Creeper-Proof: Why Proximity BLE Beats Always-On GPS

TL;DR

Privacy-first hardware is not a feature. It is a design constraint. HyperPulse cannot leak athlete location data because there is no location data — the device has no GPS chip and no cellular radio. This is the parent-side architectural moat against SPT, Catapult, and the entire GPS-pod category.

The conversation every athletic director will eventually have

It goes like this: a parent reads about a "team wearable" program their kid is being asked to opt into. They Google the device. They find the product page. They scroll past the marketing copy to the privacy policy. They see "we collect GPS location data for performance analytics" — and they immediately ask three questions:

Who has access to my child's location?
Where is that data stored, and for how long?
What happens to that data if you get acquired, or breached?

If you sell a GPS-based wearable to youth athletes, you have to answer all three questions in a way that makes a 14-year-old's parent comfortable. That is an extremely high bar — and it's the bar your competitors are racing to clear.

Why HyperPulse doesn't have this conversation

The device has no GPS chip. It has no cellular radio. It cannot, architecturally, leak location data — because no location data exists in the first place.

What it does collect:

Accelerometer + gyroscope motion (800Hz IMU)
Wear detection and sensor status
Magnetometer compass bearing for IMU route reconstruction
Barometric pressure (altitude-normalized performance)
Environmental context (not heat illness detection)

What it does NOT collect:

GPS coordinates (no hardware)
Cellular signal data (no hardware)
Audio of any kind (no microphone exposed for marketing — see footer)
Video
External-network connectivity during competition (BLE-only, paired only to a single sideline iPad inside 30m)

The 30m bubble is the moat

BLE 5.0 has a practical line-of-sight range of about 30 meters. That is the entire transmission radius of the HyperPulse puck. The receiver must be within that bubble. Once the athlete walks off the field, the BLE link drops.

This is the architectural moat. There is no scenario where an unauthorized device picks up the athlete's stream from across the parking lot. There is no scenario where a stranger discovers the athlete from a public leaderboard — because there is no public leaderboard. There is no scenario where the data leaves the iPad without the coach (or parent) explicitly exporting it.

"Could a malicious actor still sniff BLE?"

BLE 5.0 supports AES-CCM encryption with a paired keypair. HyperPulse pucks are paired to a specific iPad via a pre-shared pairing key generated at first setup. An unpaired BLE sniffer within 30m sees encrypted gibberish — not athlete-readable metric data.

Even if a sophisticated actor decrypted the stream, the data on the wire is movement and device telemetry — not name, age, school, or location. The puck doesn't know the athlete's identity. Identity lives in the coach's iPad, on the coach's account, behind COPPA-aligned parent consent.

The parent-facing dashboard

HyperPulse ships a parent-facing dashboard where the parent (not the coach, not the school) controls:

Which metrics are tracked vs. opted out
Whether the data is shared with the coach, the team, or kept private to the athlete
Whether scout-PDF exports are allowed (off by default for athletes under 16)
One-tap data deletion of all athlete data, no questions asked

This is COPPA's whole point — parents own minors' data. The competitive landscape (SPT, Catapult, STATSports) does not have this. Their dashboards are coach-facing only. The parent has no on/off switch and no deletion control.

The FERPA + state-law future is coming faster than people think

Texas HB 18 (the "Securing Children Online through Parental Empowerment Act"), California AB 2273 (the "California Age-Appropriate Design Code Act"), and Florida HB 379 (digital safety for youth) are all live legislation that constrains how youth-athlete biometric data can be collected, stored, and shared.

An athletic department buying a GPS-based wearable today is one parent lawsuit + one slow news cycle away from a board-level investigation. HyperPulse's BLE-only architecture is structurally pre-compliant with the existing state laws and likely pre-compliant with any reasonable interpretation of the federal Children's Online Privacy Protection Act updates expected in 2027.

The footer line every parent will read

HyperPulse's footer disclaimer leads with this: "CREEPER-PROOF BY DESIGN. No GPS hardware. No cellular radio. No public athlete profiles. No third-party data sale. Location and identity stay inside the 30m BLE bubble between the patch and the coach's iPad. A stranger cannot find your athlete through HyperPulse."

This is not a marketing line. It is a description of the hardware. Competitors cannot match the claim because they cannot match the hardware.

If you're a parent evaluating any youth-athlete wearable — HyperPulse or competitor — the single question to ask is: does this device have GPS or cellular hardware in it? If yes, you have a privacy question to resolve. If no, you have nothing to resolve, because there is nothing to leak.

SEE IT LIVE.

Book a 15-minute demo. A real coach replies in under 4 business hours.

Book My Demo →