TANDEM AI

TANDEM AI Privacy Policy

Effective Date: October 5, 2025

Last Updated: October 5, 2025

1. Overview

Bleeker Street Digital LLC, doing business as TANDEM AI (“we,” “our,” or “us”), is committed to protecting your privacy and giving you full control over your personal health data.

TANDEM AI pairs certified human trainers with an always-on AI coach that helps you improve your fitness, recovery, sleep, and nutrition. We follow privacy-by-design principles — you own your data, consent is always required, and you can delete your information at any time.


2. Information We Collect

We collect only the data needed to deliver personalized coaching and improve your experience.

(a) Information you provide

  • Onboarding responses (e.g., goals, injuries, preferences, available equipment)

  • Session notes, surveys, and check-ins

  • Messages or feedback you exchange with your coach or AI assistant

(b) Health and activity data

  • Apple HealthKit and other wearable data (workouts, sleep, heart rate, HRV, steps, nutrition)

(c) Context and environment

  • Calendar data (if connected)

  • Location (only with explicit opt-in)

  • Device information (for delivery and reliability of SMS/app messages)

(d) Automatically collected data

  • Usage logs, session timestamps, device type, OS version, and crash diagnostics

3. How We Use Your Information

We use your data to:

  • Generate, personalize, and adjust your training, recovery, and nutrition plans

  • Send contextual nudges and reminders via SMS or in-app messages

  • Enable your human coach to monitor progress and provide tailored feedback

  • Improve our AI models and product features (using aggregated, anonymized data)


4. Data Sharing

We share your data only when necessary to provide the TANDEM AI service:

  • With your trainer or studio, to deliver personalized programs and track progress

  • With authorized third parties you connect (e.g., HealthKit, Stripe, booking platforms)

  • With service providers who process data securely on our behalf (e.g., hosting, analytics, SMS delivery)

5. Data Storage and Security

  • All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

  • Health and location data are stored separately from identity data.

  • Access is limited to authorized personnel and your assigned coach.

  • We conduct regular security assessments and follow industry-standard best practices.

7. Your Rights and Controls

You can:

  • View, edit, or delete your account and health data at any time

  • Withdraw consent for specific data types (e.g., location, biometrics)

  • Disconnect integrations such as HealthKit or calendar sync

  • Request a full data export or permanent deletion (“Right to Forget”)

To exercise these rights, contact us at [email protected].


8. Data Retention

We retain your data only as long as needed to provide our services or comply with law.

  • Short-term data (e.g., chat session context) is deleted after use.

  • Working memory (e.g., temporary plans) expires after 30–90 days unless renewed.

  • Long-term preferences (e.g., allergies, equipment inventory) remain until you delete or update them.

9. International Transfers

If you are outside the United States, your data may be processed in the U.S. or other jurisdictions that may not provide the same level of protection. We use approved safeguards to ensure compliance with applicable data-protection laws (such as the GDPR standard contractual clauses, where applicable).


10. Children’s Privacy

TANDEM AI is intended for individuals 18 years or older. We do not knowingly collect information from minors. If you believe a minor has provided us with data, please contact us for deletion.


11. Changes to This Policy

We may update this Privacy Policy from time to time. Material updates will be communicated via email, or in-app notice. The “Last Updated” date at the top of this page reflects the latest revision.


12. Contact Us

If you have any questions, concerns, or privacy requests, please contact:

Bleeker Street Digital LLC d/b/a TANDEM AI

📧 [email protected].

📍 429 w 24th Street, APT 2e, New York, NY 10011

Appendix A — Jurisdictional Compliance


1. For Residents of the European Union (EU) and United Kingdom (UK)

We comply with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the UK GDPR.

1.1 Legal Bases for Processing

We process your personal data only when one or more of the following bases apply:

  • Consent: You have given clear consent for specific processing (e.g., sharing HealthKit or location data).

  • Contract: Processing is necessary to deliver our coaching services under your agreement with TANDEM AI.

  • Legal obligation: To comply with applicable laws (e.g., tax, fraud prevention).

  • Legitimate interests: For product improvement, analytics, or security—never overriding your fundamental rights.

1.2 Data Controller and Processor Roles

  • Bleeker Street Digital LLC d/b/a TANDEM AI acts as the data controller for member accounts created directly with THRIIV.

  • When TANDEM AI is used through a partner studio, that studio is a joint controller for client data; TANDEM AI acts as a data processor under a Data Processing Addendum (DPA).

1.3 Data Transfers

When transferring data outside the EU or UK (e.g., to U.S. servers), we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, and

  • Appropriate technical and organizational safeguards (encryption, access controls, audit logs).

1.4 Your GDPR Rights

You have the right to:

  • Access your personal data

  • Rectify inaccurate or incomplete data

  • Erase your data (“Right to be Forgotten”)

  • Restrict or object to processing

  • Data portability (receive your data in a structured, machine-readable format)

  • Withdraw consent at any time without affecting prior processing

To exercise your rights, email [email protected] with “GDPR Request” in the subject line.

You may also lodge a complaint with your local supervisory authority (e.g., the ICO in the UK or CNIL in France).


2. For Residents of California (CCPA / CPRA)

If you are a resident of California, we comply with the California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA).

2.1 Your Rights

You have the right to:

  • Know what personal information we collect, use, disclose, or sell

  • Request deletion of your personal information

  • Correct inaccurate personal information

  • Opt out of “selling” or “sharing” personal information (TANDEM AI does not sell or share data for advertising)

  • Limit the use and disclosure of sensitive personal information (e.g., health, location, biometric data)

  • Non-discrimination for exercising your rights

2.2 Exercising Your Rights

Submit a request to [email protected] with “CCPA Request” in the subject line.

We will verify your identity before fulfilling any request.

Authorized agents may act on your behalf with proper written consent.

2.3 Sensitive Information Handling

TANDEM AI processes health-related data (workouts, heart rate, sleep, nutrition) only with explicit consent.

Such data is never shared with third parties for cross-context behavioral advertising.


3. For U.S. Users — HIPAA & Health Data

TANDEM AI is not a covered entity under the U.S. Health Insurance Portability and Accountability Act (HIPAA) but follows equivalent privacy and security standards for handling health-related information.

  • Studios that integrate TANDEM AI may themselves be HIPAA-covered entities. In such cases, TANDEM AI acts as a Business Associate and will sign a Business Associate Agreement (BAA) on request.

  • All health data (e.g., HealthKit, performance metrics) is used solely for fitness coaching and never for medical diagnosis or treatment.

We honor Apple’s HealthKit Developer Guidelines, which prohibit sharing HealthKit data with third parties for marketing or advertising.


4. Data Protection Officer (DPO) and Contact Information

Data Protection Officer (DPO):

Bleeker Street Digital LLC d/b/a TANDEM AI

📧 [email protected]

📍 429 w 24th Street, APT 2e, New York, NY 10011

Attn: Data Protection Officer

5. Additional Jurisdictional Notes

  • Canada (PIPEDA): We comply with the principles of accountability, consent, and limiting use and disclosure.

  • Australia (Privacy Act 1988): You may request access or correction of your data by emailing [email protected].

  • International Users: By using TANDEM AI, you consent to data transfer and processing in the United States under these safeguards.

6. Version and Updates

This Appendix is effective as of October 5, 2025 and will be updated as privacy laws evolve. The most recent version will always be available at tandemailabs.com/privacy-policy