BETA by Chalk Technologies OÜ
Privacy Policy
Chalk Technologies OÜ | Ahtri tn 12, Tallinn 10151, Estonia | VAT EE102462465 | DUNS 497093027
Effective Date: April 2026
1. ABOUT THIS PRIVACY NOTICE
Who we are: This Privacy Notice is issued by Chalk Technologies OÜ ("Chalk Technologies", "we", "us", "our"), a private limited company registered in Estonia, operating the BETA platform at www.sendmoregetbeta.com.
What this Notice covers: This Privacy Notice explains how we collect, use, store, share, and protect your personal data across all BETA services, including the BETA web platform; the BETA climbing app; our website at www.sendmoregetbeta.com; marketing and communications; and any other services we provide (collectively, the "Services").
Who this Notice applies to: This Notice applies to (a) Business Customers (gyms and organisations using BETA); (b) End Users and Attendees (individual climbers and app users); and (c) website visitors. Where relevant, we explain which sections apply to each group.
Legal bases: We process personal data only where we have a valid legal basis to do so. The legal basis for each processing activity is identified in this Notice. Where we rely on legitimate interest as our legal basis, we have conducted a Legitimate Interests Assessment (LIA). These assessments are available on request from privacyteam@sendmoregetbeta.com
2. DATA WE COLLECT & WHY
2A. Business Customers (Gyms)
We collect the following personal data from Business Customers and their authorised users:
2B. End Users & Profiles (Climbers)
We collect the following personal data from individuals who use the BETA climbing app or are registered as Attendees at a gym using BETA:
Social login: If you choose to sign in using Google or Apple, we receive your name, email address, and profile photo from that provider. We do not receive or store your Google or Apple password. Your use of those sign-in options is also governed by Google's and Apple's own privacy policies. Both are US-based; data transfers are covered by Standard Contractual Clauses.
Push notifications: If you enable push notifications, we use your device push token to send you booking reminders, gym updates, and BETA product communications. You can withdraw consent at any time by disabling notifications in your device settings.
2C. SPECIAL CATEGORY DATA, HEALTH DATA & EMERGENCY CONTACTS
Health data via Participant Forms: BETA's Participant Forms tool allows gym Business Customers to create their own digital forms for Attendees. Some gyms include questions about pre-existing medical conditions, injuries, pregnancy, or physical fitness. This type of information may constitute special category data under GDPR Article 9.
BETA's role: Where a Business Customer collects health or medical information from Attendees through Participant Forms, the Business Customer is the data controller solely responsible for: (a) establishing and documenting a valid legal basis under GDPR Art. 9(2) before collecting health data (typically explicit consent under Art. 9(2)(a)); (b) informing Attendees that health data is being collected and the purpose; and (c) implementing appropriate security measures for that data. BETA processes such data as data processor only, acting solely on the Business Customer's instructions.
Emergency contacts: Where a gym collects emergency contact information from Attendees through Participant Forms (for example, next-of-kin details for minors or lead climbers), the Business Customer is the data controller for that data. Emergency contacts are not BETA platform users and have not directly interacted with BETA. Business Customers are responsible for informing emergency contacts that their details are held, in accordance with GDPR Art. 14.
2D. Minors
Account holders must be 18 years of age or older. Minors (persons under 18) may not create their own BETA accounts.
Where a gym registers a minor as an Attendee, this is done by the minor's parent or legal guardian. The guardian creates and manages the minor's profile, provides consent for data processing on the minor's behalf, and controls the minor's access to the BETA app.
Age verification: BETA relies on Business Customers to implement appropriate age verification processes for their Attendee base before registering minors on the platform. Business Customers are responsible for ensuring that Attendee accounts are created only for individuals who meet the minimum age requirements applicable in their jurisdiction and for obtaining valid parental or guardian consent before registering a minor.
We do not knowingly collect personal data from persons under 18 without a guardian acting on their behalf. If we become aware that a minor has created their own account without guardian involvement, we will delete that account promptly. To report such cases: privacyteam@sendmoregetbeta.com
2E. Website Visitors
When you visit www.sendmoregetbeta.com, we collect standard web analytics data including IP address, browser type, pages visited, and referring URL, using cookies and analytics tools as described in Section 9.
3. HOW WE USE YOUR DATA
We use personal data for the following purposes:
Providing the Services: To operate and deliver the BETA Platform, manage accounts, process bookings and payments, and send service-related communications. Legal basis: contract performance.
Security and fraud prevention: To monitor for unauthorised access, detect fraud, and maintain platform integrity. Legal basis: legitimate interest.
Support: To respond to support requests and resolve issues via our support team and tools including Gleap. Legal basis: legitimate interest / contract performance.
Legal compliance: To comply with Estonian, EU, and applicable international law, including tax, financial reporting, and data protection obligations. Legal basis: legal obligation.
Service improvement and benchmarking: To analyse usage patterns, test new features, and improve the Platform. We may produce anonymised, aggregated benchmark reports comparing performance metrics across gyms (for example, average class attendance rates or booking conversion rates). These reports cannot identify individual gyms or users. Legal basis: legitimate interest.
Marketing communications: To send promotional emails about BETA features, updates, and offers to Business Customers and opted-in users. Legal basis: legitimate interest (for existing customers); consent (for new contacts and where required by law).
Research and analytics: To conduct surveys, understand user behaviour, and develop the Platform. Legal basis: legitimate interest / consent.
We process personal data only as described in this Privacy Notice. We do not share personal data with third parties for commercial purposes outside of what is set out here.
4. SHARING YOUR DATA
4.1 Payment Processors. When you or your gym processes a payment, transaction data is shared with your chosen Payment Processor (Adyen, Clover, Dojo, GoCardless, Stripe, SumUp, or Square) as necessary to complete the transaction. Each processor has its own privacy policy and acts as an independent data controller for payment data.
4.2 Service providers (sub-processors). We use trusted third-party service providers to operate the Platform, including cloud hosting, email delivery, analytics, and customer support tools. These providers act as data processors under GDPR and are bound by data processing agreements. Key sub-processors include:
Gleap GmbH (gleap.io): In-app support chat, bug reporting, crash reporting, session recordings, and help centre. Processes email address, name, session data, and support ticket content. Based in Austria (EEA). DPA available at gleap.io/legal.
Google LLC (google.com): Cloud infrastructure, analytics (Google Analytics 4), and email delivery. US-based; Standard Contractual Clauses in place.
Apple Inc. (apple.com): OAuth sign-in (Sign in with Apple). US-based; Standard Contractual Clauses in place.
Payment Processors: See Section 4.1 and T&Cs Schedule 2 for the full list.
A full and current sub-processor list is available on request from privacyteam@sendmoregetbeta.com. We will give Business Customers 30 days' written notice of any material changes to our sub-processor list.
4.3 Sub-processor objection. Where a Business Customer objects to a proposed sub-processor change on reasonable data protection grounds, Chalk Technologies will work with the Business Customer to resolve the concern. If the objection cannot be resolved within 30 days, the Business Customer may terminate their Subscription without penalty and will receive a pro-rata refund of prepaid fees for the unused Subscription term. This is the only circumstance in which a refund is automatically due under these arrangements.
4.4 Business Customers. Personal data relating to Attendees is shared with the relevant Business Customer (gym) as necessary to provide the Services. The gym is the data controller for its Attendee data.
4.5 Legal disclosures. We may disclose personal data where required by law, court order, or regulatory authority, including the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon). We will notify you of such disclosures where lawfully permitted.
4.6 Corporate transactions. In the event of a merger, acquisition, or sale of Chalk Technologies's business or assets, personal data may be transferred to the acquiring entity, subject to equivalent data protection protections.
5. INTERNATIONAL DATA TRANSFERS
5.1 Chalk Technologies is established in Estonia and primarily processes data within the European Economic Area (EEA).
5.2 Where personal data is transferred to countries outside the EEA that do not have an EU adequacy decision (including the United States, where Clover, Square, Google LLC, and Apple Inc. are based), we ensure appropriate safeguards are in place, specifically Standard Contractual Clauses (SCCs) approved by the European Commission under GDPR Art. 46. This applies to payment processing, social login via Google and Apple, and analytics via Google Analytics 4.
5.3 For transfers to the United Kingdom, we rely on the UK Adequacy Decision adopted by the European Commission.
5.4 You may request a copy of the applicable transfer safeguards by contacting privacyteam@sendmoregetbeta.com
6. YOUR RIGHTS
Under the GDPR (and, for UK residents, the UK GDPR), you have the following rights regarding your personal data:
Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of inaccurate or incomplete data.
Right to erasure: Request deletion of your data where there is no compelling reason for us to continue processing it.
Right to restriction: Request that we limit processing of your data in certain circumstances.
Right to portability: Receive your data in a structured, machine-readable format (we provide data exports in CSV format), or have it transferred to another provider.
Right to object: Object to processing based on legitimate interest, including direct marketing and profiling.
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
Rights in relation to automated decision-making: You have the right not to be subject to decisions based solely on automated processing that produce significant legal or similarly significant effects. See Section 8.
To exercise any of these rights, contact: privacyteam@sendmoregetbeta.com. We will respond within 30 days as required by the GDPR (or within 3 months for complex requests, with prior notification).
We may need to verify your identity before processing your request.
If you are not satisfied with our response, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at www.aki.ee, or with the supervisory authority in your EU country of residence. UK residents may also complain to the Information Commissioner's Office (ICO) at www.ico.org.uk.
7. DATA SECURITY
7.1 We implement technical and organisational security measures appropriate to the risk, including encryption in transit and at rest, access controls, regular security testing, and staff data protection training.
7.2 Account data is protected by your account password. You are responsible for keeping your password confidential and logging out after each session.
7.3 Where a personal data breach is likely to result in a risk to your rights and freedoms, we will notify you without undue delay in accordance with GDPR Art. 34.
7.4 For a summary of our technical and organisational measures, contact privacyteam@sendmoregetbeta.com
8. AUTOMATED DECISION-MAKING & PROFILING
8.1 BETA's CRM and analytics features generate profiles of Attendees and Business Customers based on their activity and usage. This profiling is used to improve the Platform and personalise the experience. It does not produce automated decisions that have legal or similarly significant effects on you.
8.2 If you have questions about how profiling affects you, or wish to object to profiling based on legitimate interest, contact privacyteam@sendmoregetbeta.com
9. COOKIES & TRACKING TECHNOLOGIES
9A. What We Use
We use cookies and similar technologies on our website and within the BETA Platform. These fall into the following categories:
9B. Google Analytics & Meta Pixel
We use Google Analytics 4 to analyse website and platform usage in aggregate. We use the Meta Pixel to measure the effectiveness of our marketing campaigns. We do not use these tools to build individual advertising profiles or to serve you targeted advertisements.
These tools are activated only after you have given explicit consent via our cookie consent banner. If you decline, these tools do not activate and you can still use the BETA platform and website. Both tools transfer data to the United States; Standard Contractual Clauses are in place for these transfers.
9C. Managing Cookies
When you first visit our website or platform, you will see a cookie consent banner. You can accept all cookies, reject non-essential cookies, or customise your preferences. You can change your preferences at any time via the cookie settings link in the footer.
You can also manage cookies via your browser settings. Note that disabling certain cookies may affect Platform functionality.
Analytics data is retained for a maximum of 13 months. Consent records are retained for 3 years.
10. MARKETING COMMUNICATIONS
10.1 We may send marketing emails to Business Customers about BETA features, updates, and relevant offers. Our legal basis is legitimate interest, as we have an existing business relationship. You can opt out at any time via the unsubscribe link in any marketing email, or by contacting support@sendmoregetbeta.com.
10.2 We send marketing emails to End Users only with your explicit opt-in consent. You can withdraw consent at any time by clicking the unsubscribe link or contacting us.
10.3 We comply with the EU ePrivacy Directive and, where we communicate with users in the United States, with the CAN-SPAM Act. We will always clearly identify ourselves as the sender and include clear instructions to unsubscribe.
10.4 We do not share your email address with third parties for their own marketing purposes.
11. DATA RETENTION
We retain personal data only for as long as necessary for the purposes for which it was collected, and in accordance with our legal obligations. Key retention periods are summarised in the tables in Section 2 above.
When your account is closed or your Subscription ends, account data is retained for 2 years then deleted or anonymised, except where longer retention is required by law (e.g. financial records: 7 years; participation records: 7 years; tax records: 7 years under the Estonian Accounting Act).
Backups are retained for up to 90 days after deletion from live systems.
Retention periods are enforced through automated deletion or anonymisation processes. If you have questions about a specific retention period, contact privacyteam@sendmoregetbeta.com
12. THIRD-PARTY LINKS & SERVICES
The BETA Platform integrates with third-party services including Payment Processors and optional tools (e.g. Gmail integration). Where you connect a third-party service, that service's own privacy policy governs how your data is processed by them. Chalk Technologies is not responsible for the privacy practices of third-party services.
If you connect your Gmail account to BETA, we collect your Gmail address, IP address, and name solely to enable that integration. This data is not used for any other purpose and is deleted if you disconnect the integration.
13. DELETING YOUR ACCOUNT
End Users: You can delete your BETA climbing app account by selecting 'Delete Account' on your profile page. Deletion will: (1) sign you out immediately; (2) anonymise or delete identifiable personal data within 30 days; and (3) retain anonymised data (e.g. aggregate climbing statistics) indefinitely as this cannot identify you.
Business Customers: To close a Business Customer account, contact legal@sendmoregetbeta.com. Data will be retained for 30 days post-termination for export purposes, then deleted, subject to legal retention requirements.
14. DATA PROTECTION CONTACT
For all data protection queries, requests, and complaints:
Data Protection Contact: privacyteam@sendmoregetbeta.com
Chalk Technologies OÜ Ahtri tn 12, Tallinn 10151, Estonia
We aim to respond to all data protection requests within 30 days.
15. CHANGES TO THIS NOTICE
We may update this Privacy Notice to reflect changes in our Services, legal requirements, or data processing practices. Where changes are material, we will notify Business Customers by email with 30 days' notice and notify End Users by in-app notification.
The date at the top of this Notice indicates when it was last updated. Your continued use of the Services after the effective date of any change constitutes acceptance.
16. CONTACT US
General queries: hello@sendmoregetbeta.com
Support: support@sendmoregetbeta.com
Legal / contract: legal@sendmoregetbeta.com
Privacy / GDPR / data requests: privacyteam@sendmoregetbeta.com
Supervisory authority (Estonia): Andmekaitse Inspektsioon — www.aki.ee
Supervisory authority (UK): Information Commissioner's Office — www.ico.org.uk
Chalk Technologies OÜ | Ahtri tn 12, Tallinn 10151, Estonia | VAT EE102462465 | DUNS 497093027
Last updated: April 2026 | Version: 3.0
