Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

We collect information you voluntarily provide when using our Service:

• Account Information: Name, email address, password (hashed), phone number, date of birth, gender
• Profile Information: Profile photo, bio, fitness goals, experience level, role (client/trainer/admin)
• Health & Fitness Data: Weight, height, body measurements, fitness assessments, workout history, nutrition preferences, medical conditions (if voluntarily disclosed)
• Payment Information: Billing address, payment method details (processed securely by Stripe)
• Communications: Messages with trainers, support tickets, feedback, chat conversations
• User-Generated Content: Workout logs, progress photos, notes, comments

1.2 Information Collected Automatically

• Device Information: IP address, browser type, operating system, device type, unique device identifiers
• Usage Data: Pages visited, features used, time spent on pages, click patterns, session duration
• Location Data: General geographic location (city/state level) inferred from IP address
• Cookies & Similar Technologies: Session cookies, authentication tokens, preference settings

1.3 Information from Third-Party Sources

• OAuth Providers: When you sign in with Google, Apple, or Microsoft, we receive your name, email, and profile photo from those providers
• Payment Processors: Transaction status and payment method information from Stripe
• Analytics Services: Aggregated usage statistics (we do not use Google Analytics)

2. How We Use Your Information

We use your information for the following purposes:

2.1 Service Delivery

• Create and maintain your account
• Authenticate your identity and manage sessions
• Connect you with personal trainers
• Deliver personalized workout programs and nutrition plans
• Process payments and manage subscriptions
• Facilitate video training sessions
• Track your fitness progress and achievements

2.2 Communication

• Send transactional emails (account confirmations, password resets, payment receipts)
• Provide customer support and respond to inquiries
• Send service updates and important notices
• Send marketing communications (with your consent; you may opt out at any time)
• Notify you of security events or suspicious activity

2.3 Service Improvement & Analytics

• Analyze usage patterns to improve features and user experience
• Conduct research and development for new features
• Troubleshoot technical issues and bugs
• Generate aggregated, anonymized statistics

2.4 Safety & Legal Compliance

• Prevent fraud, abuse, and security threats
• Enforce our Terms of Service
• Comply with legal obligations and respond to legal requests
• Protect rights, property, and safety of Elite Prime Fitness, users, and the public
• Conduct audits and verify compliance

3. Information Sharing and Disclosure

We share your information only in the following circumstances:

3.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Supabase: Database hosting and authentication (data processor)
• Stripe: Payment processing (PCI DSS compliant)
• Email Services: Transactional and marketing email delivery
• Cloud Infrastructure: Hosting and content delivery

All service providers are contractually obligated to protect your information and use it only for the specified purposes.

3.2 With Your Trainers

Your assigned personal trainers can access your profile, fitness data, workout history, and communications necessary to provide training services.

3.3 Legal Requirements

We may disclose information if required by law, including:

• In response to subpoenas, court orders, or legal process
• To establish or exercise our legal rights or defend against claims
• To investigate fraud, security issues, or violations of our Terms
• When we believe disclosure is necessary to prevent harm or illegal activity

3.4 Business Transfers

If Elite Prime Fitness is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Service of any change in ownership or use of your personal information.

3.5 With Your Consent

We may share information for other purposes with your explicit consent.

4. Data Security

We implement comprehensive technical and organizational security measures to protect your personal information:

4.1 Technical Safeguards

• Industry-standard encryption for data in transit (TLS 1.3)
• Encryption for sensitive data at rest
• Secure password hashing (bcrypt)
• Multi-Factor Authentication (MFA) requirements
• Regular security audits and vulnerability assessments
• Intrusion detection and prevention systems
• Rate limiting and DDoS protection

4.2 Access Controls

• Row-Level Security (RLS) policies on all database tables
• Principle of least privilege for system access
• Regular access reviews and audit logging
• Employee background checks and confidentiality agreements

4.3 Incident Response

In the event of a data breach affecting your personal information, we will notify you within 72 hours via email and provide:

• Description of the incident and data affected
• Steps we are taking to address the breach
• Recommended actions you should take
• Contact information for questions

Important: No method of transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

5. Data Retention

We retain your personal information for as long as necessary to provide services and fulfill the purposes described in this Privacy Policy:

• Active Accounts: Data retained as long as your account is active
• Deleted Accounts: 30-day grace period, then data anonymized or deleted
• Payment Records: 7 years (required for tax and accounting purposes)
• Legal Holds: Data preserved when required by law or ongoing litigation
• Backup Systems: Data in backups deleted within 90 days of account deletion
• Audit Logs: Security and compliance logs retained for 2 years

After retention periods expire, we securely delete or anonymize your information so that it cannot be linked back to you.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve our Service:

7.1 Types of Cookies We Use

• Essential Cookies: Required for authentication, security, and core functionality
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how users interact with our Service
• Session Cookies: Temporary cookies deleted when you close your browser
• Persistent Cookies: Remain on your device for a set period or until you delete them

7.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect functionality. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block all cookies
• Clear cookies when you close your browser

8. Third-Party Services and OAuth Providers

Our Service integrates with third-party services. When you use these services, you are also subject to their privacy policies:

• Google OAuth: Google Privacy Policy
• Apple OAuth: Apple Privacy Policy
• Microsoft OAuth: Microsoft Privacy Statement
• Stripe Payments: Stripe Privacy Policy
• Supabase: Supabase Privacy Policy

We are not responsible for the privacy practices of these third-party services. We recommend reviewing their policies before using them.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at privacy@eliteprimefitness.com.

Upon verification, we will promptly delete such information from our systems.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

• Post the updated Privacy Policy on this page
• Update the "Last Updated" date
• Send you an email notification (for material changes)
• Display a prominent notice on our Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: