, Contact Information (which may be derived from the Account Information associated with the User) is transmitted to a third party service that helps us manage this outreach.
- When an Admin creates an account, we collect their name, email and a password they wish to use to administer the account, as well as the name of the Participating Organization. Admins may add Athlete Information for themselves directly into the App, if they choose. Admins may also submit a photo associated with the User, and, if they do, this photo is included in this Policy’s references to Athlete Information.
- Admins may also enter the name, email and Athlete Information about others within the Participating Organization, including its other administrators, coaches, and/or athletes, and may organize this information into groups that they name.
- When a workout is stored on our servers, the object stored includes both Depth Video information and a user identifier, but does not include Personal Information about any User.
- When you choose to submit Personal Information otherwise through the Services, we may collect it from you. Your submissions of Personal Information other than as described specifically in this Policy are at your option, but if you choose to submit such information to Perch, it may be collected in combination with (or in combination with data derived from) other Account Information, Contact Information, and/or Usage Information.
How do we use the information we collect?
Perch uses and maintains personally-identifiable information as set forth in this Policy.
We use Account Information to:
- authenticate Users;
- allow Users to administer and update their accounts, including their own Athlete Information, and;
- allow Users to view their, or their Participating Organizations’, reports and dashboards.
- In the case of Admins who created an account for a Participating Organization, Admins can generate and access reports about the Participating Organization, any applicable Groups, and the individual Users related to that Participating Organization through the App.
- In the case of Coaches, to allow the Coach to review information and reports through the App about the Athletes in the Participating Organization selected for their access by the Participating Organization’s Admin.
- In the case of Athletes using their own Account Information to log in as a part of a Participating Organization, to allow the Athlete to review their own individual workout and performance through the App. If an athlete’s email address is not entered, the athlete will have no ability to log in and view their data.
- For any Users who are not a part of a Participating Organization, Account Information is still used to generate and allow access to analysis and reports regarding the User’s workout. All such reports, and well as User’s authenticated access, are made available via the App.
We retain Account Information by default for the duration of the applicable account, and may retain Account Information (i) in “deactivated” form on our servers with respect to Demo accounts, such that these accounts can be recovered if the User later becomes a customer again, and/or (ii) following receipt of notice from a User that they wish to terminate their account or the account of a Participating Organization, we may require up to ninety (90) days to remove the Personal Information relating to that account from our systems.
We use Contact Information to collect feedback about our Services, to identify new potential customers, to correspond with, respond to, and interact with those who have contacted us through the Site regarding our Services, and to send emails to those who contacted us about Perch matters that may be of interest to them. We may use Contact Information we consider to represent a business “lead” to model our own automated advertising operations, but we do not use Contact Information of our customers for this purpose.
We retain Contact Information indefinitely on our own systems and our accounts on third party Customer relationship management systems unless and until we receive a request to delete it, in order to support our continuing interactions with those who have voluntarily contacted us.
We use Depth Video and other Usage Information to:
- Create records of workouts and analyze those workouts;
- Optimize, maintain, and update our products and Services;
- Conduct system analytics;
- Develop models, systems, and software that help our Users get more out of their workouts and the Perch services over time; and
- Generate workout and longitudinal performance reports for Users, groups, and Participating Organizations.
Depth Video Information and Account Information may be transmitted between devices that form a part of our Services via Bluetooth or wireless connection. Depth Video Information is deleted from the devices in gyms once it is processed and uploaded to our servers. We retain Depth Video and Usage Information, which does not alone identify any individual person, indefinitely in order to conduct the best possible analysis of performance trends across Users in an anonymized, de-identified format. User-identifying information associated with Depth Video information in a workout record is rendered meaningless (and can no longer identify an individual) when the applicable User is deleted, for example upon the applicable User’s request.
In general, in addition to the above, we use the Personal Information we collect to:
- To provide and facilitate your engagement with the Service;
- To respond to your inquiries, comments, feedback or questions;
- To send administrative information to you, for example, information regarding the Service, and changes to our terms, conditions, and policies;
- To administer promotions;
- To analyze how you interact with our Service;
- To maintain and improve the content and functionality of the Service;
- To develop and enhance new and existing features, products, and services;
- To prevent fraud, criminal activity, or misuses of our Service, and to ensure the security of our IT systems, architecture and networks; and
- To comply with legal obligations and legal process and to protect our rights, privacy, safety or property, and/or that of our affiliates, you or other third parties.
How do we store, share, and disclose your information?
Like most software companies, Perch uses a third party hosting provider to operate cloud servers. Our third party hosting solutions receive and store Account Information, Depth Video, and Usage Information for us, and may also store certain analyses of that data that Perch conducts from time to time.
Our servers are located in the United States, and are subject to industry-standard security mechanisms including encryption and firewall protections. Our hosting provider offers us certain additional security assurances and is contractually obligated to keep our data confidential. Only specific Perch employees with a concrete reason to maintain access to these servers are permitted to access our data and infrastructure (including our hosting servers), change or update User data, or perform other similar administrative functions.
Contact Information is submitted through a form operated by a third party service that facilitates interactions between websites and other business software tools, such as customer relationship management software. Third party services that offer software integrations with forms and marketing automation help us aggregate Contact Information and act upon it.
To assist us in providing you with Services, meeting business operations needs, or to perform certain services and functions, we may share Personal Information with other vendors and service providers, including providers of hosting and ecommerce solutions services, cloud services and other information technology services providers, event management services, email communication software and email newsletter services, advertising and marketing services, payment processors, customer relationship management and customer support services, and web analytics services (for more details on the third parties that place cookies through the Service, please see the “Cookies” section above).
If you choose to use the appointment scheduling, contact, or feedback mechanisms of the Site, we may use a third party functionality to facilitate your interactions with us. Perch has entered into contracts with each of these providers which promise to maintain the confidentiality of information submitted to them through Perch’s systems, but you can still choose whether and how much to share your Personal Information through these functions.
However, Perch may change to other third party providers at its discretion at any time, and will update this policy with any material changes to these providers that change the treatment of Contact Information set forth in this policy. Perch will send direct notices to Users only if Perch determines in its reasonable discretion that the change in provider will materially change the disclosures set forth in this Policy.
After submitting a contact form, you may be presented with an option to schedule a follow up call. You are not required to do so. However, if you choose to do so, you will submit information through the third party tool Hubspot, and Calendly’s policies and terms govern their handling of the information submitted to them.
Other disclosures and transfers:
We may transfer information as a part of a business transfer. In connection with a transfer, merger, reorganization, dissolution, bankruptcy, receivership, sale of all or a portion of our assets, transition of service to another provider, or similar corporate event, we may share or transfer your information to one or more third parties as part of that transaction, including during the negotiation of an actual or contemplated transaction. We may choose to buy or sell assets, and may share and/or transfer customer information in connection with the evaluation of and entry into such transactions.
We may transfer or use information in response to a formal legal request. We reserve the right to access, read, preserve, and disclose any information that we believe is necessary to comply with law or court order; enforce or apply our Terms of Service and other agreements; or protect the rights, property, or safety of Perch, our employees, our Users, or others. We may share information in response to a valid court order, warrant, governmental order, subpoena, or similar. In the case of legal requests, we may have reason to retain certain information for longer than otherwise set forth in this Policy.
We may use aggregate, anonymized derivatives of your information. Without identifying you, we may generate reports and/or analyses of the aggregate usage of our Services. For example, we may write a blog post about the most effective workout pacing based on Users across multiple Participating Organizations, or create templates based on that aggregate, anonymized data which we make available to our Users. We may use this data to improve our Services. We do not consider this Personal Information in this Policy.
We may share or use information with your specific consent. If you authorize us to do so, we may share information about you with others for marketing, publicity, or product feedback.
We may share your information with you through our API. Perch operates an application programming interface (“API”) that allows certain partners who have executed our API Agreement to access data about their accounts from our servers. API access provided to a Perch User gives that User, via a unique API key, access to the information on our systems which would otherwise be accessible through that User’s account. API access does not offer any User access to information that would not be otherwise available to Users according to their account’s existing access permissions. Our API allows Users to gain access through automated means to the same items of information about their account Users can access through the App and have submitted through the App. Use of the Perch API is not required for any User.
We may share your information with our affiliates. We may share information with our affiliates, meaning an entity that controls, is controlled by, or is under common control with Perch. Our affiliates may use the Personal Information we share in a manner consistent with this Policy.
How can I control the information Perch has about me? What are my privacy rights as a California resident?
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of personal information to third parties for such third parties’ direct marketing purposes; however, Perch does not share your information with third parties for direct marketing purposes.
Perch offers all of our Users certain options to exercise control over their information, regardless of their residency:
- Right to Know: You have the right to request that we disclose to you the Personal Information we collect, use, or disclose, and information about our data practices;
- Right to Request Deletion: You have the right to request that we delete your Personal Information that we have collected from you; and
- Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
To exercise your “right to know” or your “right to request deletion,” you can email us at email@example.com or visit https://support.perch.fit/kb-tickets/new to submit a ticket. Please note that any changes to your information as User may impact the records of your Participating Organization.
Please note that you can also ask your Participating Organization’s Admin User to change to your Personal Information within the App, and those changes become effective promptly.
If you contact Perch to change your data, we may take up to thirty (30) days to remove identifying information about you from our systems. Information about workouts you participated in that does not identify you may remain on our systems after we delete Identifying information.
Please note that to protect your information and the integrity of our Products, we may need to verify your identity before processing your request. In some cases we may need to collect additional information to verify your identity, such as a government issued ID. In some cases, we may also provide you with access to automated tools that help effect your requests.
Changes you can make using the Services. Our App provides Admins the ability to edit the name, email, and Athlete Information of Users within their Participating Organizations. Admins can choose to add or change photos. Users within a Participating Organization should contact their account Admin in order to make changes to their name, email, or photo on the System, as well as their Athlete Information. All Users have the ability to update their Athlete Information within their own profile.
How do we secure your information?
Our Site, App, and API operate using a Secure HTTP (HTTPS) protocol and Secure Socket Layer (“SSL”) technology.
Data sent between our Gym Devices travels over bluetooth and/or wifi. In the case of bluetooth, the security defaults on the device will apply to such transmissions. If you choose to use your own tablet device with Perch’s Services, its bluetooth and security setting will apply to your use of our Services. For Perch-originated devices, we use modern standards for secure bluetooth pairing. The security of any wifi network used for the Perch devices is driven primarily through your actions with respect to your own network configurations and security. Like any software or hardware, Perch Services may be vulnerable to attacks through wifi networks to which it connects.
Contact Information submitted through the Site is secured in transit using mechanisms created by our third party partners. Please refer to the Privacy Policies of these providers to learn more about their security and data handling practices.
Information sent from our Services, including Account Information, to our servers is encrypted both in transit and at rest. Additional security mechanisms, like firewalls, are used on our server storage spaces. Passwords are stored with additional encryption applied and are not accessible to Perch employees or executives. Other than passwords, Personal Information stored on our servers is accessible only to authorized, executive members of our team. If you wish to change your password, you can visit https://app.perch.fit/password-reset to do so.
While we take reasonable precautions to protect the security of your Personal Information, no transmission over the internet can be guaranteed to be secure. These measures include technical, procedural, monitoring and tracking steps intended to safeguard data from misuse, unauthorized access or disclosure, loss, alteration or destruction. However, we cannot ensure or warrant the security of any information you transmit to us, and you understand that any information that you transfer to Perch is done at your own risk.
How do we process data about children under 13 years of age?
We do not knowingly process data about children under the age of 13, and Perch Services are not offered by us for such persons. Children under the age of 13 are not permitted to use, access or register for the Services in any way. If you believe we have unknowingly collected data about a child under 13 years of age, please email us at firstname.lastname@example.org and we will endeavor to delete that information from our databases.
How does Perch handle Do Not Track signals?
Perch’s Services do not recognize, and cannot currently process, “Do Not Track” signals from browsers.
How will we update this Policy?
Perch reserves the right, at its sole discretion, to modify this Policy at any time and without prior notice. If we modify this Policy, we will post an updated version on this page, unless another type of notice is required by the applicable law. The date of the last modification will also be posted at the beginning of this Policy. It is your responsibility to check from time to time for updates. By continuing to access or use the Services, you consent to the modified Policies and the practices described in them.
How can I contact Perch?
If you have questions about this Policy, or about our use of your information, please contact us at email@example.com.
Catalyft Labs, Inc.
288 Norfolk Street,
Cambridge, MA 02139
NOTE TO PERCH: You don’t meet the thresholds for application of the California Consumer Privacy Act, nor the CPRA update to that law that will take effect over the next 2 years. However, I have described the means of user control over data I believe you can easily do, and which should preserve a compliance-ready structure for when/if you do want to move forward with more administrative matters. I will share an email with you summarizing more about how to keep yourselves CCPA and GDPR “ready.” For now, this section should just reflect what you can reasonably do today.