Stadiora Labs ("Stadiora Labs," "we," "us," or "our") is a sports AI infrastructure company incorporated and operating across Latin America (Costa Rica) and the United States. We build the Aria Intelligence engine and the products that run on top of it: Aria, Stadiora, Aria XI, and the Aria Intelligence API.
This Privacy Policy applies to all Stadiora Labs products, services, and websites, including stadioralabs.com, runwitharia.com, and any associated applications, unless a separate privacy notice is provided for a specific product.
For the purposes of the GDPR, Stadiora Labs acts as the data controller for personal data collected through our consumer products (Aria, Stadiora, Aria XI). Where we process data on behalf of third-party developers through the Aria Intelligence API, we act as a data processor under a separate data processing agreement with that developer.
See Section 3 for full detail. This includes training load, recovery scores, sleep data, heart rate variability, injury history, mental readiness ratings, nutritional inputs, and cycle-aware context where provided.
If you are an athlete whose coach uses Stadiora or Aria XI, your coach may enter data on your behalf — including training assignments, attendance, physical assessments, and observations. You are notified when an account is created for you under a coach's organisation.
Stadiora Labs processes data that may be classified as special category data under the GDPR and sensitive personal information under the CCPA. This includes, but is not limited to:
We process this data only for the purpose of generating the readiness, availability, and decision outputs that you or your coach have requested. We do not sell, license, or share health-category data with advertisers, data brokers, or any third party for commercial purposes unrelated to delivering our services.
Reproductive health data is particularly sensitive. We process cycle data only where you have explicitly provided it and only for the specific readiness-contextualisation purpose. It is never surfaced to coaches without your affirmative consent and is excluded from all aggregated or anonymised analytics datasets.
Important: Stadiora Labs is not a medical device, healthcare provider, or clinical service. The outputs generated by Aria Intelligence are decision-support information, not medical advice or diagnosis. See the Terms of Use for a full medical disclaimer.
We do not use your personal data for automated individual decision-making that produces legal or similarly significant effects without human involvement. All Aria Intelligence outputs are intended to support — not replace — decisions made by coaches, athletes, and their medical teams.
If you are located in the European Economic Area (EEA) or the United Kingdom, we rely on the following legal bases under Articles 6 and 9 of the GDPR:
We do not sell your personal data. We share data only in the following circumstances:
If you are an athlete registered under a coach's Stadiora or Aria XI account, your readiness outputs, availability classifications, and flagged attention signals are visible to that coach. You acknowledge this when joining an organisation. Granular health signals (including reproductive health data) are not shared with coaches unless you explicitly configure them to be.
We engage trusted third-party providers who process data on our behalf — including cloud infrastructure, data analytics, and communications services. These providers are bound by data processing agreements and are prohibited from using your data for their own purposes.
If your data is processed through the Aria Intelligence API by a third-party developer, that developer is the data controller for your relationship with their application. We act as processor. Review the privacy policy of the third-party application you are using.
We may disclose data where required by law, to protect the rights or safety of Stadiora Labs or others, or in connection with legal proceedings.
In the event of a merger, acquisition, or asset sale, personal data may be transferred to the acquiring entity. We will provide notice before your data becomes subject to a different privacy policy.
Stadiora Labs operates across Latin America (Costa Rica) and the United States, and may use service providers located in other countries. If you are located in the EEA or the UK, your personal data may be transferred to countries that do not have an adequacy decision from the European Commission.
Where such transfers occur, we rely on appropriate safeguards — including Standard Contractual Clauses (SCCs) approved by the European Commission — to ensure your data receives an equivalent level of protection. You may request a copy of the relevant safeguards by contacting us at privacy@stadioralabs.com.
For transfers of health-category data, we apply additional contractual protections and limit transfers to service providers that have demonstrated compliance with applicable data protection standards.
We retain your personal data only for as long as necessary to deliver our services and comply with legal obligations:
Depending on your location, you have the following rights over your personal data:
To exercise any of these rights, contact us at privacy@stadioralabs.com. We will respond within 30 days (or within 45 days where the request is complex). We do not charge a fee for reasonable requests.
We use cookies and similar tracking technologies on our websites. These fall into three categories:
We do not use third-party advertising cookies or cross-site tracking. You can manage cookie preferences through your browser settings at any time. Note that disabling non-essential cookies does not affect your use of core platform features.
Our services are not directed at children under the age of 13 (or under 16 in the EEA). We do not knowingly collect personal data from children under these ages. If a coach registers an athlete who is a minor, the coach is responsible for obtaining appropriate parental or guardian consent before submitting that athlete's data to our platform.
If you believe we have collected data from a child without appropriate consent, contact us immediately at privacy@stadioralabs.com and we will delete the data promptly.
We implement technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include encryption of data in transit and at rest, access controls limiting data access to authorised personnel, and regular security reviews.
Given the health-adjacent nature of some data we process, we apply enhanced security controls to health and biometric data stores — including additional encryption layers and strict internal access logging.
No system is completely secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant supervisory authorities as required by applicable law — within 72 hours for GDPR-covered breaches.
We may update this Privacy Policy from time to time to reflect changes in our practices, products, or applicable law. When we make material changes, we will notify you by email (if you have an account) and update the "Last Updated" date at the top of this page.
Your continued use of our services after the effective date of a revised policy constitutes acceptance of the updated terms. If you do not agree with a material change, you may delete your account and request erasure of your data before the change takes effect.
For all privacy-related enquiries, rights requests, or concerns:
Stadiora Labs — Privacy
Email: privacy@stadioralabs.com
Response time: within 30 days for standard requests, 72 hours for breach notifications
If you are an EEA resident and are not satisfied with our response, you have the right to lodge a complaint with your national data protection supervisory authority.