ATHLETA INVICTUS PRIVACY POLICY

Effective Date: November 14, 2025
Last Updated: November 14, 2025
Version: 2.0

1. INTRODUCTION AND SCOPE

Athleta Invictus, LLC ("Athleta Invictus," "Company," "we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how we collect, use, disclose, store, and protect your personal information in compliance with applicable data protection laws, including but not limited to:

· General Data Protection Regulation (GDPR) - EU/UK/EEA

· California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

· Colorado Privacy Act (CPA)

· Virginia Consumer Data Protection Act (VCDPA)

· Connecticut Data Privacy Act (CTDPA)

· Utah Consumer Privacy Act (UCPA)

1.1 Data Controller Information

Athleta Invictus, LLC
661 E 1470 S
Lehi, Utah 84043
United States of America

Data Protection Officer/Privacy Contact:
Riley Snell
Email: privacy@athletainvictus.com
Alternative: riley@athletainvictus.com
Phone: [Insert Phone Number]

1.2 Scope of Application

This Privacy Policy applies to all personal data processing activities conducted through:

· Our website(s) (www.athletainvictus.com and any subdomains)

· Mobile applications (iOS and Android)

· Web application portal

· Physical locations and events

· All digital and offline services offered by Athleta Invictus

· Third-party platforms where we maintain an official presence

2. DEFINITIONS

For purposes of this Privacy Policy:

· "Personal Data" means any information relating to an identified or identifiable natural person

· "Processing" means any operation performed on personal data

· "Data Subject" means the individual whose personal data is processed

· "Controller" means the entity that determines the purposes and means of processing

· "Processor" means an entity that processes personal data on behalf of the Controller

· "Sensitive Personal Information" has the meaning defined under applicable law

3. INFORMATION WE COLLECT

3.1 Categories of Personal Data

We collect the following categories of personal data:

A. Identifiers and Contact Information

· Full name

· Email address(es)

· Phone number(s)

· Mailing/billing address

· Username and account credentials

· Social media identifiers (when voluntarily connected)

B. Commercial Information

· Purchase history and transaction details

· Product preferences

· Subscription status

· Payment card details (tokenized via PCI-compliant processors)

4. LEGAL BASIS FOR PROCESSING (GDPR)

Under GDPR, we process your personal data based on the following legal bases:

4.1 Contract Performance

Processing necessary to fulfill our contractual obligations, including:

· Account creation and management

· Order processing and fulfillment

· Providing subscribed services

· Customer support

4.2 Legitimate Interests

Processing based on our legitimate business interests, including:

· Improving our services

· Marketing to existing customers

· Fraud prevention and security

· Network and information security

4.3 Consent

Processing based on your freely given, specific, informed consent for:

· Marketing communications to non-customers

· Cookies and tracking (where required)

· Precise geolocation

· Special categories of data

5. HOW WE USE YOUR INFORMATION

5.1 Primary Purposes

Service Delivery

· Provide and maintain our services

· Process transactions and payments

· Manage user accounts and profiles

· Deliver digital and physical products

Communication

· Send transactional communications

· Provide customer support

· Send marketing communications (with consent)

6. DATA SHARING AND DISCLOSURE

6.1 Categories of Recipients

Service Providers (Data Processors)

We engage vetted service providers under written contracts requiring appropriate data protection.

6.2 Data Not Sold

We DO NOT sell your personal data. This includes not selling data as defined under CCPA/CPRA.

7. YOUR PRIVACY RIGHTS

7.1 Universal Rights (All Users)

Regardless of location, you have the right to:

· Access - Request copies of your personal data

· Correction - Update inaccurate or incomplete data

· Deletion - Request erasure of your data (subject to legal retention)

· Portability - Receive your data in a structured format

· Opt-Out - Unsubscribe from marketing communications

· Restriction - Limit how we process your data

7.2 GDPR Rights (EU/UK/EEA Residents)

Additional rights include:

· Object to processing based on legitimate interests

· Withdraw consent at any time

· Object to automated decision-making

· Lodge a complaint with supervisory authorities

7.3 CCPA/CPRA Rights (California Residents)

California residents have additional rights including:

· Know categories and specific pieces of personal information collected

· Delete personal information (with exceptions)

· Opt-out of sale/sharing for behavioral advertising

· Non-discrimination for exercising privacy rights

8. DATA SECURITY

8.1 Technical and Organizational Measures

We implement industry-standard security including:

Technical Safeguards:

· Encryption at rest (AES-256)

· Encryption in transit (TLS 1.2+)

· Web Application Firewall (WAF)

· Regular security scanning

· Multi-factor authentication for administrative access

Organizational Safeguards:

· Role-based access controls

· Employee training and confidentiality agreements

· Vendor security assessments

· Incident response procedures

· Regular security audits

9. CONTACT INFORMATION

For privacy-related questions or requests:

Email: riley@athletainvictus.com
Phone: 801-499-0262
Mail: Privacy Team, Athleta Invictus, LLC
661 E 1470 S, Lehi, UT 84043

This Privacy Policy was last updated on November 14, 2025.
For questions about this policy or your privacy rights, please contact us at riley@athletainvictus.com.