Terms of Service
Last Updated: 5/9/2025
Introduction
The CrossFit Medical Society (“CFMS,” “we,” “our,” or “us”) is committed to protecting the privacy and confidentiality of our members, patients, athletes, practitioners, and website visitors (“you” or “your”). This Privacy Policy explains what information we collect, how we use and share it, and the choices you have. This is a template policy intended for illustrative purposes only.
Scope
This Policy applies to:
CFMS websites, mobile applications, portals, and digital services (collectively, “Services”).
Membership programs, clinics, events, courses, and research initiatives.
Communications via email, SMS, chat, and social channels.
This Policy does not cover third-party sites or services we do not control.
Information we collect
3.1 Personal Identification Information
Contact details (name, mailing address, email, phone).
Account credentials (username, hashed passwords).
Professional details (license, certifications, affiliations, specialties).
Demographics (age range, gender, language preferences, country).
3.2 Health and Fitness Information
Self-reported health histories, symptoms, and conditions.
Training logs, workout metrics, biomarker and lab testing results.
Nutrition, recovery, and injury data provided to CFMS programs.
Care plans, clinical notes, and referrals from CFMS practitioners.
Note: Certain health information may be classified as sensitive personal data under applicable laws.
3.3 Payment and Transaction Data
Billing addresses and transaction details (amounts, dates, products/services).
Payment methods routed through trusted processors; CFMS does not store full credit card numbers.
3.4 Technical and Usage Data
Device and browser information, IP address, time zone, and language.
Cookies, pixels, and similar technologies (see Section 9).
Log data on pages viewed, features used, sessions, and performance.
App diagnostics, crash reports, and versioning.
3.5 Communications and Community Content
Messages, survey responses, feedback forms, and support requests.
Event registrations, attendance, certifications, and continuing education records.
User-generated content (posts, comments, uploads) within CFMS communities.
3.6 Research and Program Participation
Informed consent records.
De-identified or pseudonymized datasets for research and quality improvement.
Study-specific data collection as described in separate protocols.
How We Use Information
We process information to:
Provide, maintain, and improve our Services and programs.
Personalize training, care pathways, and health insights.
Schedule appointments, manage memberships, certifications, and events.
Communicate updates, safety notices, and program information.
Authenticate users, prevent fraud, and ensure security.
Conduct research, analytics, benchmarking, and Service optimization.
Comply with legal, regulatory, and accreditation requirements.
Legal Bases for Processing (where applicable)
We rely on:
Consent (e.g., for certain health data, marketing communications).
Contractual necessity (e.g., membership services, program delivery).
Legitimate interests (e.g., safety, research quality assurance, Service improvement).
Legal obligations (e.g., compliance with health and safety regulations).
Vital interests (e.g., emergency care coordination).
Sharing and Disclosure
We may share information with:
CFMS clinicians, coaches, and authorized staff to deliver Services.
Laboratories, diagnostic providers, and care teams, with your consent or as permitted by law.
Payment processors, IT vendors, analytics providers, and cloud hosting partners under confidentiality obligations.
Event and education partners for certifications, CE credits, or attendance management.
Research collaborators using de-identified or pseudonymized data where feasible.
Regulators, accreditation bodies, or law enforcement when required by law.
We do not sell personal information. We do not share sensitive health data for advertising purposes.
International Transfers
If information is transferred across borders, we apply appropriate safeguards, including contractual protections, de-identification where feasible, and adherence to local requirements. Your use of the Services may involve processing in jurisdictions different from your own.
Data Retention
We retain information only as long as necessary for the purposes described, including:
Membership and account records for the duration of your relationship and applicable limitation periods.
Clinical records per regulatory or professional retention standards.
Research data per protocol and ethics requirements.
When no longer needed, data is securely deleted or de-identified.
Cookies and Tracking Technologies
We use:
Essential cookies for login, security, and core functionality.
Performance cookies to understand usage and improve Services.
Optional analytics and personalization tools to enhance experience.
You can manage cookies through browser settings. Some features may not function without essential cookies.
Your Rights and Choices
Depending on your jurisdiction, you may have rights to:
Access and obtain a copy of your information.
Correct inaccuracies and update your data.
Delete or restrict processing of certain information.
Object to processing, including for personalization or analytics.
Withdraw consent at any time where processing is based on consent.
To exercise rights, contact us using Section 15. We will respond per applicable law and verify your identity before fulfilling requests.
Children and Adolescents
Depending on your jurisdiction, you may have rights to:
Access and obtain a copy of your information.
Correct inaccuracies and update your data.
Delete or restrict processing of certain information.
Object to processing, including for personalization or analytics.
Withdraw consent at any time where processing is based on consent.
To exercise rights, contact us using Section 15. We will respond per applicable law and verify your identity before fulfilling requests.
Ready to transform your health?
Comprehensive health strategies
for modern individuals
