STIGA Privacy Policy

Komitis Lab (“Komitis Lab”, “we”, “us”, “our”) operates STIGA. STIGA offers tools for coaches and athletes to plan workouts, manage plans, sync activities, and visualize progress and sports metrics. Business Address: 6045 Oakbend st. APT 12205 Orlando FL. US 32835 STIGA Website: https://www.stiga.app Komitis Lab Website: https://www.komitislab.com/ Komitis Lab is the data controller for the personal data processed through STIGA, unless otherwise indicated for a specific integration or service. We may update this Policy periodically. If we make material changes, we will notify you in a reasonable manner (for example, by posting it on the site or within the app) and updating the “Last Updated” date.

For inquiries about privacy, exercising rights, or requests related to personal data: Privacy Team: privacy@stiga.app General Support: support@stiga.app Address: 6045 Oakbend st. APT 12205 Orlando FL. US 32835

“Personal data” is information linked or reasonably linkable to an identified or identifiable person. A) Data you provide directly to us Account and profile: name, email, password (or login method), country/city, language, photo (if uploaded), and optional profile data. Sports data you upload manually: goals, workout history, coach/athlete notes, injuries or limitations if you enter them. Communication: messages or requests to support, feedback, and reports. B) Data we collect automatically Usage data: screens visited, actions within the app, usage times, product events. Technical data: IP, device identifiers, operating system, app version, language, time zone, error and performance logs. Approximate location data: for example, country/city based on IP (if applicable), or location that the user chooses to share. 3.C) Data we receive from integrations (Apps & Devices) If you choose to link STIGA with third-party services (for example Garmin or other compatible providers), we may receive data related to your activity and training according to your consent and authorized permissions. Integrations (for example Garmin): If you connect your Garmin account with STIGA, we may receive activity/workout data and associated metrics (according to authorized permissions) and/or send structured workouts for synchronization. We use this data exclusively to provide planning, synchronization, progress visualization, and training analysis functions. You can revoke access at any time by disconnecting the integration. Examples (depending on permissions and provider): - Activities/workouts (type, date/time, duration, distance, pace/speed) - Metrics (heart rate, power, cadence, calories, etc.) - Activity location (if the user shares GPS with the provider and authorizes) - Sleep or other biometrics (only if authorized and the integration provides it) Important: STIGA uses this data for synchronization and training analysis. We do not sell personal data. D) Non-identifiable information We may generate or use aggregated or de-identified information (for example, general usage statistics) that does not identify a person.

We use personal data as appropriate to: - Create and manage your account and provide access to STIGA. - Enable the use of training functions (plans, calendar, sessions, comments, compliance). - Sync workouts and activities with connected integrations (for example Garmin) when the user authorizes it. - Show progress, metrics, reports, and analysis for athletes and coaches. - Support and troubleshooting (respond to inquiries, fix errors, improve stability). - Improve the product (analytics, performance, debugging). - Security and fraud prevention (account protection, abuse, incidents). - Legal compliance (respond to legitimate requirements and defend rights).

We may share personal data in these circumstances: A) Service providers We share data with third parties that help us operate STIGA (hosting, storage, analytics, error monitoring, notifications, support, etc.). These providers can only process data to provide the service and under confidentiality/security obligations. B) API partners and integrations If you link STIGA with a third party (e.g., Garmin), STIGA may: - Receive data from that third party to STIGA (for synchronization/analytics), and/or - Send data from STIGA to the third party (for example, send structured workouts to Garmin), according to permissions and what you authorize. C) Coaches and athletes (depending on your relationship) If you use STIGA as an athlete with a coach, or as a coach with athletes, certain information is shared within the platform to provide the service (for example: plans, progress, comments, metrics, and compliance). You may have privacy controls depending on the available functionality. D) Legal requirements and protection We may disclose information: - to comply with laws, court orders, or valid requirements, - to investigate fraud, incidents, or vulnerabilities, - to protect the rights, safety, and property of users or Komitis Lab. E) Corporate transactions In the event of a merger, acquisition, restructuring, or sale of assets, the information could be transferred as part of the operation, subject to reasonable guarantees. We do not sell personal data.

We may use cookies (on web) or equivalent technologies (in apps) to: - remember preferences, - measure usage and performance, - detect errors and improve experience. You can control cookies from the browser (if applicable) and adjust permissions on your device.

Where applicable, we may respect browser signals or device settings related to tracking/ads (for example, available standard mechanisms). STIGA is not oriented to behavioral advertising, but we use analytics and monitoring to improve the service.

STIGA may process data in countries other than yours (for example, where our providers are located). If we transfer data internationally, we apply reasonable safeguards (standard contractual clauses or other mechanisms, as appropriate).

We apply reasonable technical and organizational measures to protect personal data (access control, encryption in transit, monitoring, etc.). Even so, no system is 100% secure.

STIGA may link to third-party sites/services. We do not control their practices. We recommend reviewing their policies.

We retain personal data: - as long as you maintain an active account or use the Services, - according to operational needs (for example backups), - and according to applicable legal/accounting obligations. You can request deletion (see “Your Rights” section). Some data may remain in backups for a limited period before being purged.

STIGA is not intended for minors under 16 years of age. We do not intentionally collect data from minors without verifiable consent from the parent/guardian when required by law.

Depending on your country/state, you may have rights such as: - Access your data - Correct inaccurate data - Delete data (with legal exceptions) - Portability - Object to or restrict certain treatments - Withdraw consent (for example, by disconnecting integrations) To exercise them, contact us at privacy@stiga.app. We may request reasonable identity verification.

If you are a California resident, the following disclosures apply to you under CCPA/CPRA. Data categories: The categories of personal data we collect are described in Section 3 (Personal data we collect). They include account and profile data, usage data, technical data, activity and workout data (including from integrations such as Garmin), and communication data. Business purposes: The purposes for which we use these data are described in Section 4 (Why we collect your personal data), and include providing and improving STIGA, synchronization with integrations, support, security, and legal compliance. No sale or sharing: STIGA does not sell personal data or share it with third parties for cross-context behavioral advertising under the definitions of CCPA/CPRA. We do not use or share information of minors under 16 for sale or sharing. Your rights: As a California resident you have the right to (1) know what personal data we collect and how we use it, (2) request deletion of your personal data, (3) request correction of inaccurate data, and (4) not be discriminated against for exercising these rights. To exercise these rights, contact us at privacy@stiga.app. We may request reasonable identity verification.

If you are a resident of the European Economic Area (EEA) or the United Kingdom, the following disclosures apply to you under the GDPR. Legal bases for processing: We process your personal data on the basis of (1) contract performance (providing STIGA Services), (2) legitimate interest (product improvement, security, analytics), (3) consent (integrations such as Garmin, optional communications), and (4) legal obligation (regulatory compliance). Your rights: You have the right to access, rectify, erase, restrict processing, data portability, object to certain processing, and withdraw consent at any time. You may lodge a complaint with your local data protection supervisory authority. International transfers: When we transfer data outside the EEA/UK, we use Standard Contractual Clauses (SCCs) or other approved mechanisms to ensure an adequate level of protection. To exercise your rights or for privacy inquiries: privacy@stiga.app.

If you need this Policy in an alternative format or want to report an accessibility problem: support@stiga.app.