Member Privacy Policy
Last updated: April 2026
1. Data controller and processor
The data controller for your personal data related to your fitness journey is your coach (or the business/professional who invited you to the platform). SUPALABS SRL (VAT IT04596950248, email: [email protected]) acts as data processor, providing the technology infrastructure through which your coach delivers their services.
2. Data we collect
When you use FitSuite, the following data is collected: identification data (name, email, phone number — optional); demographic data (date of birth, gender); body data (body weight, body measurements, progress photos); questionnaire answers (initial anamnesis and periodic check-ins); usage data (language preference, last active date, plan/workout viewing history). Progress photos are classified as health-related data under GDPR and are processed with appropriate protective measures.
3. Legal basis for processing
Your data is processed on the basis of: consent — given at registration by accepting the Terms of Use and this Privacy Policy; contract execution — necessary to deliver the service (displaying plans, tracking progress, communicating with your coach); legitimate interest — for platform security, abuse prevention, and service improvement.
4. Who accesses your data
Your personal data is accessible to: your coach — through the web dashboard, to manage your training and nutrition journey; FitSuite staff — exclusively for technical support and platform maintenance; sub-processors: MongoDB Atlas (database, EU servers), Cloudinary (image hosting), Resend (transactional email delivery). Your data is never sold to third parties or used for advertising purposes.
5. Data retention
Your data is retained for the duration of your active membership. Upon account deletion request (by you or your coach), data is deleted within 30 days, except where the law requires retention for longer periods. Security logs may be retained for up to 12 months for fraud prevention purposes.
6. International transfers
Some of our sub-processors may process data outside the European Economic Area (EEA). In such cases, transfers are covered by EU Standard Contractual Clauses (SCCs) or other adequate safeguards as required by GDPR.
7. Your rights (GDPR arts. 15-22)
Under the European General Data Protection Regulation (GDPR), you have the right to: access your personal data; rectify inaccurate or incomplete data; obtain erasure of your data (right to be forgotten); restrict processing of your data; obtain data portability in a structured format; object to processing; withdraw consent at any time. To exercise these rights, write to: [email protected]. We will respond within 30 days of your request.
8. Security
We adopt technical and organizational security measures to protect your data: TLS encryption for data in transit; encryption of data at rest; role-based access controls; continuous infrastructure monitoring.
9. Cookies and tracking
The FitSuite mobile app does not use cookies. There are no third-party analytics trackers or advertising systems. We do not perform profiling for advertising purposes.
10. Minors
The FitSuite service is restricted to individuals aged 18 and over. We do not knowingly collect data from minors. If we become aware that we have collected data from a minor, we will proceed with immediate deletion.
11. Changes to this policy
This Privacy Policy may be updated periodically. Changes will be published in the app and on the website. Continued use of the service after publication of changes constitutes acceptance of the new policy.
12. Contact and complaints
For any questions about this Privacy Policy or to exercise your rights, contact us at: [email protected]. You also have the right to lodge a complaint with the Italian Data Protection Authority: Garante per la protezione dei dati personali (www.garanteprivacy.it).