The Long Game - Privacy Policy
Effective Date: November 26, 2025
This Privacy Policy (“Policy”) explains how Long Game Labs, Inc. d/b/a The Long Game (“TLG,” “we,” “us,” or “our”) collects, uses, discloses, and protects your information when you use our websites, mobile applications, analytics tools, competitive league features, and related services (the “Services”).
This Policy applies only to users located in the United States and only to adults 18 years of age or older. We do not knowingly collect data from children under 18. If we discover we have collected such data, we will delete it immediately.
⚠️ IMPORTANT NOTICE: CONSUMER HEALTH DATA
TLG processes Consumer Health Data (“CHD”) as defined under various U.S. state laws (e.g., Washington MHMDA, Nevada CHD law). These laws impose unique requirements.
For residents of Washington, Nevada, and other applicable states, please review our Consumer Health Data Privacy Policy (“CHD Policy”), which governs the collection, use, sharing, sale, and rights related to CHD.
A standalone link to the CHD Policy is available in our website footer and within the app settings.
Use of the Services constitutes acceptance of this Policy and our Terms of Service (“ToS”). If you do not agree, do not use the Services.
1. TLG IS NOT A HEALTHCARE PROVIDER
TLG is a wellness and longevity platform, not a medical provider.
- We are not a HIPAA-covered entity and do not provide medical care or diagnosis.
- If TLG ever acts as a Business Associate to an enterprise customer, it will occur only via a signed Business Associate Agreement (BAA), and additional terms will govern that relationship.
- We apply commercially reasonable administrative, technical, and physical safeguards appropriate to the sensitivity of the data we collect.
- Definition of Personal Information: For the purposes of this Policy, 'Personal Information' includes any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, including inferences drawn from other personal information.
2. INFORMATION WE COLLECT
2.1 Identifiers
- Name
- Username or handle
- Phone number
- Account credentials
- Device identifiers
- Profile photo (optional)
Age Representation:
By providing any Consumer Health Data to TLG, you explicitly represent and warrant that you are at least 18 years of age. We may require age verification (e.g., government ID) before processing sensitive biometric or health data.
2.2 Consumer Health Data & Wellness Data
We collect CHD as defined by state law, including:
- Heart rate, HRV, readiness, variability metrics
- Sleep duration, stages, patterns
- Biomarkers and lab values (bloodwork, metabolic panels, inflammation markers, etc.)
- VO2 max, strength, endurance, performance metrics
- Body composition data (DEXA, 3D scans, impedance reports)
- Self-reported health information
- Wearable-integrated data (via Spike or direct connections)
- Health status, lifestyle information
TLG-Generated Insights:
- TLG Score
- HRV Recovery Index
- Comparative rankings
- Training load analysis
Inferences:
This includes inferences we derive from your other data. Inferences derived from your health data are treated as Consumer Health Data and are subject to the same protections. TLG-generated composite metrics (such as the TLG Score and HRV Recovery Index) are considered Consumer Health Data only to the extent they are derived from CHD inputs.
2.3 Technical Information
- Device type
- Browser type
- IP address
- Operating system
- Crash logs
- Session analytics
- Time zone
- No precise geolocation tracking
2.4 User-Generated Content
- Messages
- Photos, posts, updates
- League entries and participation
- Survey responses
2.5 Transaction & Payment Information
- Subscription tier
- Purchase history
- (Payments are processed by PCI-compliant third parties. We do not store full credit card numbers.)
2.6 Wearable & Platform Integrations
We receive data through:
- Apple HealthKit
- Google Health Connect
- Whoop
- Oura
- Garmin
- Other supported devices
RESTRICTION: We never use HealthKit or Health Connect data for advertising, marketing, or data brokering. This is strictly required by Apple/Google developer terms. We maintain technical and administrative controls to ensure that HealthKit and Health Connect data remain segregated from systems used for advertising or marketing.
Third-party platforms may retroactively alter historical data. TLG is not responsible for changes resulting from such modifications.
2.7 Biometric Information
TLG does not collect or process biometric identifiers or scans of face geometry (as defined under Illinois BIPA), unless explicitly disclosed in a separate Biometric Notice and accompanied by written consent.
3. HOW WE COLLECT INFORMATION
We collect information from:
- You directly
- Your device
- Our service providers
- Wearable/Health integrations (through your authorization)
- Cookies and tracking technologies
- Enterprise partners (only if you opt into their program)
4. HOW WE USE INFORMATION
We process Consumer Health Data only for the specific purposes described in this Policy, which include providing the Services, generating composite metrics, enabling competitive Leagues, conducting analytics, improving scoring systems, performing security and fraud prevention, complying with law, and any additional purposes for which you provide separate, affirmative consent.
4.1 Operating the Services
We use information to:
- Provide and maintain TLG
- Compute composite and derived metrics
- Enable competitive leagues
- Personalize your insights
- Troubleshoot, protect, and secure the platform
- Communicate with you about your account or issues
4.2 Competitive Leagues & Visibility
Two Separate Consents Required For CHD:
- Consent to Collect CHD
- Consent to Share CHD in Leagues or Competitions
(These consents cannot be bundled or preselected.)
Default League Visibility:
By default, when you join a league:
- Your composite metrics (TLG Score, HRV Recovery Index) are visible.
- Individual data categories (biomarkers, sleep metrics, HRV) require explicit opt-in visibility controls.
You may choose to:
- Share more
- Share less
- Participate anonymously
- Adjust per-league settings
Sponsored Leagues:
Visibility in Sponsored Leagues may differ from visibility in public leagues. Upon joining an enterprise-sponsored challenge, you will be presented with distinct consent options.
4.3 Marketing & Advertising
Permitted (With Consent):
- Personalized marketing based on non-HealthKit/Connect CHD
- Marketing using identifiers, behavior, or inferences
- Aggregated data marketing
Prohibited:
- We never use HealthKit / Health Connect data for marketing.
- We never sell or share HealthKit / Health Connect data.
- We never use CHD for cross-context behavioral advertising unless explicitly consented.
- We never sell CHD to data brokers.
California (CPRA) Requirements:
We provide the following links in the footer of the website and app settings:
- “Do Not Sell or Share My Personal Information”
- “Limit the Use of My Sensitive Personal Information”
Note: Under Washington and Nevada law, 'selling' Consumer Health Data requires a separate, signed authorization, which we will obtain if we ever engage in such practices.
4.4 Artificial Intelligence & Machine Learning
By default, we use aggregated and de-identified data to train internal AI/ML systems. We do not use identifiable CHD or identifiable personal data to train models unless you provide explicit opt-in consent.
4.5 Analytics & Product Development
We use aggregated or de-identified data to:
- Improve scoring algorithms
- Benchmark performance
- Generate insights
- Conduct analytics and wellness research
TLG does not guarantee the accuracy, completeness, or reliability of any insights, analytics, predictions, classifications, or composite metrics generated from your data.
4.6 Enterprise Reporting
Enterprise clients receive:
- Aggregated reports by default
- Small-cohort reports only with explicit consent
- Individual-level reports only if you join a program that clearly states your data will be shared (“Authorization” means a clear, separate, affirmative, non-bundled consent).
4.7 Legal, Compliance, and Safety
We may use your data to enforce our Terms, investigate misuse, respond to legal requests, and protect users’ safety.
5. HOW WE DISCLOSE INFORMATION
We disclose information to:
5.1 With Your Consent: For CHD sharing, enterprise participation, or public visibility.
5.2 Service Providers: Cloud hosting, analytics, customer support, development partners.
5.3 Enterprise Customers: Aggregate data by default.
5.4 League Participants: Only data you choose to make visible.
5.5 De-identified & Aggregated Uses: We may share de-identified data for research, partnerships, and product improvement. TLG does not re-identify de-identified Consumer Health Data, and we contractually prohibit service providers from attempting to re-identify it.
5.6 Legal Disclosures: As required for safety, fraud prevention, regulatory inquiries, and dispute resolution.
5.7 Monitoring: TLG does not monitor user posts, messages, or League interactions for safety or accuracy and has no obligation to do so.
6. YOUR PRIVACY RIGHTS & CONTROLS
6.1 CHD Rights (WA, NV, and others)
Your CHD rights are described in our Consumer Health Data Privacy Policy, available through a separate required link. These include the rights to:
- Confirm
- Access
- Delete
- Withdraw consent
- Opt out of CHD sharing
6.2 Marketing & Advertising Controls
You may:
- Opt out of marketing emails
- Opt out of marketing using CHD
- Use the “Do Not Sell or Share My Personal Information” link
- Use the “Limit the Use of My Sensitive Personal Information” link (CPRA)
6.4 Access, Correction & Portability
You may access, download, correct, or update your data at any time.
6.5 Deletion
You may delete individual items or your entire account.
- Deletion propagates through our systems within 30–60 days.
- Inactive accounts older than 2 years are automatically scheduled for deletion of identifiable CHD.
6.6 No Financial Incentives for CHD
TLG does not offer financial incentives conditioned on the sale or sharing of Consumer Health Data.
7. DATA RETENTION
We maintain a structured retention schedule:
| Category | Retention Period |
|---|---|
| Identifiers | Until account deletion + 60 days |
| CHD & Wellness Data | Until deletion OR 2 years of inactivity, whichever comes first |
| Marketing Preferences | Until opt-out |
| Security/Log Data | As long as reasonably necessary for security/compliance |
| Aggregated/De-identified Data | Retained indefinitely |
We may retain certain log or security data beyond stated periods where necessary to investigate fraud, abuse, or violations of our Terms.
8. SECURITY
We employ commercially reasonable safeguards appropriate to the sensitivity of the information processed. We do not state that we exceed HIPAA or meet any heightened standard beyond what the law requires.
9. INTERNATIONAL USERS
The Services are intended for U.S. users only. Non-U.S. users acknowledge their data will be processed in the United States. If you access the Services from outside the United States, you do so at your own risk and are responsible for compliance with the laws of your jurisdiction. You acknowledge that the data protection laws in the United States may differ from those of your country of residence.
10. U.S. STATE PRIVACY RIGHTS
Depending on your state of residence (e.g., CA, CO, CT, UT, VA, TX, OR, MT, WA, NV), you may have rights to:
- Access
- Delete
- Correct
- Opt out of sale/sharing
- Limit use of Sensitive Personal Information
- Appeal denied requests
Requests will require identity verification. CHD rights are detailed in the Consumer Health Data Privacy Policy, not in this document. We may decline requests that are manifestly unfounded, excessive, or require disproportionate technical effort.
11. CHANGES TO THIS POLICY
We may update this Policy. Material changes will be communicated via app notifications or email.
12. Dispute Resolution
Any dispute arising from this Policy is governed by the dispute resolution and arbitration terms in our Terms of Service.
13. CONTACT INFORMATION
Email: admin@thelonggameapp.com
Mailing Address: 870 S Colorado Blvd, STE 1120, Glendale CO 80246