Privacy Policy
1082704 LLC (doing business as Skimo School and Sagittura, including Mountain Metrics and any other products and services we operate)
Last updated: May 5, 2026
This Privacy Policy describes what information 1082704 LLC ("we", "us", "our") collects, how it is used and shared, and what rights you have over it. It applies to all products and services we operate, including:
- The website at skimoschool.com (and any other domains we operate, including those used for Sagittura)
- The Skimo School and Sagittura mailing lists and email communications
- Coaching services delivered under the Skimo School or Sagittura names
- Mountain Metrics, the training-load analytics tool integrated with Strava
- Any other services we operate under the Skimo School or Sagittura names
By using any of these services or providing us with personal information, you agree to the practices described below.
Who we are
1082704 LLC is a Delaware limited liability company. We operate under the trade names Skimo School and Sagittura. The business is run by Scott Semple residing in Vermont, USA.
Contact for all data and privacy matters: privacy@skimoschool.com
Personal information we collect
From everyone who interacts with us
- Email address (mailing list, support inquiries, coaching enrollment)
- Name (if you provide one)
- Communications you send us (emails, messages, feedback)
From mailing-list subscribers
- The data above, plus an opt-in record (date and source) demonstrating consent
From coaching clients
- Health and training information you share with us (e.g., heart-rate data, training history, injuries, goals, race plans) — provided voluntarily as part of the coaching relationship
- Payment information, processed by our payment processor (we do not store full card numbers)
From Mountain Metrics users
When you connect your Strava account to Mountain Metrics, we receive:
- Activity data: date, name, sport type, duration, distance, elevation, heart-rate stream, power stream (if recorded), altitude stream
- Profile data: Strava first name, last name, athlete ID
- Authentication tokens: Strava OAuth access and refresh tokens, used solely to maintain your connection
- Settings you provide: lactate threshold heart rate (LTHR), unit preference
When you upload FIT files directly, the same activity-level data is extracted from those files.
Automatically
- Session cookies set by our web framework (Streamlit), used solely to keep you signed in while a Mountain Metrics session is open. We do not use analytics, advertising, or third-party tracking cookies on Mountain Metrics.
- The skimoschool.com marketing site may use minimal server logs (IP address, browser type, page accessed, timestamp) for security and basic operations.
What we do not collect
- Your Strava email address or password (Strava handles authentication)
- Your Social Security or government-ID numbers
- Sensitive demographic information (race, religion, sexual orientation, etc.) unless you volunteer it in a coaching context
- Data from other Strava users (Mountain Metrics is single-user; only your data is ever displayed)
How we use personal information
| Purpose | Legal basis (GDPR / UK GDPR) |
|---|---|
| Send mailing-list emails | Consent — you opted in |
| Deliver coaching services | Performance of contract |
| Compute and display your training metrics in Mountain Metrics | Performance of contract / consent |
| Respond to your inquiries and provide support | Legitimate interest |
| Comply with legal obligations (tax, accounting) | Legal obligation |
| Improve our services (without combining your data with others') | Legitimate interest |
We do not:
- Train AI or machine-learning models on your data
- Combine data from one customer with data from another for any purpose
- Sell, license, lease, or trade your data to anyone
- Use your data for targeted advertising
- Disclose your data to third parties for their own marketing
How your data is shared
Data is shared only with service providers ("sub-processors") strictly necessary to operate Skimo School services. Each is bound by contractual terms requiring the same level of protection we provide.
Current sub-processors:
| Provider | Purpose | Location |
|---|---|---|
| Strava | API integration for Mountain Metrics | United States |
| Supabase | Database hosting for Mountain Metrics | United States (with EU regions available) |
| Streamlit Cloud | Application hosting for Mountain Metrics | United States |
| iCloud Mail | Email delivery | United States |
| Proton Mail | Email delivery | Switzerland |
| Ghost | Mailing list / newsletter platform | United States |
| Stripe | Coaching payment processing | United States |
If we add or change sub-processors, this policy will be updated. Substantial changes will be communicated via email to active users.
We do not sell personal information.
How long we keep data
| Data type | Retention |
|---|---|
| Mailing-list email | Until you unsubscribe, then immediately removed (or as required to honor unsubscribe) |
| Coaching client records | Duration of coaching relationship + 7 years (tax/legal record-keeping) |
| Mountain Metrics activity data | While your account is active. Deleted within 48 hours of disconnection or your deletion request, in compliance with Strava's API agreement |
| Mountain Metrics tokens | While your account is active. Revoked and deleted on disconnect |
| Support email correspondence | 2 years, then deleted unless still relevant |
| Server logs | 30 days |
We will retain data longer only where legally required (e.g., for tax records).
Your rights
You have the following rights, regardless of where you live. Where local law gives you stronger rights, those apply.
- Access — see what data we hold about you. For Mountain Metrics, all your data is visible in the app; for other services, email us
- Correction — fix inaccurate data
- Deletion ("right to erasure") — request that we delete your data. For Mountain Metrics: click "Delete all my data" in the app, or revoke access in Strava settings; deletion completes within 48 hours. For mailing list: click unsubscribe in any email. For other data: email us
- Withdraw consent — at any time, with no effect on processing already done. For mailing list: unsubscribe. For Mountain Metrics: disconnect Strava
- Portability — get a structured copy of your data. Email us for an export
- Object to processing — for legitimate-interest processing, you can object; we'll review and stop unless we have compelling grounds
- Lodge a complaint — with your local data protection authority. EU residents: your country's DPA. UK: the ICO. California: California Attorney General. Canada: the Office of the Privacy Commissioner. Other US states: state attorney general
For California residents, the California Consumer Privacy Act (CCPA) gives you the rights above, plus the right to know what personal information we have collected, disclosed, or sold (we do not sell), and the right to non-discrimination for exercising your rights. To exercise CCPA rights, email us with subject line "CCPA Request."
For EU/UK residents, processing is conducted under appropriate legal bases as listed above. International transfers (e.g., to our US-based sub-processors) are made under Standard Contractual Clauses or equivalent safeguards.
How Strava and Mountain Metrics interact
Strava is the controller of your Strava account data; Skimo School (via Mountain Metrics) is a separate, independent controller of the data we receive through the API. Strava may collect usage data about how you use Mountain Metrics for their own analytical purposes; their privacy practices are governed by Strava's Privacy Policy.
Mountain Metrics is not a Strava product and is not endorsed by Strava.
Security
We use commercially reasonable safeguards, including:
- Encryption in transit (HTTPS) for all communication with Mountain Metrics and skimoschool.com
- Encryption at rest for stored Strava data (Supabase default)
- Limited access to systems strictly necessary to operate the service
- Strava OAuth tokens stored in secure secret management, never in source code or logs
In the event of a personal data breach affecting you, we will notify you and the relevant authorities within 72 hours of discovery (or 24 hours for Strava-related data, per the Strava API agreement).
No system is perfectly secure. By using our services, you acknowledge this inherent risk.
Children
Our services are not intended for users under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided data to us, contact us and we will delete it.
Automated decision-making
Mountain Metrics computes training metrics (mTSS, CTL, ATL, TSB) automatically from your data. These are decision-support estimates intended for personal training use, not legally significant decisions. They have no effect on your access to insurance, employment, credit, or any other consequential matter.
Changes to this policy
We may update this policy. Material changes will be communicated by email (where we have your address) or via a prominent notice in the affected service. Continued use after a change constitutes acceptance.
Jurisdiction and governing law
This policy is governed by the laws of the State of Delaware, USA, without regard to conflict-of-law principles. Where mandatory consumer-protection law in your country (or US state) gives you stronger rights, those apply.
By using our services, you consent to your data being transferred to and processed in the United States and any other country where our sub-processors operate.
Questions about this policy or your data: support@skimoschool.com