Privacy & Data Protection

TestMi is a sports performance testing platform designed for youth athletes. Because we handle data relating to children, we take data protection extremely seriously and have built the platform with GDPR compliance and safeguarding at its core.

We collect and process the following categories of data:

• Athlete information — name, date of birth, gender, club membership, and physical measurements (height, weight, sitting height) used for biological age calculations.
• Performance data — test results from sessions such as sprint times, jump distances, agility scores, and other sport-specific metrics.
• Coach and administrator accounts — email address, name, and role within the organisation.
• Consent records — the name of the person providing consent (the athlete themselves if aged 13+, or a parent/guardian for younger athletes), their relationship to the athlete, and the date consent was given.

TestMi is specifically designed to work with data belonging to children and young people. We recognise the additional protections required under GDPR Article 8 and the UK Data Protection Act 2018.

• For athletes under 13, parental or guardian consent is required before any data is recorded. Athletes aged 13 and over may provide their own consent in line with UK data protection law.
• Consent is captured through secure, tokenised links. The form automatically presents the appropriate consent options based on the athlete's age.
• Athletes' data is only accessible to authorised coaches and administrators within the same organisation.
• Shared report links are view-only and do not expose login credentials or editable data.

Data collected through TestMi is used to:

• Track and report on individual athlete performance over time.
• Calculate normative scores (T-scores, percentiles) by comparing results against aggregated, anonymised platform data.
• Generate performance reports that can be shared with parents and guardians.
• Estimate biological maturity using the Mirwald equation for age-appropriate comparisons.

We do not sell, share, or transfer personal data to third parties for marketing or any unrelated purpose.

• All data is encrypted at rest and in transit.
• The platform enforces role-based access controls — coaches can only access athletes within their organisation.
• Two-factor authentication is available for all user accounts.
• The application is hosted on secure, managed infrastructure with regular security updates.

As a data subject (or the parent/guardian of a data subject), you have the right to:

• Access — request a copy of the personal data we hold.
• Rectification — ask us to correct inaccurate data.
• Erasure — request deletion of personal data ("right to be forgotten").
• Portability — receive your data in a machine-readable format.
• Withdraw consent — revoke consent at any time, after which data processing will cease.

To exercise any of these rights, contact your organisation's TestMi administrator or reach out to us directly using the details below.

Athlete data is retained for as long as the organisation maintains an active account. When an organisation deletes an athlete record or closes their account, all associated personal data is permanently removed.

Anonymised, aggregated performance data used for normative calculations may be retained after individual records are deleted, as it cannot be linked back to any individual.

If you have questions about how your data is handled, or wish to exercise your data protection rights, please contact your organisation's administrator in the first instance.