Privacy Policy

Last updated: 25 March 2026

1. Who We Are

Frontier Performance ("we", "us", "our") is a human performance monitoring platform operated by Chris Parrott. Our platform is accessible at app.frontierperformance.org.

2. Data We Collect

We collect and process the following categories of data:

• Biometric data: Blood oxygen saturation (SpO₂), heart rate, skin temperature, perfusion index, and signal quality from wearable sensors (e.g. OxiWear, Garmin, Polar).
• Location data: GPS coordinates and barometric altitude from wearable devices, used to correlate physiological responses with elevation.
• Activity data: Workout sessions, sleep data, and training metrics synced from third-party platforms (Garmin Connect, Polar Flow, Oura, Strava).
• Account data: Name, email address, and authentication credentials used to access the platform.

3. How We Use Your Data

• To provide real-time and historical physiological monitoring and analysis.
• To calculate hypoxic dose, acclimatisation metrics, and altitude-adjusted health indicators.
• To generate alerts for potential altitude illness (HACE, HAPE) during expeditions.
• To support research into human performance at altitude, with participant consent.
• To improve our platform and services.

4. Data Storage and Security

All data is stored in Google Cloud Firestore (EU region: europe-west2, London). The platform runs on Google Cloud Run (europe-west1, Belgium). All data is encrypted in transit (TLS 1.3) and at rest (Google-managed encryption). Access to the platform requires authentication.

5. Third-Party Integrations

When you connect third-party services (Garmin Connect, Polar Flow, Oura, Strava), we access your data through their official APIs using OAuth authentication. We only request the minimum scopes necessary. You can disconnect any integration at any time, which removes stored access tokens.

6. Data Sharing

We do not sell your data. We may share anonymised, aggregated research data with academic collaborators (e.g. university research partners) only with your explicit consent. Individually identifiable data is never shared without your permission.

7. Data Retention

We retain your data for as long as your account is active or as needed to provide services. You can request deletion of your data at any time by contacting us. Research data may be retained in anonymised form for academic purposes.

8. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Object to or restrict processing of your data.
• Data portability — receive your data in a structured, machine-readable format.
• Withdraw consent at any time where processing is based on consent.

9. Cookies

The platform uses essential session cookies for authentication. We do not use tracking cookies or third-party analytics.

10. Contact

For any privacy-related questions or to exercise your rights, contact us at:

Email: [email protected]

11. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the platform. The "Last updated" date at the top reflects the most recent revision.