SIXGP
Privacy

What we collect and what we don't.

Performance data deserves a clear policy. This page is the plain-English version. The short story: your date of birth and bodyweight stay private, your performance is public only if you opt in, and we do not sell anything.

Last updated · 2026-05-29

TL;DR

  • ✓ Your DOB and bodyweight are never shown publicly.
  • ✓ Your leaderboard presence is opt-in and reversible.
  • ✓ We use Stripe for payments - we never see your card.
  • ✓ No third-party advertising trackers.
  • ✓ You can export your results as CSV at any time.
  • ✓ You can delete your account permanently.

What we collect

Account information

When you create an account we store your email, a hashed password (we never see the plaintext), your first and last name, the public handle you choose, your date of birth, and your sex. Date of birth is used only to compute your age band - never displayed.

Event data

When you compete at a partner gym we record your registration, your same-day bodyweight at check-in, and the raw value for each of the six stations along with the judge who recorded it and a timestamp. Bodyweight is used to normalise grip and deadlift; it stays private.

Computed data

The engine produces a percentile per axis, a composite athleticism score, and the radar payload. These are stamped with the frozen scoring config for the season and stored against your registration.

Payment

Registrations and season passes are processed by Stripe. We receive a payment intent ID and a status - never your card number or expiry. The Stripe webhook is the source of truth for whether a payment succeeded.

Operational

We log your IP address and browser user-agent for security and abuse prevention, and we set a session cookie when you log in so you don't have to re-authenticate on every request. No third-party advertising trackers run on our pages.

What's public and what's private

Public, when opt-in

  • · Your display handle
  • · Your age band (not the exact DOB)
  • · Your sex
  • · Your composite athleticism score
  • · Your six-axis radar profile
  • · The events you competed in and their dates

Always private

  • · Your real first and last name
  • · Your email address
  • · Your exact date of birth
  • · Your bodyweight at any event
  • · Your raw station numbers (only your percentiles are public)
  • · Your payment history

You can flip your profile to private from your account settings at any time. When private, your handle disappears from the public leaderboard and your profile page returns a 404 to anyone other than you.

How we use what we collect

Run events

To check you in, assign you to a heat, capture your results, and confirm your registration was paid.

Compute your score

Your raw numbers feed the scoring engine and become the percentile profile and composite you see on your account page.

Improve the engine

Your anonymised, cohort-aggregated results refine the percentile curves so the next athlete in your cohort gets a more accurate number.

Your rights

Make your profile private

Go to your profile settings and untick "Show me on the public leaderboard." Effective immediately.

Export your data

Download a CSV of your registrations, raw results, percentiles, and composite scores from your account dashboard.

Delete your account

Permanently removes your account, profile, and personally identifying information. Anonymised performance data may be retained for the integrity of historical leaderboards and cohort norms.

Ask us

Questions or requests we have not covered? Email privacy@sixgp.example and we will respond within 30 days.

Security and retention

Passwords are hashed with Werkzeug's default PBKDF2 implementation; we never store them in clear text. Production traffic is encrypted in transit via HTTPS. Database backups are encrypted at rest by our managed Postgres provider. Active account data is retained while your account is open; deleted-account audit trails are retained for one year for fraud prevention.

Cookies

We set one strictly-necessary cookie: a server-side session token that keeps you logged in. We do not set advertising or analytics tracking cookies, and we do not embed third-party scripts that do, with the single exception of Stripe's payment SDK loaded only on the checkout flow.

Changes to this policy

If we make a material change, we will email account holders and update the "Last updated" date above. Smaller clarifications appear here without a notification.