Privacy Policy
We care about your privacy
Your privacy is important to us at Mako Swim. We respect your privacy regarding any information we may collect from you across our website.
Your privacy is important to us at Mako App Limited (“Mako App”, “we”, “us”, or “our”). We are committed to protecting your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Irish Data Protection Acts 1988–2018, and relevant international privacy laws including the UK GDPR and applicable US frameworks. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website (makoapp.io) or use our applications and services (including MakoSets, MakoBoards, MakoVision, and Mako360).
This Privacy Policy explains how we collect, use, store, and share your personal information, and the choices you have under the General Data Protection Regulation (GDPR) and Irish data protection law.
Who We Are
Mako App Limited (“Mako App”, “we”, “us”, or “our”) provides digital tools for coaches, athletes, and teams. We are established in Ireland and act as the data controller for personal data relating to accounts and services, and as a data processor when handling athlete or team data uploaded by coaches or organizations.
Registered Address: 20 Harcourt Street, Dublin 2, D02 H364, Ireland
Email: info@makoapp.io
Information We Collect
We collect the following categories of information to operate, secure, and improve the Service.
Information you provide:
- Account information, such as your name, email address, and password
- Profile data, such as team name and coaching credentials
- Athlete information, such as name, year of birth, and date of birth where needed for age-group eligibility, gender, performance data, training records, and wellness data
- Parent or guardian contact information, where parents are invited to link to a minor athlete account
- Content, such as videos, voice notes, workout plans, knowledge-base documents, notes, and comments
- Communications, such as chat messages between coaches, athletes, and parents
- Payment information, which is processed securely by Stripe; we do not store full card numbers
Information collected automatically:
- Usage data and feature interactions, including anonymised analytics
- Device information and browser type
- IP address and general location
- Session cookies and authentication tokens
- Push notification tokens, if you opt in
Where coaches or organisations upload athlete data, they act as the data controller for that information, and Mako App Limited acts as their data processor under the GDPR. Coaches and organisations are responsible for obtaining parental or guardian consent where required.
How We Use Your Information
We use your information to:
- Provide, operate, and maintain the Service
- Process payments and manage subscriptions
- Generate AI-powered insights and recommendations, as described in Section 15
- Send service-related notifications and updates
- Improve the Service and develop new features
- Ensure security, prevent fraud, and protect against misuse
Data Sharing
We do not sell your personal information. We share data only in the following circumstances.
Service providers we rely on to operate the Service. These act as our processors under GDPR Article 28:
- Firebase / Google Cloud, for application hosting, database services, and authentication
- Stripe, for payment processing and subscription billing
- OpenAI and Google (Gemini), for AI-powered insights and chat
- Resend, for transactional email
- Stream Chat, for in-app messaging between coaches, athletes, and parents
- Typesense, for search indexing of performance and community data
- Mailchimp, for lifecycle and product emails to coaches and organisation administrators
- Firebase Cloud Messaging (Google), for push notifications
- Google reCAPTCHA / Firebase App Check, for abuse and bot prevention
- Firebase Analytics (Google), for anonymised product usage analytics
Each processor is contractually required to protect your information and use it only to provide services to us.
We may also share data with:
- Vimeo, which hosts videos uploaded through the Service. Vimeo acts as an independent data controller for hosted video. See Section 5.
- Polar, when an athlete connects a Polar wearable. Polar acts as an independent data controller for the heart-rate and exercise data it sends back to Mako through its API. See Section 6.
- Calendly, when prospective customers book a demo. Calendly acts as an independent data controller for the booking record.
- Team members and organisations you are associated with, where necessary to provide the Service
- Legal or regulatory authorities, where required by law
A current list of sub-processors is available on request by emailing info@makoapp.io.
Data Security and Retention
Security
We use industry-standard security and encryption measures, including TLS/SSL in transit and AES-256 at rest. Application data is hosted on Google Cloud Platform. Videos uploaded to the Service are stored with Vimeo and configured as unlisted, not searchable on Vimeo.com, embed-restricted to Mako App domains, with downloads and public comments disabled.
Retention
While your account is active, we retain your content, including videos, workouts, performance records, and notes, so that you can continue to use and build on it. There is no automatic time-based deletion of active-account content.
You can delete individual videos, workouts, and other content at any time within the Service. When you close your account, or when we terminate our agreement with you, we delete your personal data from our active systems within a reasonable period and delete associated videos from Vimeo. Deletion from backups and archival copies may take up to 90 days.
We retain payment and billing records for up to seven years to comply with Irish tax and accounting requirements.
Video and Video Services
Coaches and athletes may upload videos, such as race footage or training clips, to the Service. Videos are stored with Vimeo, Inc. in the United States.
Your relationship with Vimeo. Because Vimeo determines how its platform stores, encodes, and secures video content, Vimeo acts as an independent data controller for videos uploaded through the Service, rather than as our sub-processor. Vimeo’s handling of your video content is governed by Vimeo’s own Privacy Policy and Terms of Service. Vimeo is an active participant in the EU-U.S. Data Privacy Framework, its UK Extension, and the Swiss-U.S. DPF, and we have entered into controller-to-controller Standard Contractual Clauses with Vimeo for international data transfers. You can review Vimeo’s privacy notice at https://vimeo.com/privacy.
How Mako configures your videos. When a video is uploaded through the Service, we apply strict privacy settings:
- Not searchable or browsable on Vimeo.com
- Embed-restricted to Mako App domains only
- Downloads disabled in the player
- Public comments disabled on Vimeo
- Do Not Track enabled on the Vimeo player, so Vimeo tracking or advertising cookies are not set during playback inside Mako
A video’s title, description, and folder on Vimeo may include athlete, event, and organisation names so that coaches can locate clips in their Vimeo dashboard. This metadata is not visible to the public.
Deleting a video
You can delete a video at any time from the Vault, Library, or performance view. When you do, Mako instructs Vimeo to delete the video, and it is removed from both systems. When your organisation or account is closed, associated videos are also deleted from Vimeo as part of the closure process. You can also contact us to request deletion of video data, and we will action that request with Vimeo on your behalf.
Health and Wellness Data
The Service allows coaches and athletes to track wellness signals, including sleep, fatigue, soreness, mood, illness, and injuries, through daily wellness surveys. Athletes may also connect a Polar wearable to import heart-rate and exercise data. This information is health data and may qualify as a special category of personal data under GDPR Article 9.
Lawful basis. We process this data on the basis of explicit consent under Article 9(2)(a). Athletes, or their parent or guardian in the case of minors, consent when submitting their first wellness survey or connecting a Polar account. You can withdraw consent at any time by discontinuing wellness submissions and disconnecting any Polar integration in your settings.
How we use it. Wellness and Polar data is shown to the athlete and to authorised coaches in the athlete’s organisation. It is also used by MAKO AI, as described in Section 15, to surface trends and recommendations. We do not sell or share this data outside your organisation, except with the processors listed in Section 3 where strictly necessary to operate the Service.
Polar Data from Polar Devices
When you connect a Polar account, Polar acts as an independent data controller for the data it generates and stores on its own platform. Mako receives only the exercise summaries delivered through Polar’s API. Polar’s own privacy notice applies to its handling of your account and exercise data.
Community Performance Database
Mako maintains a Community Performance Database that aggregates publicly published swimming competition results, including swimmer name, year of birth, club affiliation, and times. This data is sourced from meet result files, federation publications such as USA Swimming, Swim Ireland, and FINA, and equivalent publicly available results released by competition organisers as part of normal meet participation. Coaches use this database to scout, compare, and rank swimmers across organisations.
Lawful basis. We process this data on the basis of legitimate interests under GDPR Article 6(1)(f). The information was made public by the relevant federation or meet organiser as part of competition participation, and our use is consistent with reasonable expectations in the sport.
Scope. The Community Performance Database contains only competition results that have been publicly published. It does not include internal training data, wellness data, time trials, or data uploaded privately to a coach’s vault.
Right to object. You have the right to object to the inclusion of your performance records in the Community Performance Database under GDPR Article 21. To request removal, email info@makoapp.io with your name, club, and year of birth so we can locate the records. We will respond within 30 days.
Voice Recordings
You can record short voice notes of up to 120 seconds when leaving comments on videos. Recording requires browser microphone permission, which you can revoke at any time in your browser settings. Voice notes are uploaded to our hosting providers and stored alongside the video they relate to. They are visible to the same audience as the video and are deleted when the video is deleted
Your Privacy Rights
You have the right to:
- Access your personal data
- Correct inaccurate information
- Request deletion of your data, subject to Section 12 regarding athlete records held by an organisation
- Export your data in a machine-readable format
- Opt out of marketing communications
- Object to certain types of processing, where applicable under EU or UK law
To exercise these rights, contact us at info@makoapp.io. We will respond to written requests within 30 days where required by law.
GDPR Compliance
We process data on the legal bases of contract performance, legitimate interests, legal obligations, and consent. Where health and wellness data is involved, we rely on explicit consent as described in Section 6. EU and UK residents may also have rights including restriction of processing, data portability, and the right to lodge a complaint with their supervisory authority. The Irish Data Protection Commission is Mako App Limited’s lead supervisory authority.
Childrens Privacy
The Service is widely used by swim clubs whose members may include athletes under 16. We follow the Irish Data Protection Commission’s Fundamentals for a Child-Oriented Approach to Data Processing and apply the principle that the best interests of the child come first.
Account creation by coaches
Coaches and team administrators may create athlete accounts for minors. When they do, they confirm in the app that they have obtained the consent of a parent or guardian where required by the laws of the jurisdiction in which the athlete lives. Mako acts as a data processor for athlete data created in this way. The coach or organisation is the data controller and is responsible for ensuring appropriate consent has been obtained.
Parent accounts
When a parent or guardian is invited to link to a minor athlete account, the invitation discloses the categories of data the parent will be able to view.
Data minimisation
Outside the athlete’s own coaches and parents, we do not expose a child athlete’s full date of birth. The Community Performance Database described in Section 7 uses year of birth only.
Mako does not send marketing or promotional communications to under-16 accounts.
Athlete Acount Deletion
Athletes can delete their accounts at any time through their account settings.
When an athlete deletes their account:
- Deleted: login credentials and account access. Vault videos personally uploaded by the athlete are deleted from Vimeo as part of account closure.
- Retained: performance records, wellness submissions, and training records remain with the organisation that uploaded or generated them during the athlete’s membership. This reflects how school or medical records may remain with institutions after a person departs.
Athletes who wish to have organisation-held records erased may exercise their right to erasure under GDPR Article 17 by contacting their organisation’s coach or administrator, or by contacting Mako at info@makoapp.io. We will work with the relevant organisation to process the request, subject to any lawful basis the organisation may rely on to retain the records.
Cookies, Local Storage and Push Notifications
We use only essential cookies and local storage necessary for the Service to function:
- Session cookies and authentication tokens, to maintain your login state and verify your identity
- Local storage, for interface preferences such as grid or list view and onboarding progress
- Offline cache, to make the app faster and more usable on unstable connections by storing a copy of your data on your device using browser storage
- Push notification tokens, if you opt in, so we can send alerts
- Google reCAPTCHA and Firebase App Check, to detect automated misuse and abuse
These services may receive your IP address and basic interaction signals from your device. Google’s privacy policy applies to that data.
We do not use marketing or advertising cookies, and we do not track you across other websites.
You can clear locally stored data by signing out or by clearing your browser’s site data for the Mako App. You can disable push notifications at any time through your device settings or your Mako settings.
International Data Transfer
Some of our service providers, including Google (Firebase), Stripe, OpenAI, and Resend, are based in or process data in the United States. When we transfer personal data to them, we rely on one or more lawful transfer mechanisms under the GDPR and UK GDPR, including:
- The EU-U.S. Data Privacy Framework, and where applicable its UK and Swiss extensions, where the provider maintains an active certification
- Standard Contractual Clauses, together with supplementary technical and organisational measures where appropriate
Videos are transferred to Vimeo, Inc. in the United States. Vimeo is also an active DPF participant, and we additionally rely on controller-to-controller Standard Contractual Clauses signed with Vimeo for these transfers.
Where available, we store application data in European regions. Videos hosted by Vimeo are stored on Vimeo’s own infrastructure, primarily in the United States.
International Data Transfer
Some of our service providers, including Google (Firebase), Stripe, OpenAI, and Resend, are based in or process data in the United States. When we transfer personal data to them, we rely on one or more lawful transfer mechanisms under the GDPR and UK GDPR, including:
- The EU-U.S. Data Privacy Framework, and where applicable its UK and Swiss extensions, where the provider maintains an active certification
- Standard Contractual Clauses, together with supplementary technical and organisational measures where appropriate
Videos are transferred to Vimeo, Inc. in the United States. Vimeo is also an active DPF participant, and we additionally rely on controller-to-controller Standard Contractual Clauses signed with Vimeo for these transfers.
Where available, we store application data in European regions. Videos hosted by Vimeo are stored on Vimeo’s own infrastructure, primarily in the United States.
Automated Decision Making and Artificial Intelligence Insights
We use AI to provide performance insights, recommendations, and an in-app assistant called MAKO AI. These features are powered by Google (Gemini) and OpenAI APIs. Inputs you provide, including workouts, performance data, wellness summaries, knowledge-base documents, and the questions you ask, may be sent to these providers via their APIs to generate responses. Both providers act as our processors under GDPR Article 28 and do not, by default, use data sent through their APIs to train their general models.
AI outputs are advisory only. They are intended to support, not replace, the judgement of a qualified coach. All AI-generated insights are surfaced to a human, such as a coach, athlete, or parent, for review before being acted upon. Where MAKO AI proposes an action that writes data, such as creating a workout or logging a performance, that proposal is shown to the relevant user for explicit confirmation before execution.
No fully automated decision-making takes place that has legal or similarly significant effects on a data subject. You have the right under GDPR Article 22 to request human review of any decision informed by an AI output that affects you.
Updates to This Policy
We may update this Privacy Policy from time to time. Material updates will be communicated by email or through a notice in the Service. Continued use of the Service after the changes take effect constitutes acceptance of the updated policy.
If we add or replace a sub-processor in a way that materially changes how your data is handled, we will provide reasonable advance notice through in-app notice or email so that you have the opportunity to object where applicable.
Contact
If you have questions, concerns, or requests about this Privacy Policy or how we handle your data, please contact us:
Mako App Limited
20 Harcourt Street
Dublin 2, D02 H364
Ireland
Email: info@makoapp.io
Updated: 23 April 2026
Your Privacy, Your Control
We believe in transparency and in giving you control over your personal information. If you have any questions or concerns about our privacy practices, please contact us. We are here to help and to protect your data