Privacy Policy

1. Data Controller

Grow-Fit Club ("we", "our", or "us") is the data controller responsible for your personal information. You can contact us at [email protected].

2. Information We Collect

2.1 Account Information

• Email address (for authentication and communication)
• Username and display name
• Profile information (first name, last name, timezone)
• Profile picture (optional)

2.2 Fitness Data

• Daily activity metrics (steps, distance, calories burned)
• Exercise and workout data
• Heart rate data (if shared by connected devices)
• Sleep data (if shared by connected devices)
• Data from connected fitness trackers (Garmin, Strava, Fitbit, Apple Health, Google Fit)

2.3 Usage Information

• Log data (IP address, browser type, pages visited)
• Group memberships and activity
• Challenge participation and results
• Communication within groups

3. How We Use Your Information

We process your personal data for the following purposes:

3.1 Service Provision

• Legal basis: Contractual Obligation
• Providing and maintaining the fitness tracking platform
• Enabling group creation and management
• Synchronizing data from connected fitness trackers
• Displaying progress and leaderboards

3.2 Communication

• Legal basis: Consent / Legitimate Interest
• Sending magic link authentication emails
• Group invitations and notifications
• Important service updates and security alerts
• Optional marketing communications (with consent)

3.3 Analytics and Improvement

• Legal basis: Legitimate Interest
• Analyzing usage patterns to improve our service
• Generating anonymized statistics and insights
• Ensuring security and preventing fraud

4. Data Retention

• Account data: Retained while your account is active, then deleted within 30 days of account closure
• Fitness statistics: Retained for 2 years, then anonymized or deleted
• Authentication sessions: Expire after 90 days of inactivity
• Magic links: Expire after 10 minutes and are automatically deleted
• Audit logs: Retained for 7 years for security and legal compliance
• Backup data: Automatically deleted after 30 days

5. Your Rights

Under GDPR and CCPA, you have the following rights:

• Right to be Informed: This privacy policy explains how we use your data
• Right of Access: Request a copy of your personal data
• Right of Rectification: Update incorrect or incomplete information
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Export your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for marketing communications
• Right to Complain: File a complaint with your data protection authority
• Rights regarding Automated Decision-Making: We do not use automated profiling

To exercise these rights, contact us at [email protected]or use the data export/deletion tools in your account settings.

6. Data Security

• All data is transmitted using SSL/TLS encryption
• Sensitive data is encrypted at rest in our database
• Regular security audits and penetration testing
• Staff access is limited and logged
• Two-factor authentication for admin accounts
• Regular security updates and patches

7. Data Sharing

We do not sell your personal data. We may share data in limited circumstances:

• Within Groups: Fitness data is shared according to your privacy settings
• Service Providers: Trusted third parties who help operate our service (hosting, email delivery)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In case of merger or acquisition (with notice)

8. International Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place, including standard contractual clauses approved by the European Commission.

9. Cookies and Tracking

We use cookies and similar technologies:

• Essential Cookies: Required for authentication and security
• Analytics Cookies: Help us understand how you use our service
• Preference Cookies: Remember your settings and preferences

You can manage cookie preferences through your browser settings or our cookie consent banner.

10. Children's Privacy

Our service is not intended for users under 13 years old. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided personal information, we will delete it immediately.

11. Changes to This Policy

We may update this privacy policy periodically. We will notify you of significant changes by email or through our service. Your continued use after changes indicates acceptance of the updated policy.

12. Contact Us

For privacy-related questions or requests:

• Email: [email protected]
• Subject: Privacy Policy Inquiry
• Response Time: We will respond within 30 days