1. Introduction
FitnessCitadel (“we”, “our”, “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our platform, mobile applications, and related services (the “Services”).
By using our Services, you agree to the practices described in this Privacy Policy.
2. Scope and Legal Framework
This Policy applies globally. Depending on where you are located, different laws apply, including but not limited to:
- European Union & EEA: General Data Protection Regulation (EU) 2016/679 (“GDPR”)
- United Kingdom: UK GDPR and Data Protection Act 2018
- United States: California Consumer Privacy Act (CCPA) / CPRA, and other state privacy laws
- Brazil: Lei Geral de Proteção de Dados (LGPD)
- Other regions: Applicable local data protection laws
We apply GDPR-level protection to all users, regardless of their jurisdiction.
3. Data We Collect
We may collect the following categories of personal data:
- Account Data: name, email address, username, password, organization/trainer affiliation
- Billing Data: payment method, billing address, subscription plan details
- Fitness Data (if provided by trainers or organizations): plans, tasks, progress, uploaded files
- Technical Data: IP address, device type, browser, operating system, cookies, log data
- Communication Data: messages, support requests, feedback
- Marketing Data: preferences, newsletter subscriptions
We do not knowingly collect data from children under 16 without parental consent.
4. How We Use Your Data
We process your data for:
- Service delivery – to create and manage accounts, provide access to training plans, communication portals, and billing.
- Security and compliance – to prevent fraud, secure accounts, and comply with legal obligations.
- Payments – to process subscription fees and issue invoices.
- Improvement – to analyze usage and improve Services.
- Marketing – to send updates, promotions, and newsletters (where legally permitted).
Legal bases for processing (under GDPR):
- Contractual necessity (Art. 6(1)(b))
- Legitimate interests (Art. 6(1)(f))
- Legal obligations (Art. 6(1)(c))
- Consent (Art. 6(1)(a))
5. Sharing Your Data
We may share data with:
- Service providers (hosting, cloud storage, payment processors, analytics, email services)
- Trainers/Organizations (if you are their client on FitnessCitadel)
- Legal authorities (if required by law)
- Business transfers (e.g., mergers, acquisitions)
We never sell your personal data.
6. International Data Transfers
Data may be processed outside your country.
- For EU/UK users, we rely on:
- Adequacy decisions (e.g., EU–US Data Privacy Framework)
- Standard Contractual Clauses (SCCs)
- All transfers are protected with appropriate safeguards.
7. Data Retention
We retain your data only as long as necessary to:
- Provide Services
- Fulfill contractual and legal obligations
- Resolve disputes
Inactive accounts are deleted after [1 year]. Financial and legal records are retained as required by law.
8. Your Rights
Depending on your location, you may have the following rights:
- EU/UK GDPR: access, rectification, erasure, restriction, portability, objection, withdraw consent, lodge complaint
- CCPA/CPRA (California): right to know, delete, opt-out of data sale/sharing, non-discrimination
- LGPD (Brazil): confirm processing, access, correction, anonymization, portability, information on sharing, revoke consent
You can exercise your rights by contacting us at: [your privacy email/contact form].
9. Cookies and Tracking
We use cookies and similar technologies for:
- Authentication and session management
- Analytics and performance (e.g., Google Analytics)
- Marketing (only with consent in GDPR regions)
You can manage cookie preferences via your browser or our Cookie Banner.
10. Security
We implement appropriate technical and organizational measures, including:
- Encryption in transit and at rest
- Role-based access control
- Regular audits and monitoring
- Secure cloud hosting (AWS, Heroku, etc.)
11. Children’s Privacy
Our Services are not directed to children under 16. Trainers/Organizations are responsible for obtaining parental consent where required.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Updates will be posted on our website with a “Last Updated” date.
13. Contact Us
If you have any questions, requests, or complaints regarding this Privacy Policy, please contact us at: