Privacy Policy
Last Updated: March 31, 2026
This Privacy Policy for Strand Ventures, LLC ("we," "us," or "our") describes how and why we collect, store, use, and share your personal information when you use our services ("Services"), including when you:
- Download and use our mobile application, Dune Fitness, or any other application of ours that links to this Privacy Policy.
- Use Dune Fitness — a mobile fitness app that allows users to log workouts, track progress, calculate one-rep maximums, and manage calorie goals. The app also supports a trainer-client model, enabling personal trainers to monitor and program workouts for their clients. Available on iOS and Android.
- Engage with us in other related ways, including any sales, marketing, or events.
Questions or concerns? Reading this Privacy Policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you have questions or concerns, please contact us at support@dunefitness.co.
Summary of Key Points
What personal information do we process? When you use our Services, we may process personal information depending on how you interact with the app, the choices you make, and the features you use.
Do we process any sensitive personal information? Yes. We process health and fitness data, including body weight, exercise metrics, and calorie data, with your consent.
Do we collect any information from third parties? No. We do not collect information from third parties.
How do we process your information? We process your information to provide and improve our Services, communicate with you, for security and fraud prevention, and to comply with applicable law.
With whom do we share personal information? We may share information in specific situations with specific third parties, as described in Section 4 below.
How do we keep your information safe? We have organizational and technical processes in place to protect your personal information. However, no electronic transmission or storage technology is 100% secure.
What are your rights? Depending on your location, applicable privacy law may give you certain rights regarding your personal information.
How do you exercise your rights? Submit a data subject access request or contact us directly at support@dunefitness.co. We will act upon any request in accordance with applicable data protection laws.
1. What Information Do We Collect?
Personal Information You Disclose to Us
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide when you register on the Services, express an interest in obtaining information about our products and Services, participate in activities on the Services, or otherwise contact us.
Personal Information Provided by You. The personal information we collect may include the following:
- Names
- Email addresses
- Usernames
- Passwords
Additional Personal Information. Dune Fitness also collects the following additional personal information:
Health and Fitness Data — including body weight, workout logs, exercise sets, repetitions, weight lifted, rest intervals, and calculated fitness metrics such as estimated one-rep maximums. This data is collected to provide personalized workout tracking, progress monitoring, and performance analysis.
Calorie Data — including daily calorie targets and calorie totals entered or calculated by the user. This data is collected to support fitness goal tracking and workout completion summaries.
Demographic Data — including month and year of birth. This data is collected to verify that users meet the minimum age requirement of 13 years, to support calorie calculations, and to determine eligibility for certain app features.
Trainer-Client Relationship Data — including trainer assignments, client lists, and programming notes entered by trainers. This data is collected to support the dual trainer-client functionality of the application.
Device and Usage Data — including device identifiers, operating system information, app version, and crash report data. This data is collected automatically via Google Firebase to maintain app performance, diagnose technical issues, and improve application stability.
Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:
- Health data (body weight, exercise metrics, calorie data)
- Account login information
Application Data
If you use our application, we may also collect the following information if you choose to provide us with access or permission:
- Mobile Device Access. We may request access to certain features from your mobile device, including storage and other features. You may change our access permissions in your device settings at any time.
- Mobile Device Data. We automatically collect device information such as your mobile device ID, model, manufacturer, operating system, version information, system configuration, device and application identification numbers, browser type and version, hardware model, internet service provider and/or mobile carrier, and IP address.
- Push Notifications. We may request to send you push notifications regarding your account or certain features of the application. You may opt out by turning off notifications in your device settings.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes.
Information Automatically Collected
In Short: Some information is collected automatically when you visit our Services.
We automatically collect certain information when you use or navigate the Services. This information does not reveal your specific identity but may include device and usage information such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, and information about how and when you use our Services.
Log and Usage Data. Our servers automatically collect service-related, diagnostic, usage, and performance information when you access our Services. This may include your IP address, device information, browser type, and information about your activity in the Services such as date/time stamps, features used, and error reports.
Device Data. We collect information about your phone, tablet, or other device used to access the Services, including IP address, device and application identification numbers, browser type, hardware model, internet service provider and/or mobile carrier, operating system, and system configuration information.
Location Data. We collect location data such as information about your device's location based on your IP address. You can opt out by disabling Location settings on your device, though this may affect certain aspects of the Services.
Google API. Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
2. How Do We Process Your Information?
In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.
We process your personal information for the following purposes:
- To facilitate account creation and authentication and otherwise manage user accounts.
- To deliver and facilitate delivery of services to the user.
- To respond to user inquiries and offer support to users.
- To send administrative information to you, including details about our products and services and changes to our terms and policies.
- To enable user-to-user communications, including trainer-client interactions within the platform.
- To request feedback and contact you about your use of our Services.
- To protect our Services as part of our efforts to keep them safe and secure, including fraud monitoring and prevention.
- To identify usage trends and better understand how our Services are being used so we can improve them.
- To save or protect an individual's vital interest, such as to prevent harm.
- To calculate personalized fitness metrics, including calorie targets and estimated one-rep maximums, based on user-provided health and demographic data.
3. What Legal Bases Do We Rely On to Process Your Information?
In Short: We only process your personal information when we have a valid legal reason to do so.
If you are located in the EU or UK, the GDPR and UK GDPR require us to explain the valid legal bases we rely on. We may rely on the following legal bases:
- Consent. We may process your information if you have given us permission to use your personal information for a specific purpose. You can withdraw your consent at any time by contacting us.
- Performance of a Contract. We may process your personal information when necessary to fulfill our contractual obligations to you, including providing our Services.
- Legitimate Interests. We may process your information when reasonably necessary to achieve our legitimate business interests, such as analyzing how our Services are used to improve them, diagnosing problems, and preventing fraudulent activities.
- Legal Obligations. We may process your information where necessary for compliance with our legal obligations, such as cooperating with law enforcement or regulatory agencies.
- Vital Interests. We may process your information where necessary to protect your vital interests or those of a third party.
If you are located in Canada, we may process your information if you have given us express or implied consent. You can withdraw your consent at any time. In some exceptional cases we may be legally permitted to process your information without consent, as permitted under applicable Canadian law.
4. When and With Whom Do We Share Your Personal Information?
In Short: We may share information in specific situations and with specific third parties.
We may need to share your personal information in the following situations:
- Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business.
- Other Users. When you share personal information or interact with public areas of the Services, such information may be viewed by other users. Similarly, other users will be able to view your activity descriptions, communicate with you within the Services, and view your profile, including trainer-client relationships within the platform.
- Google Firebase. We use Google Firebase for backend infrastructure, authentication, and analytics. Firebase acts as a third-party data processor on our behalf and is subject to Google's Data Processing Terms. For more information, please visit firebase.google.com/support/privacy.
5. Do We Use Cookies and Other Tracking Technologies?
In Short: We may use cookies and other tracking technologies to collect and store information.
We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some tracking technologies help us maintain the security of our Services, prevent crashes, fix bugs, save your preferences, and assist with basic app functions.
Google Analytics. We may share your information with Google Analytics to track and analyze use of the Services. To opt out of being tracked by Google Analytics, visit https://tools.google.com/dlpage/gaoptout. For more information on Google's privacy practices, visit the Google Privacy & Terms page.
6. Is Your Information Transferred Internationally?
In Short: We may transfer, store, and process your information in countries other than your own.
Our servers are located in the United States via Google Firebase infrastructure. If you are located outside the United States, please be aware that your information may be transferred to, stored in, and processed in the United States, which may not have data protection laws as comprehensive as those in your country. However, we will take all necessary measures to protect your personal information in accordance with this Privacy Policy and applicable law.
European Commission's Standard Contractual Clauses. We have implemented the European Commission's Standard Contractual Clauses for transfers of personal information to our third-party providers, including Google Firebase. These clauses require all recipients to protect personal information originating from the EEA or UK in accordance with European data protection laws. Our Data Processing Agreement, which includes Standard Contractual Clauses, is available at: https://firebase.google.com/support/privacy.
7. How Long Do We Keep Your Information?
In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law. We will not keep your personal information for longer than one (1) month past the termination of your account.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it. If deletion is not immediately possible (for example, because your information has been stored in backup archives), we will securely store your personal information and isolate it from further processing until deletion is possible.
8. How Do We Keep Your Information Safe?
In Short: We aim to protect your personal information through organizational and technical security measures.
We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process, including encryption of data in transit via Google Firebase infrastructure. However, despite our safeguards, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. You should only access the Services within a secure environment.
9. Do We Collect Information from Minors?
In Short: We do not knowingly collect data from or market to children under 13.
Dune Fitness is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a user is under 13, we will terminate that user's account and delete all associated personal data. If you believe we may have collected information from a child under 13, please contact us immediately at support@dunefitness.co.
10. What Are Your Privacy Rights?
In Short: Depending on your location, you may have certain rights regarding your personal information.
In some regions (such as the EEA, UK, Switzerland, and Canada), you have rights under applicable data protection laws, including the right to: (i) request access to and obtain a copy of your personal information; (ii) request rectification or erasure; (iii) restrict the processing of your personal information; (iv) if applicable, data portability; and (v) not be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information. To make such a request, contact us using the details in Section 15.
If you are located in the EEA or UK and believe we are unlawfully processing your personal information, you have the right to complain to your Member State data protection authority or the UK data protection authority. If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
Withdrawing your consent. If we are relying on your consent to process your personal information, you have the right to withdraw that consent at any time by contacting us at support@dunefitness.co or updating your preferences in the app.
Account Information
You may review or change your account information at any time by logging into your account settings. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases, subject to our data retention obligations. To submit a data deletion request, please visit dunefitness.co/privacy.
11. Controls for Do-Not-Track Features
Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals. If a standard for online tracking is adopted that we must follow in the future, we will inform you in a revised version of this Privacy Policy.
California law requires us to let you know how we respond to web browser DNT signals. Because there currently is not an industry or legal standard for recognizing or honoring DNT signals, we do not respond to them at this time.
12. Do United States Residents Have Specific Privacy Rights?
In Short: If you are a resident of California or other applicable US states, you may have additional rights regarding your personal information.
Depending on your state of residence, you may have the right to request access to and receive details about the personal information we maintain about you, correct inaccuracies, obtain a copy of, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law.
Categories of Personal Information We Collect
The following table summarizes the categories of personal information we have collected in the past twelve (12) months:
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Name, email address, username, IP address, account name | YES |
| B. California Customer Records | Name, contact information, financial information | NO |
| C. Protected classification characteristics | Age, date of birth, and other demographic data | YES (limited) |
| D. Commercial information | Transaction information, purchase history, payment information | NO |
| E. Biometric information | Fingerprints and voiceprints | NO |
| F. Internet or network activity | Browsing history, online behavior, app usage data | YES (limited) |
| G. Geolocation data | Device location | YES (approximate, IP-based) |
| H. Audio, electronic, sensory information | Images, audio, video recordings | NO |
| I. Professional or employment information | Job title, work history, professional qualifications | NO |
| J. Education information | Student records and directory information | NO |
| K. Inferences from personal information | Profiles or summaries about individual preferences | NO |
| L. Sensitive personal information | Health data, account login information | YES |
We only collect sensitive personal information for purposes allowed by law or with your consent. Sensitive personal information may be used or disclosed to a service provider for specified purposes. You may have the right to limit the use or disclosure of your sensitive personal information.
Retention. We will retain Category L sensitive personal information for as long as you have an account with us, plus one (1) month following account termination.
Your Rights
You have the following rights under applicable US state data protection laws:
- Right to know whether or not we are processing your personal data
- Right to access your personal data
- Right to correct inaccuracies in your personal data
- Right to request the deletion of your personal data
- Right to obtain a copy of the personal data you previously shared with us
- Right to non-discrimination for exercising your rights
- Right to opt out of the processing of your personal data if used for targeted advertising, the sale of personal data, or profiling
Depending on your state, you may also have additional rights as provided under applicable state privacy law, including rights available to residents of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia.
How to Exercise Your Rights
To exercise your rights, you may submit a data subject access request, email us at support@dunefitness.co, or refer to the contact details in Section 15. Under certain US state data protection laws, you may designate an authorized agent to make a request on your behalf.
Request Verification
Upon receiving your request, we will need to verify your identity to confirm you are the same person about whom we have information in our system. We will only use personal information provided in your request to verify your identity. If we cannot verify your identity from information already maintained by us, we may request additional information for verification and security purposes.
Appeals
Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at support@dunefitness.co. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of our reasons. If your appeal is denied, you may submit a complaint to your state attorney general.
California "Shine The Light" Law
California Civil Code Section 1798.83 permits California residents to request, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing using the contact details in Section 15.
13. Do Other Regions Have Specific Privacy Rights?
In Short: You may have additional rights based on the country you reside in.
Australia and New Zealand
We collect and process your personal information under the obligations and conditions set by Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020. This Privacy Policy satisfies the notice requirements defined in both Privacy Acts. If you do not wish to provide personal information necessary to fulfill its applicable purpose, it may affect our ability to provide our services, respond to your requests, manage your account, or confirm your identity.
You have the right to request access to or correction of your personal information at any time by contacting us using the details in Section 15. If you believe we are unlawfully processing your personal information, you have the right to submit a complaint to the Office of the Australian Information Commissioner or the Office of New Zealand Privacy Commissioner.
Republic of South Africa
You have the right to request access to or correction of your personal information at any time by contacting us using the details in Section 15. If you are unsatisfied with how we address any complaint regarding our processing of your personal information, you may contact the Information Regulator (South Africa) at enquiries@inforegulator.org.za.
14. Do We Make Updates to This Policy?
In Short: Yes, we will update this policy as necessary to stay compliant with relevant laws.
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated date at the top of this Privacy Policy. If we make material changes to this Privacy Policy, we will notify you either by prominently posting a notice of such changes within the app or by directly sending you a notification. We encourage you to review this Privacy Policy periodically to stay informed of how we are protecting your information.
15. How Can You Contact Us About This Policy?
If you have questions or comments about this Privacy Policy, you may contact us at:
Strand Ventures, LLC
410 31st St
Manhattan Beach, CA 90266
United States
Email: support@dunefitness.co
Website: dunefitness.co
16. How Can You Review, Update, or Delete the Data We Collect from You?
Based on the applicable laws of your country or state of residence, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law.
To request to review, update, or delete your personal information, please submit a data subject access request at dunefitness.co/privacy, or contact us directly at support@dunefitness.co.
© 2026 Strand Ventures, LLC. All rights reserved. | dunefitness.co