Privacy Policy

FitBuddy is the controller of personal data processed through the Platform. For GDPR matters you can reach our privacy team at privacy@fitbuddy.app.

Account data: name, email, password hash, role (client or partner), profile photo, city, social links, and authentication identifiers (including Google sign-in identifiers if you use it).

Partner data: bio, services, pricing, availability, gallery images, certifications you choose to display, and audit records for Partner Agreement acceptance (version, timestamp, IP address, user-agent, checkbox acknowledgements).

Booking & transaction data: bookings, schedules, locations, messages exchanged, reviews, ratings, payment metadata, payout status, refunds, and dispute records. Full card details are handled by Stripe; we receive only tokenized references and limited metadata.

Usage & device data: log data, IP address, browser type, device identifiers, pages viewed, and approximate location derived from IP.

Communications: messages you send through the Platform and support correspondence.

Provide the service – create accounts, match Clients and Partners, process bookings and payments, deliver messages, surface reviews. Legal basis: performance of a contract.

Safety & integrity – detect fraud, prevent abuse, enforce our Terms, investigate reports, maintain audit trails for legal agreements. Legal basis: legitimate interests and legal obligations.

Communications – transactional emails, booking notifications, security alerts. Legal basis: performance of a contract; service messages are not marketing.

Improvement & analytics – understand usage to improve features. Legal basis: legitimate interests, or consent where required.

Marketing – only where you have opted in or where permitted under soft opt-in rules. You can unsubscribe at any time.

Legal compliance – comply with tax, accounting, anti-fraud, and law-enforcement obligations.

Other users: Profile details, listings, messages, and reviews are shared with the counterparty to a booking as needed to deliver the service.

Service providers (processors): Stripe (payments and payouts), Supabase (hosting, database, authentication, storage), Google (optional sign-in), email and analytics vendors. These providers act on our instructions and are bound by written data-processing terms.

Legal & safety: We may disclose information when required by law, to enforce our Terms, or to protect the rights, safety, or property of FitBuddy, our users, or the public.

Business transfers: In a merger, acquisition, or asset sale, personal data may be transferred subject to this Policy.

We do not sell personal information and we do not share it for cross-context behavioral advertising as those terms are defined under CCPA/CPRA.

Personal data may be processed in countries other than your own, including the United States. Where required, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and equivalent UK/Swiss mechanisms.

We keep personal data for as long as your account is active and afterwards as needed to satisfy legal, tax, accounting, anti-fraud, and dispute-resolution obligations. Partner Agreement acceptance records are retained for the period required to evidence consent and contractual obligations. Aggregated or de-identified data may be retained indefinitely.

Subject to applicable law, you have the right to access, rectify, erase, restrict, or object to processing of your personal data, the right to data portability, and the right to withdraw consent at any time without affecting prior processing.

You may also lodge a complaint with your local supervisory authority. We will respond to verifiable requests within the timeframes required by law.

California residents have the right to know what personal information we collect, use, disclose, and retain; the right to delete; the right to correct inaccurate information; the right to limit the use of sensitive personal information; and the right to non-discrimination for exercising these rights.

Because we do not sell or share personal information for cross-context behavioral advertising, no opt-out is required, but you may still submit a request to confirm. Authorized agents may submit requests on your behalf with proof of authority.

We use strictly necessary cookies to operate the Platform (authentication, security, load balancing). Where we use analytics or preference cookies, we request consent in regions that require it. You can control cookies through your browser settings.

We use technical and organizational measures including encryption in transit, hashed credentials, role-based access controls, row-level security on our database, and audit logging. No system is perfectly secure; please use a strong, unique password and notify us of suspected unauthorized access.

The Platform is not directed to children under 18 and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact privacy@fitbuddy.app and we will delete it.

We do not make decisions producing legal or similarly significant effects about you based solely on automated processing. Fraud-prevention signals may inform manual review by our team.

We may update this Policy from time to time. We will notify you of material changes through the Platform or by email and update the "Last updated" date below.

Privacy questions or rights requests: privacy@fitbuddy.app.