MyStones Privacy Policy
Last updated: 17.03.2026
Protecting Your Personal Data is part of Our Commitment.
MYSTONES GROUP Sàrl (registered number CHE-171.122.858) of Chemin du Bochet 18, 1024 Ecublens VD, Switzerland (“MYSTONES”, “us”, “we”, “our”) is committed to protecting and respecting your privacy.
When you interact with us through the MYSTONES website (mystones.ch) (the “Website”), our mobile application (the “App”) or otherwise (such as our official social media pages), you may provide, or we may collect, certain information from which you are personally identifiable (referred to as “personal data”). For the purposes of the Swiss Federal Data Protection Act and all other laws relating to the use of your personal data, such as the EU GDPR, the UK GDPR or otherwise (as applicable) (collectively, the “Privacy Laws”), MYSTONES is the data controller, meaning that we decide the reasons why your personal data is used.
Please read the following policy carefully to understand our views and practices regarding your personal data and how we will fulfil our commitment to protecting and respecting your privacy.
Changes to our privacy policy
Any changes we may make to our privacy policy in the future will be posted on this page of our Website, which will also be available through the App, and, where appropriate, you will also be notified by email. However, we advise that you check this page regularly to keep up to date with any necessary changes.
Data that we may collect about you
You may provide to us, or we may collect from you, the following types of personal data when you interact with us (through our Website, when you sign up for our mailing list, or when you create a profile on our App or otherwise interact with our App):
- CONTACT DATA: first name, surname, date of birth, email address, nationality, and telephone number;
- PROFILE DATA:your subscription status, preferences for communication, feedback on your experiences of using the App, responses to voluntary surveys, and the email addresses of coaches or contacts with whom you choose to share your Training & Wellbeing Data;
- ATHLETE DATA: gender, weight, height, training background, body-segment measurements (such as limb lengths), dominant leg, and other information you choose to include in your athletic profile;
- TRAINING & WELLBEING DATA: information about your training sessions, recovery status, emotional or physical self-assessments, club affiliation, event specialisation, training level and performance logs (including personal best records), comments (about yourself or from coaches);
- MEDIA DATA: any photos or videos you choose to upload in connection with your training or performance;
- TECHNICAL DATA: device IDs / logs, browser type, IP address and operating system; and
- USAGE DATA: Website, App and feature usage statistics, session duration, navigation patterns, and crash logs.
Other than, your first name, surname, date of birth and email address, which will be mandatory for you to use our App, you will not have to give us any of this data above but if you don’t, you may not be able to use certain functions and may not receive the optimal user experience.
Please read our Cookies Policy carefully for more information.
Special categories of data
Please note that some of the data described above constitute “special categories of data”, which are afforded a higher level of protection under applicable Privacy Laws because they are more sensitive. Special categories of data include personal information relating to your race or ethnic origin, religious or philosophical beliefs, trade union membership, genetics, biometrics, health, sex life or sexual orientation. We will only collect this type of data to the extent you provide it, but please note that you do not need to provide this type of data if you do not wish to provide it as we do not necessarily require it.
In any case, any information you upload onto the App in respect of (among others) any injuries, disease, disability, clinical treatment, recovery status, emotional or physical self-assessments, may qualify as special categories of data under applicable Privacy Laws.
We process special categories of data only with your explicit consent, which you can provide when creating your account, and when activating performance and wellbeing features within the App.
You may withdraw your consent at any time by contacting us at contact@mystones.ch or by adjusting your account settings on the App. However, withdrawing consent may limit certain core features of the App, including performance insights and injury-risk analysis.
Why do we use your data and what are our legal grounds?
The table below sets out how we use your personal data and our lawful basis for doing so in each case.
| Why we use your data | What data we use | Why we’re allowed to use your data for these purposes |
|---|---|---|
| To create and manage your account, provide access to the App, and deliver the services you request (including training logs, performance insights, and personalised recommendations). | All | Performance of our contract Legitimate interest (to improve our user experience) Consent |
| To add you to our mailing list and to send marketing emails | Contact Data, Profile Data | Perform our contract with you Necessary to comply with a legal obligation Legitimate interests (for the effective operation of our business) Consent |
| To analyse your training methods and performance by using automated tools to extract biomechanical information (such as joint angles, movement patterns or body-segment positions) to provide training insights | Athlete Data, Training & Wellbeing Data, Media Data | Performance of our contract Legitimate interest (to provide performance and training insights) Consent (for health-related and biomechanical data and/or in respect of uploading images and videos of minors) |
| To generate insights about your movement patterns, performance trends and provide injury-risk analysis and mitigation indicators | Athlete Data, Training & Wellbeing Data, Media Data | Performance of our contract Legitimate interest (to provide performance and training insights and support injury-risk mitigation) Consent (for health-related and biomechanical data and/or in respect of uploading images and videos of minors) |
| To share your user profile and your training and performance data with other users of the App (e.g. an athlete user sharing profile with a coach user) | Profile Data, Athlete Data, Training & Wellbeing Data, Media Data | Legitimate interest (to improve our user experience) Consent |
| To connect your account with our external API competition database provider (Tilastopaja). | Contact Data, Athlete Data, Training & Wellbeing Data | Consent |
| To connect your account with the third party platform provider (Strava). | Contact Data, Athlete Data, Training & Wellbeing Data | Consent |
| To communicate with you about updates to our services, Terms & Conditions, or Privacy Policy. | Contact | Performance of our contract Necessary to comply with a legal obligation |
| To administer and protect our company, our Website, App and our products (including troubleshooting, data analysis, testing, maintenance and support) | Contact, Technical Data, Usage Data | Legitimate interests (for the effective administration of our business, Website, App and products) Necessary to comply with a legal obligation |
| To improve our Website, App, and user experience through analytics and performance monitoring. | Technical Data, Usage Data | Legitimate interests (to develop and improve our Website, App and services) |
| To understand who is using our Website and App (including any in-App purchases) | Contact Data, Profile Data, Technical Data, Usage Data | Legitimate interests (to develop our business and understand our customer base to inform our marketing strategy) |
| To provide customer support, including answering your questions by email | All | Perform our contract with you Legitimate interests (to ensure our users / customers are satisfied with our products and services) |
| To ensure the security and integrity of our Website and App. | Contact Data, Profile Data, Technical Data, Usage Data | Legitimate interests (to prevent and detect fraud and criminal activity) |
| To improve and develop our biomechanical models, algorithms, and training insights (research & development). | Contact Data, Profile Data, Athlete Data, Training & Wellbeing Data, Media Data, Technical Data, Usage Data | Legitimate interests (for research and development purposes, to improve and innovate our services, to keep our Website and App updated and relevant) Consent (for health-related and biomechanical data and/or in respect of uploading images and videos of minors; in the case of Media Data) |
Where data is used for research and development purposes, we will aim to anonymise or aggregate data. We implement technical and organisational safeguards to prevent re-identification. Our research and innovation partners (such as EPFL, Swiss Athletics, or design collaborators) are contractually prohibited from attempting to identify individual users.
Where we anonymise and aggregate personal data, you will not be personally identifiable from such data, so we are allowed to use this for any purpose (such as testing our systems and carrying out customer research and analysis).
Any insights that MYSTONES generates and provides regarding your movement patterns, performance trends and potential injury-risk factors shall be supportive recommendations only. Final training, medical, or participation related decisions shall always be made by the athlete and/or their coach. We do not make solely automated decisions that produce legal or similarly significant effects concerning you.
We do not use identifiable personal data for commercial resale purposes.
Do we store and transfer/handle your data outside of Switzerland or the EEA?
Your personal data is stored securely in Google Cloud Platform (Zurich, Switzerland, europe-west6 region) and accessed only by authorised MYSTONES personnel.
We may share your personal data, including any related anonymised and aggregated insights, with trusted third party suppliers, third party API partner (Tilastopaja), third party platform provider (Strava) and/or research or innovation partners, some of which are based outside of Switzerland and/or the EEA, meaning their processing of your personal data will involve a transfer of data outside Switzerland and/or the EEA. In the case of any data we share with our research or innovation partners, we will anonymise and aggregated such data and use such data strictly for research, development, and product-improvement purposes only.
Whenever we transfer your personal data outside of Switzerland and/or the EEA, we ensure a similar degree of protection is afforded to it by implementing Standard Contractual Clauses or equivalent safeguards.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Disclosure of your information
We may disclose your personal data to the following types of third parties:
- our service providers who assist with things like IT infrastructure, analytics tools, and customer-feedback platforms;
- an external API partner which provides competition databases as our subprocessor, Tilastopaja, but only when you choose to connect your account to their services on your profile;
- an external platform provider, Strava, to synchronise your training activities and related data with relevant data stored on your Strava account and to import such data onto your profile on our App, but only when you choose to connect your account to their services on your profile;
- professional advisers, such as lawyers or auditors, only where necessary;
- companies who assist with our marketing, customer surveys and feedback tools;
- third parties who help us detect fraud or criminal activity;
- other users of the App (an athlete user may grant access to a coach user); and/or
- our group companies (if applicable).
We may also need to disclose your personal data in the following circumstances:
- if we are required to do so by law or pursuant to a binding regulatory request (in each case, such disclosure will be solely to the extent required by law or the applicable regulatory request);
- in the event that we sell or buy any business or assets we may be required to disclose certain of your personal data to the prospective seller or buyer of such business or assets; or
- in order to enforce or apply our terms of use and other agreements.
We do not sell your personal data, and we do not share identifiable personal data with third parties for their own marketing purposes.
If we want to share your personal data with third parties for the purpose of them marketing their own products and services to you, we will always get your consent before doing so. You always have the right to opt-out of third party marketing at any time by contacting us or using the unsubscribe function in the relevant email.
Keeping your data secure
We have implemented industry-standard technical and organisational security measures, including encryption in transit and at rest, strict access controls, and regular system monitoring, to prevent unauthorised access to or use, alteration, or loss of your personal data.
Third parties who process your personal data on our behalf are contractually bound to maintain appropriate confidentiality and security safeguards. While we take reasonable steps to protect your information, the transmission of data via the internet is not completely secure. Accordingly, any transmission is at your own risk. Where you have been given (or have chosen) a password to access certain parts of our Website, App or other services, you are responsible for keeping this password confidential and must not share it with anyone else.
How long will we keep your data?
We will retain your personal data only for as long as necessary to fulfil the purpose(s) for which it was collected, including to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements.
Once you no longer wish to be engaged with us, we may still need to keep hold of your data if there is a legal reason for doing so (e.g. for tax purposes or where we are resolving a dispute with you), but we will only retain the data which is strictly necessary for such reason and thereafter, will remove this data from our systems.
Aggregated and anonymised data used to improve our services, algorithms, and analytical models do not contain personally identifiable information and cannot be reversed to identify individual users. Such data may be retained indefinitely.
Third party sites
This policy only applies to our Website and our App. If you leave our Website or our App via a link or otherwise, you will be subject to the policy of that website or app provider. We have no control over third-party policies or the terms of the relevant third-party website or app, and you should therefore check their policy before continuing to access the third-party site or app.
Children’s data
Our Website and/or App may only be used by athletes who are 14 years of age or older but, if you are under 18, you may only do so with verified parental or legal guardian consent (including when videos or images are uploaded onto profiles on the App). Where required by applicable Privacy Laws, we will obtain parental consent before processing any such personal data relating to you if you are under 18 years of age. If we become aware that such personal data has been collected from a minor without appropriate consent, we will delete such data as soon as reasonably possible. If you believe that a child has provided us with personal data without parental or legal guardian consent, please contact us at contact@mystones.ch.
Your rights
You have various rights under the Privacy Laws which entitle you, in certain circumstances, to:
- ask us for a copy of the personal data we hold about you;
- correct or update your personal data, which you can do yourself by logging into your account (if relevant) or if you would prefer, please contact us and we can assist;
- request that we delete your personal data;
- object to the handling of your personal data where we are relying on a legitimate interest (as set out in the above table);
- restrict the processing of your personal data;
- request the transfer of your personal data (or some of it) to a third party service provider; or
- where you have provided your consent for something, in certain circumstances, you may withdraw this consent (but note that we may continue to use your personal data if we have legal grounds for doing so).
Please contact us if you would like to exercise your rights, which you can do for free. The only time we may charge a reasonable fee is where your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. Otherwise, we will always respond within one month (unless there is a legal reason for us to take longer).
If it is not clear to us who is making the request, we may ask you to confirm your identity before we proceed.
You may also contact the Swiss Federal Data Protection and Information Commissioner (the “FDPIC”) if you are based in Switzerland or your local supervisory authority responsible for data protection if you are based in the EU or otherwise, if you have any concerns about the way we are handling your personal data. However, where possible, please speak to us first as we would appreciate the opportunity to help with your concern.
Data protection impact assessment statement
Where required under applicable Privacy Laws, we conduct data protection impact assessments when introducing new high-risk processing activities, such as advanced biomechanical modelling or injury-risk analysis features.
How to opt-out of marketing
To unsubscribe from newsletters or any other marketing emails, you simply need to click on the unsubscribe link at the bottom of the relevant communication you have received. Alternatively, please contact us (as detailed below) to opt-out of these communications.
Contact
Questions, comments and requests are welcomed and should be addressed to: (i) if sent by post, MYSTONES GROUP Sàrl of Chemin du Bochet 18, 1024 Ecublens VD, Switzerland; or (ii) if sent by email contact@mystones.ch.