Privacy Policy

BASE 1520 Privacy Policy

Effective date: July 8, 2026 | Last updated: July 8, 2026

This Privacy Policy explains how BASE1520 LLC, doing business as BASE 1520 (“BASE 1520,” “we,” “us,” or “our”), collects, uses, discloses, and protects personal information when you visit https://www.base1520.com (the “Site”), apply for our Alpha or Gamma courses, use our white-labeled fitness app, complete our wellbeing assessments, or otherwise interact with us (collectively, the “Services”).

BASE 1520 is a faith-based fitness and missions-training company. Our Services are intended for adults age 18 and older — pastors, missionaries, and Christian men and women. Because our program involves physical training and whole-person wellbeing, some of the information we collect is health-related and sensitive. We take that seriously, and this Policy tells you plainly what we collect, why, who we share it with, and the rights you have.

An important note about HIPAA and health data

BASE 1520 is not a healthcare provider, health plan, or healthcare clearinghouse, and we are not a “covered entity” or “business associate” under the federal Health Insurance Portability and Accountability Act (HIPAA). We do not claim HIPAA compliance, and HIPAA does not govern the information we collect. However, some information we collect — including self-reported health concerns, food allergies, physical-readiness information, body metrics, progress photos, and mental-health screening results — is treated as sensitive personal information under state privacy laws such as the California Privacy Rights Act (CPRA) and as consumer health data under laws like Washington’s My Health My Data Act (MHMDA). We describe how we handle that data in the “Consumer Health Data” section below.

Information We Collect

We collect the following categories of personal information, depending on how you interact with us.

1. Course applications (Alpha and Gamma)

When you apply for the Alpha men’s course or the Gamma women’s course, we collect: your name, email address, phone number, age, t-shirt size, church or organization, ministry role, location, your reasons for wanting to participate, self-reported physical readiness, health concerns, food allergies, and firearms experience. Firearms-experience information is collected solely to plan and conduct program activities safely; we do not use it for any other purpose. Application responses are stored in Google Sheets (Google Workspace).

2. Waivers and electronic signatures

To participate, you complete a liability, media, non-disclosure, and conduct waiver. We collect your full name, email address, and an electronic signature (an image of the signature you draw on-screen), along with your agreement to the waiver terms. A signed PDF is generated and stored per participant in Google Drive (Google Workspace). We use the signature image only to evidence your agreement to the waiver; we do not extract biometric identifiers or biometric information from it.

3. Wellbeing and mental-health assessments (sensitive health data)

As part of measuring program outcomes, we ask you to complete two validated instruments: the Personal Wellbeing Index (PWI-A) and the GAD-7, a standardized anxiety/mental-health screening instrument. Your responses and scores are sensitive personal information and consumer health data concerning your mental and physical health. Results are stored in Google Sheets with restricted access and are reviewed by Dr. Rikki Permenter, a licensed clinical psychologist, and used as program-outcome measures. We use this data only for the wellbeing and program-evaluation purposes described here and in the “Consumer Health Data” section — not for advertising — and we do not sell it. With your separate, affirmative opt-in consent, these assessments are part of participating in the program; you may decline or withdraw your consent, and we describe how below.

4. Inquiries (Member Care and For Churches)

If you contact us through our Member Care form (for pastors and missionaries), we collect your name, email, role, organization, mission field, and message. If you contact us through our For Churches form, we collect your name, email, organization, role, team size, and message.

5. Free 7-Day Readiness Challenge

When you sign up for the free 7-Day Readiness Challenge, we collect your email address and add you to our email list, which is managed in Mailchimp.

6. The fitness app

Our program uses a white-labeled fitness application powered by Everfit. Through the app, you enter or generate information that may include workout and training data, nutrition data, performance metrics, body metrics, and progress and before/after photos. Some of this is sensitive health-related information and consumer health data. Everfit processes this information under its own privacy policy as well as our agreement with it; please review Everfit’s privacy policy to understand how it handles your data. We do not use your progress photos to derive facial-geometry or other biometric identifiers, and our agreement does not authorize Everfit to do so.

7. Payment information

Course tuition (Alpha $2,000 / Gamma $1,200) and other purchases are processed by our third-party payment providers, Stripe (card payments) and Affirm (installment financing). BASE 1520 does not collect or store your full payment-card number. Card and financing details are collected and processed directly by Stripe and Affirm. Stripe and Affirm are independent companies that act as their own data controllers for fraud prevention, risk, lending, legal-compliance, and similar purposes, and they handle your information under their own privacy policies (and, for Affirm, its own lending terms). We receive transaction confirmations and limited records (such as your name, email, amount, date, and payment status).

8. Information collected automatically

When you visit the Site, we and our hosting and technology providers automatically collect certain technical information, including your IP address, device and browser type, and usage data (such as pages viewed and links clicked). We use cookies and similar technologies through our WordPress platform. We also use Google Analytics (GA4) (measurement ID G-T9R0CTC6YM), a third-party analytics tool that sets its own cookies and helps us understand how visitors find and use the Site. It may collect your IP address, device and browser details, pages viewed, and interactions. We do not use it for advertising or ad-retargeting. You can opt out as described in the “Cookies and Tracking Technologies” and “Your Privacy Rights” sections below.

9. Event media

At in-person events, we (and vendors working on our behalf) may capture photographs and video that include participants. Consent to this media capture is part of the media-release section of the waiver. We use event media for program documentation, marketing, and promotional purposes.

Categories of personal information, sources, and recipients (CCPA/CPRA)

For California residents, the following table maps what we collect to the statutory categories under the CPRA, the sources, and the categories of third parties to whom we disclose it for a business purpose. This section, together with the descriptions above, serves as our notice at collection.

  • Identifiers (name, email, phone, IP address) — collected from you and automatically; disclosed to Google, Mailchimp, Stripe, Affirm, and our web host.
  • Customer records / financial information (name, contact details, transaction records) — collected from you and from our payment providers; disclosed to Stripe and Affirm.
  • Protected-classification and demographic information (age) — collected from you; disclosed to Google.
  • Health and medical information (health concerns, allergies, physical-readiness, PWI-A/GAD-7 results, body metrics, progress photos) — sensitive personal information; collected from you and from the app; disclosed to Google and Everfit and reviewed by our clinical psychologist.
  • Internet/usage activity (pages viewed, links clicked) — collected automatically; disclosed to our web host.
  • Geolocation (general location you provide; IP-based location) — collected from you and automatically; disclosed to Google and our web host.
  • Audio/visual information (signature image, event photos and video) — collected from you and at events; disclosed to Google and event vendors.
  • Professional/employment and organizational information (ministry role, church/organization, mission field, team size) — collected from you; disclosed to Google.
  • Inferences and program-outcome measures derived from assessment data — used only for program evaluation as described.

How We Use Your Information

  • To review and respond to course applications and determine participation.
  • To administer the Alpha and Gamma courses, the fitness app, and the free Readiness Challenge.
  • To have you complete, and to store and review, liability/media/NDA/conduct waivers.
  • To measure program wellbeing outcomes using the PWI-A and GAD-7, reviewed by our licensed clinical psychologist.
  • To respond to Member Care and For Churches inquiries.
  • To process payments and financing and to keep transaction records.
  • To send you emails you have requested or that relate to your participation, and — with your consent where required — marketing and promotional messages.
  • To operate, secure, maintain, and improve the Site and Services.
  • To comply with legal obligations, enforce our agreements, and protect the rights, safety, and property of BASE 1520, our participants, and others.

We use sensitive personal information (health concerns, allergies, physical-readiness and mental-health assessment data, body metrics, and progress photos) for the purposes of providing the Services you requested, protecting your safety during physical training, and — as a distinct, secondary purpose that you consent to — evaluating program outcomes with review by our clinical psychologist. We do not use it to infer characteristics for advertising, and we do not sell or “share” it for cross-context behavioral advertising. Because we use some sensitive personal information for the secondary program-evaluation purpose, you may direct us to limit its use to service delivery only, as described under “Your Privacy Rights.”

Consumer Health Data (Washington MHMDA and Similar Laws)

Some of the information we collect is “consumer health data” under laws such as Washington’s My Health My Data Act, Nevada SB 370, and the health-data provisions of the Connecticut Data Privacy Act. This section applies to that data and controls in the event of any conflict with the rest of this Policy.

  • Categories of consumer health data we collect: self-reported health concerns and physical-readiness information; food allergies; mental-health screening responses and scores (PWI-A, GAD-7); and app-generated health data (workout, nutrition, performance, body metrics, and progress/before-after photos).
  • Sources: directly from you (applications, waivers, assessments) and from your use of the fitness app.
  • Purposes: to enroll and safely administer your participation; to evaluate program outcomes; and, for photos, program documentation and (per your media release) promotion.
  • Who we share it with: Google (Google Workspace storage) and Everfit (the fitness app), which act as our processors for this data, and our reviewing clinical psychologist. We do not sell consumer health data, and we do not share it for advertising.
  • Consent: we collect consumer health data only after you provide affirmative opt-in consent, and we obtain a separate, valid authorization before any sharing that would require one under applicable law.
  • Your rights: you have the right to confirm whether we collect, share, or sell your consumer health data; to access it; to withdraw your consent; and to have it deleted. To delete your consumer health data, we will also direct our processors to delete it. To exercise any of these rights, contact us at info@base1520.com.

Legal Bases for Processing (for users in the EU/EEA/UK)

Where the EU or UK General Data Protection Regulation (GDPR) applies — for example, if you are a missionary or user located in the EU/EEA or UK — we rely on the following legal bases:

  • Contract: to administer the course, app, and services you sign up for.
  • Explicit consent: for marketing emails, for processing special-category (health) data such as your assessment results, health concerns, and app health data, and for optional media use. Where we rely on consent for special-category data, we capture that consent separately and explicitly at the point of collection, and you may withdraw it at any time.
  • Legitimate interests: to operate, secure, and improve our Services, where not overridden by your rights.
  • Legal obligation: to meet tax, accounting, and other legal requirements.

Under the GDPR you also have the rights to access, rectify, erase, and port your data; to object to processing; to restrict processing; to withdraw consent; and to lodge a complaint with your local data-protection supervisory authority. Where the GDPR applies, we respond to rights requests within one month (extendable by up to two further months for complex requests, with notice).

How We Share Your Information

We do not sell your personal information to advertisers or data brokers, and we do not “share” it for cross-context behavioral advertising as those terms are defined under California law. We disclose personal information in the circumstances described below.

Service providers / processors that act on our behalf

These providers are authorized to use your information only to perform services for us and are contractually required to protect it:

  • Google (Google Workspace): Google Sheets and Google Drive store application responses, waivers/signed PDFs, and assessment results; Google Apps Script automation generates and emails your confirmations.
  • Mailchimp: manages our email list and sends the Readiness Challenge and marketing emails.
  • Last Hour Hosting: hosts the WordPress Site and maintains server logs (including IP addresses).
  • Google Analytics (GA4): an analytics provider that helps us understand and improve how the Site is used; it processes usage data as described in the “Information Collected Automatically” and “Cookies” sections, under its own privacy policy.

Independent third parties that act as their own controllers

These parties use your information for their own purposes under their own privacy policies, which we encourage you to review:

  • Stripe — processes card payments and acts as an independent controller for payment, fraud, risk, and compliance purposes.
  • Affirm — an independent lender that makes credit decisions and processes your information as its own controller under its own privacy and lending terms.
  • Everfit — provides the fitness app and processes the workout, nutrition, performance, body-metric, and photo data you enter there under its own privacy policy.

We may also disclose personal information: to professional advisors (such as our reviewing clinical psychologist, lawyers, or accountants); to comply with law, legal process, or lawful government requests; to enforce our terms and waivers; to protect rights, safety, and property; and in connection with a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to honor this Policy.

Cookies and Tracking Technologies

Our WordPress Site uses cookies and similar technologies for essential functionality (such as security and basic operation) and for analytics. Our analytics cookies come from Google Analytics (GA4). We do not run third-party advertising, ad-retargeting, or session-recording trackers. You can control cookies through your browser settings (disabling some may affect Site functionality) and opt out of Google Analytics with Google’s browser add-on at tools.google.com/dlpage/gaoptout. We honor recognized browser-based opt-out preference signals, such as Global Privacy Control (GPC), where required by applicable state law. Because our use of these analytics cookies may be considered a “sale” or “sharing” of personal information under some state privacy laws, you may opt out using the mechanisms above or by enabling GPC, and we will treat that as your opt-out.

Your Privacy Rights

Depending on where you live, you may have some or all of the following rights regarding your personal information:

  • Right to know / access: to request the categories and specific pieces of personal information we have collected about you.
  • Right to correct: to request that we correct inaccurate personal information.
  • Right to delete: to request that we delete personal information we have collected from you, subject to legal exceptions.
  • Right to data portability: to obtain a copy of certain information in a portable format.
  • Right to opt out of the sale or sharing of personal information and of targeted advertising. We do not sell your personal information for money and do not use it for targeted advertising. However, our use of Google Analytics cookies may be considered a “sale” or “sharing” under some state privacy laws; you can opt out at any time by enabling Global Privacy Control (GPC) in your browser, using the opt-out link in the “Cookies and Tracking Technologies” section, or emailing info@base1520.com.
  • Right to limit the use and disclosure of sensitive personal information: because we use some sensitive personal information for the secondary purpose of program-outcome evaluation, you may direct us to limit our use of your sensitive personal information to what is necessary to deliver the Services you requested. Email info@base1520.com to make this request.
  • Right to non-discrimination: we will not discriminate against you for exercising any of these rights.
  • Right to withdraw consent (including for health-data processing and marketing) at any time.

These rights are provided under the California Consumer Privacy Act as amended by the CPRA, and under the comprehensive privacy laws of states including Virginia, Colorado, Connecticut, Texas, Oregon, Montana, and others, as well as Washington’s My Health My Data Act for consumer health data. Your specific rights depend on your state of residence.

How to exercise your rights

To make a request, email us at info@base1520.com (please put “Privacy” in the subject line), or write to us at the mailing address in the “Contact Us” section. We will verify your identity before fulfilling your request, typically by confirming information we already hold about you. You may use an authorized agent to submit a request on your behalf, subject to verification. We will respond within the timeframes required by applicable law (generally 45 days for US state-law requests, extendable where permitted; one month for GDPR requests). We do not charge a fee for a reasonable request unless permitted by law.

Appeals

If we decline your request, you may appeal by emailing info@base1520.com with the subject line “Privacy Appeal” within a reasonable time of our decision. We will respond to your appeal within the period required by your state’s law (generally 45 or 60 days) and explain the reasons for our decision. If your appeal is denied, you may contact your state Attorney General to submit a complaint — for example, the California Privacy Protection Agency or your state Attorney General’s office (Virginia, Colorado, Connecticut, Texas, Oregon, Montana, and other states provide this route).

California “Shine the Light”

California Civil Code Section 1798.83 permits California residents to request information about disclosures of personal information to third parties for their direct-marketing purposes. We do not disclose personal information to third parties for their own direct marketing.

Email and Text Messaging (CAN-SPAM / TCPA)

We send marketing and promotional emails only in accordance with the federal CAN-SPAM Act and applicable law. Every marketing email includes a clear way to unsubscribe (typically an “unsubscribe” link managed through Mailchimp), identifies BASE 1520 as the sender, includes our valid physical mailing address, and does not use deceptive subject lines. You can opt out of marketing emails at any time using the unsubscribe link or by emailing info@base1520.com. We may still send you non-promotional messages related to your account, application, payment, or active participation.

We collect a phone number on applications to contact you about your application and participation. We do not send marketing text messages, and we will not use your phone number for promotional texts without your prior express written consent, as required by the Telephone Consumer Protection Act (TCPA). If we introduce SMS messaging in the future, we will obtain that consent separately and provide opt-out instructions (such as replying STOP).

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy. Specific periods and criteria include:

  • Signed waivers and liability records: retained for the applicable statute-of-limitations period for liability claims, generally up to 7 years after your participation ends.
  • Transaction and tax records: retained as required by tax and accounting law, generally 7 years.
  • Application and course-administration data: retained for the duration of your relationship with us and up to 3 years afterward, then deleted or de-identified.
  • Assessment (PWI-A / GAD-7) results: retained in identifiable form only through the end of your program cycle and program-evaluation period, after which the data is de-identified or deleted, generally within 12 months of the program cycle’s completion.
  • Fitness-app data: retained for the duration of your app access; upon termination it is handled per our agreement with Everfit and Everfit’s retention practices.
  • Email-list data: retained until you unsubscribe or request deletion.

When information is no longer needed, we delete or de-identify it. You may request deletion as described above, subject to legal exceptions.

How We Protect Your Information

We use reasonable administrative, technical, and physical safeguards designed to protect personal information. For sensitive information — assessment results, health concerns, waivers, and app health data — these include access controls that restrict the data to authorized personnel and our reviewing clinical psychologist, storage in Google Workspace with restricted sharing permissions, and encryption both in transit and at rest as provided by Google Workspace and our other platforms. Our service providers maintain their own security programs. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we experience a data breach affecting your personal information, we will notify you and regulators as required by applicable law.

Biometric Information

We collect an image of your on-screen signature and photographs that may include your face. We use these only to document your waiver agreement and your program participation and media release. We do not collect, capture, or derive biometric identifiers or biometric information (such as faceprints or facial-geometry scans) from signatures or photos, and our agreements do not authorize our providers to do so on our behalf. If this ever changes, we will update this Policy and obtain any consent required under laws such as the Illinois Biometric Information Privacy Act (BIPA).

International Data Transfers

BASE 1520 is based in the United States, and our service providers are primarily located in the United States. If you access the Services from outside the United States — for example, missionaries serving abroad or users in the EU/EEA or UK — your personal information will be transferred to and processed in the United States, where data-protection laws may differ from those in your country. Where required for transfers of EU/EEA/UK personal data, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, to the extent such safeguards are in place with the relevant provider. By using the Services, you understand that your information will be processed in the United States.

Children’s Privacy

Our Services are intended for adults age 18 and older and are not directed to children. We do not knowingly collect personal information from anyone under 18, and we do not knowingly collect personal information from children under 13 in violation of the Children’s Online Privacy Protection Act (COPPA). If you believe a minor has provided us personal information, please contact info@base1520.com and we will delete it. Consistent with California law, we do not sell or share the personal information of any consumer we know to be under 16.

Third-Party Links

The Site may link to third-party websites and services (including our payment providers and the fitness app provider). We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy policies.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above and, for material changes, provide additional notice as required by law. Your continued use of the Services after an update means you accept the revised Policy.

Governing Law

This Privacy Policy is governed by the laws of the State of Louisiana and applicable United States federal law, without regard to conflict-of-laws principles, except where a specific state’s privacy law applies to you as a resident of that state.

Contact Us

If you have questions about this Privacy Policy or how we handle your personal information, or to exercise your privacy rights, contact us:

  • BASE 1520 (BASE1520 LLC)
  • Email: info@base1520.com
  • Mailing address: 2991 Nesom Rd, Clinton, LA 70722
Scroll to Top