Privacy Policy

FitCoach is a comprehensive health management and coaching platform connecting certified health coaches with clients seeking personalized fitness, nutrition, and wellness guidance. This Privacy Policy applies to all users of our Service, including:

• Clients: Individuals seeking health and fitness coaching services
• Coaches: Certified health and fitness professionals providing coaching services
• Administrators: Platform administrators managing the Service
• Visitors: Anyone browsing our website or public content

We are committed to protecting your privacy and handling your personal information with the highest standards of security and transparency. This policy complies with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), the California Consumer Privacy Act (CCPA), and other relevant regulations.

We collect various types of information to provide and improve our Service:

2.1 Personal Identification Information

• Account Information: Full name, email address, password (encrypted), phone number, WhatsApp number
• Profile Information: Profile photo/avatar, address details (street address, neighborhood, city, state, postal code, country)
• Role-Specific Information: User role (client, coach, or admin), coach referral codes, client-coach assignments
• Coach Professional Information: Specialization, years of experience, professional description, certifications, awards, transformation portfolio images
• Social Media Links: Instagram, Facebook, Twitter, LinkedIn, YouTube, and personal website URLs (for coaches)

2.2 Health and Wellness Data

• Biometric Data: Weight, height, Body Mass Index (BMI), and historical tracking of these metrics
• Progress Tracking: Water intake logs, progress notes, progress photographs with captions, and timestamp data
• Personal Health Goals: Fitness objectives, wellness targets, and plan-specific goals
• Contact Request Data: Age, gender, current weight, height, health concerns, and personal messages submitted through contact forms

2.3 Service Usage Data

• Coaching Plans: Plan titles, descriptions, duration, tasks, completion status, start and end dates
• Subscriptions: Subscription status, payment amounts, duration (typically 1-52 weeks), plan details, approval status
• Plan Requests: Client requests to join specific coaching plans, request status, and related communications
• Product Interactions: Products browsed, added to cart, or purchased, including product names, descriptions, prices, categories, and images
• Orders: Order history, items purchased, quantities, pricing, discount information, voucher codes applied, payment proof uploads, payment mode, order status, and notes
• Notifications: In-app notifications including system alerts, order updates, plan notifications, and read status

2.4 Payment Information

• Transaction Data: Payment amounts, transaction dates, payment modes (manual QR code, cash, other)
• Payment Proof: Images of payment confirmations or transaction receipts uploaded by users
• Coach Payment Details: QR codes for UPI or manual payments (stored securely)
• Platform Subscription Payments (Coaches): Platform subscription fees, payment history, transaction IDs, approval status, subscription validity periods, and payment proof screenshots
• Admin Payment QR: QR code uploaded by administrators for coach platform subscription payments
• Note: We do not directly process or store sensitive payment card information. Payment processing is handled through secure third-party payment processors who comply with PCI DSS standards.

2.5 Technical and Usage Data

• Authentication Data: JWT access tokens (short-lived), refresh tokens (stored securely), login timestamps, session information
• Device Information: IP address, browser type and version, operating system, device identifiers
• Usage Patterns: Pages visited, features used, time spent on platform, click patterns, navigation paths
• Log Data: Server logs, error logs, access logs, and performance monitoring data
• Cookies and Similar Technologies: Session cookies, authentication cookies (HTTP-only), preference cookies, analytics cookies

2.6 Communications Data

• Messages: Communications between clients and coaches, customer support inquiries, feedback submissions, bug reports
• Contact Requests: Information submitted through contact forms, including personal messages and health information
• Email Communications: Records of emails sent and received related to your account and services

2.7 User-Generated Content

• Photos and Images: Profile avatars, progress photos, coach portfolios (awards, certifications, transformation results), product images
• Text Content: Notes, descriptions, captions, feedback, reviews, and comments
• All user-uploaded content is stored securely using Cloudinary, a third-party cloud storage service, and is protected with appropriate access controls

3.1 Information You Provide Directly

• When you create an account or register for our Service
• When you complete your profile or update your information
• When you purchase products, subscribe to plans, or place orders
• When you upload photos, enter health data, or log progress
• When you submit contact forms, feedback, or support requests
• When you communicate with coaches or our support team
• When you participate in surveys, promotions, or events

3.2 Information Collected Automatically

• Cookies and Tracking Technologies: We use HTTP-only cookies for authentication and session management, and analytics cookies to understand how users interact with our Service
• Server Logs: Our servers automatically record information when you access our Service, including your IP address, browser type, referring URLs, and pages accessed
• Authentication Systems: Login times, token refresh events, logout events, and security-related activities

3.3 Information from Third Parties

• Payment Processors: Transaction confirmation data (we do not receive full payment card details)
• Cloud Storage Providers: Cloudinary provides secure image hosting and delivery services
• Analytics Services: Aggregated usage statistics and performance metrics
• Referrals: Information provided by other users when they refer you to the platform using coach referral codes

We use the collected information for the following purposes:

4.1 Service Delivery and Account Management

• Create, maintain, and secure your account
• Authenticate your identity and manage access to your account
• Match clients with appropriate coaches based on referral codes
• Enable coaches to manage their client relationships and provide services
• Process and fulfill subscriptions, orders, and product purchases
• Facilitate communication between clients and coaches
• Display your profile information to relevant users (coaches to their clients, public coach profiles)

4.2 Health and Fitness Services

• Enable progress tracking and health monitoring
• Allow coaches to create and manage personalized coaching plans
• Provide tools for logging weight, height, BMI, water intake, and other health metrics
• Store and display progress photos securely for client-coach review
• Generate progress reports and analytics
• Send reminders for progress logging and plan tasks

4.3 Payment and Transaction Processing

• Process payments for subscriptions, products, and services
• Process platform subscription fees for coaches (₹199 monthly fee with 28-day free trial)
• Verify payment proofs and transaction authenticity for all payment types
• Track coach platform subscription status (trial, active, expired, suspended)
• Send notifications about platform subscription expiry and payment reminders
• Apply discount vouchers and calculate pricing
• Manage subscription billing cycles and renewals
• Handle refunds and payment disputes
• Maintain transaction records for accounting and legal purposes

4.4 Communication and Notifications

• Send transactional emails and notifications about your account
• Notify you about order updates, subscription changes, and plan approvals
• Send system notifications about platform updates or important changes
• Respond to your inquiries, support requests, and feedback
• Send promotional communications about new features or services (with your consent)

4.5 Platform Improvement and Analytics

• Analyze usage patterns to improve user experience and platform performance
• Identify and fix technical issues, bugs, and errors
• Conduct research and development for new features
• Generate aggregated statistics and insights for business intelligence
• Optimize platform security and prevent fraud

4.6 Security and Fraud Prevention

• Detect, prevent, and investigate fraud, abuse, and security incidents
• Implement rate limiting to prevent spam and automated attacks
• Monitor for suspicious activities and unauthorized access attempts
• Enforce our Terms of Service and other policies
• Protect the rights, property, and safety of FitCoach, our users, and the public

4.7 Legal Compliance and Protection

• Comply with applicable laws, regulations, and legal processes
• Respond to lawful requests from government authorities
• Enforce our legal rights and defend against legal claims
• Maintain records required by law for tax, accounting, and regulatory purposes

4.8 Business Operations

• Provide administrative dashboards for coaches and admins
• Generate reports on platform performance, user statistics, and business metrics
• Facilitate business analysis and strategic planning
• Support potential business transitions, including mergers or acquisitions

For users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with similar data protection laws, we process your personal data based on the following legal grounds:

5.1 Contractual Necessity

Processing is necessary to perform our contract with you and provide the Service you requested, including:

• Account creation and management
• Coaching services delivery
• Subscription and order processing
• Client-coach matching and communication

5.2 Legitimate Interests

Processing is necessary for our legitimate business interests, such as:

• Improving and developing our Service
• Analyzing usage patterns and platform performance
• Fraud prevention and security
• Direct marketing (where not requiring consent)
• Business intelligence and strategic planning

5.3 Consent

Where required by law, we obtain your explicit consent before processing, including:

• Processing sensitive health data beyond what's necessary for service delivery
• Sending marketing communications
• Using non-essential cookies and tracking technologies
• Sharing data with third parties for marketing purposes

5.4 Legal Obligations

Processing is necessary to comply with legal obligations, such as:

• Tax and accounting record-keeping
• Responding to lawful requests from authorities
• Regulatory compliance requirements

5.5 Vital Interests

In rare cases, processing may be necessary to protect the vital interests of you or another person, such as in medical emergencies.

IMPORTANT: We do not sell, rent, or trade your personal information to third parties for commercial purposes. We do not engage in data brokerage or sell user data to advertisers, marketers, or any other third parties. We may share your information only in the following limited circumstances:

6.1 Within the Platform

• Client-Coach Relationship: Clients' health data, progress logs, and subscription information are shared with their assigned coach to enable coaching services
• Public Coach Profiles: Coach professional information, specialization, experience, portfolio images, and reviews are publicly visible to help clients find coaches
• Administrators: Platform administrators can access user data as necessary for platform management, support, and compliance purposes

6.2 Service Providers and Partners

• Cloud Storage: Cloudinary stores and delivers images (avatars, progress photos, product images, coach portfolios) on our behalf
• Database Hosting: MongoDB hosts our database infrastructure
• Email Services: Email service providers send transactional and notification emails
• Analytics Providers: We may use analytics services to understand platform usage (data is anonymized where possible)
• Payment Processors: Secure payment processors handle payment transactions (we do not receive full payment card details)

All service providers are contractually obligated to protect your data and use it only for the purposes we specify. We do not permit service providers to sell or use your data for their own commercial purposes.

6.3 Legal Requirements and Protection

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service and other agreements
• Protect the rights, property, or safety of FitCoach, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Investigate potential violations of our policies

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal information may be transferred as part of the business transaction. We will notify you via email and/or prominent notice on our Service of any change in ownership or use of your personal information, as well as any choices you may have regarding your information.

6.5 Aggregated or Anonymized Data

We may share aggregated or anonymized data that cannot reasonably be used to identify you. This includes statistical information about platform usage, trends, and demographics for business analysis, research, or marketing purposes.

6.6 With Your Consent

We may share your information with third parties when we have your explicit consent to do so.

We implement comprehensive security measures to protect your personal information:

7.1 Technical Security Measures

• Encryption: All data transmitted between your device and our servers is encrypted using industry-standard TLS/SSL protocols (HTTPS)
• Password Security: Passwords are hashed using bcrypt with a minimum of 10 salt rounds before storage; we never store passwords in plain text
• Authentication Tokens: We use JWT (JSON Web Tokens) with short expiration times (15 minutes for access tokens) and secure refresh token rotation
• HTTP-Only Cookies: Authentication cookies are HTTP-only, preventing JavaScript access and mitigating XSS attacks
• HTTPS Enforcement: All production traffic is served over HTTPS only

7.2 Application Security

• Input Validation: All user inputs are validated using Joi schemas to prevent malicious data entry
• Sanitization: User-provided data is sanitized to prevent XSS (Cross-Site Scripting) and NoSQL injection attacks
• Rate Limiting: We implement rate limiting to prevent brute-force attacks, spam, and abuse (100 requests per 15 minutes for general API, 50 attempts per 10 minutes for authentication)
• CSRF Protection: Critical operations require authorization headers that cannot be automatically included in cross-site requests
• Security Headers: We implement Helmet.js for security headers including Content Security Policy, X-Frame-Options, and referrer policies

7.3 Access Controls

• Role-Based Access: Users can only access data appropriate to their role (client, coach, or admin)
• Data Isolation: Coaches can only access data for their assigned clients; clients can only access their own data
• Session Management: Secure session handling with refresh token rotation and multi-device logout capabilities
• Restricted Access: Access to sensitive data and administrative functions is strictly limited to authorized personnel

7.4 Infrastructure Security

• Secure Database: MongoDB database is protected with authentication, network restrictions, and encryption at rest
• Cloud Storage: Cloudinary provides secure image storage with access controls and automatic metadata stripping
• Server Security: Servers are configured with security best practices, regular updates, and monitoring
• Environment Isolation: Production, staging, and development environments are strictly separated

7.5 Operational Security

• Regular Security Audits: We conduct periodic security reviews and vulnerability assessments
• Error Handling: Errors are logged securely without exposing sensitive information in production
• Monitoring: We monitor for suspicious activities, unauthorized access attempts, and security incidents
• Incident Response: We maintain an incident response plan for security breaches

7.6 Data Backup and Recovery

• Regular automated backups of all critical data
• Secure backup storage with encryption
• Disaster recovery procedures to minimize data loss
• Business continuity planning for service interruptions

7.7 Limitations

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data to the best of our ability. In the event of a data breach, we will notify affected users as required by applicable law.

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.1 Active Account Data

• Account Information: Retained for the duration of your active account
• Health and Progress Data: Retained to provide continuous coaching services and track long-term progress
• Coaching Plans and Subscriptions: Retained for the subscription period and for historical reference
• Orders and Transactions: Retained for accounting, tax, and legal compliance purposes (typically 7 years)

8.2 Closed Account Data

• When you close your account or request deletion, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, tax, audit, or fraud prevention purposes
• Some information may be retained in backup systems for up to 90 days before permanent deletion
• Transaction records may be retained longer for compliance with financial regulations

8.3 Authentication Data

• Access Tokens: Expire automatically after 15 minutes
• Refresh Tokens: Expire after 7 days or upon logout; immediately deleted upon logout
• Session Logs: Retained for 90 days for security monitoring

8.4 Communications and Support

• Customer Support Records: Retained for 3 years to improve service quality
• Feedback and Bug Reports: Retained for 2 years or until resolved
• Marketing Communications: Retained until you unsubscribe or for 2 years of inactivity

8.5 Legal and Compliance Data

• Data required for legal, regulatory, tax, or accounting purposes is retained for the period mandated by applicable law (typically 7-10 years for financial records)
• Data related to disputes, claims, or litigation is retained until the matter is fully resolved

8.6 Anonymized Data

We may retain anonymized or aggregated data indefinitely for analytics, research, and business intelligence purposes, as this data cannot be used to identify you personally.

You have various rights regarding your personal information, depending on your location:

9.1 Access and Portability

• Right to Access: You can request a copy of the personal information we hold about you
• Right to Data Portability: You can request your data in a structured, commonly used, machine-readable format
• How to Exercise: Log in to your account to view and download your data, or contact us at mail.fitcoach@gmail.com

9.2 Correction and Update

• Right to Rectification: You can correct inaccurate or incomplete personal information
• How to Exercise: Update your profile information directly in your account settings, or contact us for assistance

9.3 Deletion and Erasure

• Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal information
• Limitations: We may retain certain information where required by law or for legitimate business purposes (e.g., fraud prevention, legal compliance)
• How to Exercise: Contact us at mail.fitcoach@gmail.com with a deletion request; we will respond within 30 days

9.4 Restriction and Objection

• Right to Restrict Processing: You can request that we limit how we use your data
• Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes
• How to Exercise: Contact us at mail.fitcoach@gmail.com specifying your request

9.5 Consent Withdrawal

• Right to Withdraw Consent: Where we rely on consent, you can withdraw it at any time
• Effect: Withdrawal does not affect the lawfulness of processing before withdrawal
• How to Exercise: Update your preferences in account settings or contact us

9.6 Marketing Communications

• Opt-Out: You can unsubscribe from marketing emails using the unsubscribe link in any marketing email
• Transactional Emails: You cannot opt out of service-related emails (e.g., order confirmations, security alerts) while using the Service

9.7 Cookie Management

• Essential Cookies: Required for authentication and platform functionality; cannot be disabled while using the Service
• Analytics Cookies: Can be managed through browser settings
• Browser Controls: Most browsers allow you to refuse or delete cookies through settings

9.8 Account Deactivation

• You can deactivate your account, which will prevent login but retain your data for a period
• Contact us to permanently delete your account and data (subject to legal retention requirements)

9.9 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA:

• Right to Know: Request disclosure of personal information collected, used, and shared
• Right to Delete: Request deletion of personal information (subject to exceptions)
• Right to Opt-Out: Opt out of the "sale" of personal information (note: we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights
• Authorized Agents: You may designate an authorized agent to make requests on your behalf

9.10 EEA and UK Rights (GDPR)

If you are in the EEA or UK, you have rights under GDPR including:

• Right to lodge a complaint with your local supervisory authority
• Right to an explanation of automated decision-making (if applicable)
• Right to restrict processing during disputes

9.11 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: mail.fitcoach@gmail.com
• Subject Line: "Privacy Rights Request"
• Include: Your full name, email address, account details, and specific request

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request to protect your personal information.

10.1 What Are Cookies

Cookies are small text files stored on your device when you visit our Service. We use cookies and similar technologies to enhance your experience, maintain sessions, and analyze usage.

10.2 Types of Cookies We Use

Essential Cookies (Required)

• Authentication Cookies: HTTP-only refresh token cookie that maintains your login session (expires after 7 days or on logout)
• Security Cookies: Used to detect and prevent security risks
• Purpose: These cookies are necessary for the Service to function and cannot be disabled

Functional Cookies

• Preference Cookies: Remember your settings and preferences
• Purpose: Enhance your user experience by remembering your choices

Analytics Cookies (Optional)

• Usage Analytics: Help us understand how users interact with our Service
• Performance Monitoring: Identify technical issues and optimize performance
• Purpose: Improve our Service and user experience

10.3 Cookie Attributes

• HttpOnly: Authentication cookies are HTTP-only, preventing JavaScript access and protecting against XSS attacks
• Secure: In production, cookies are only transmitted over HTTPS
• SameSite: Set to 'Lax' in development and 'None' (with Secure) in production for cross-origin requests

10.4 Session Storage and Local Storage

• We may use browser storage (localStorage or sessionStorage) for temporary data and application state
• No sensitive personal information or authentication credentials are stored in browser storage
• This data is stored locally on your device and is not transmitted to our servers automatically

10.5 Third-Party Cookies

• Cloudinary: May set cookies for image delivery optimization
• Analytics Services: May use cookies to track aggregated usage (if implemented)
• We do not control third-party cookies and recommend reviewing their privacy policies

10.6 Managing Cookies

• Browser Settings: You can configure your browser to refuse all cookies or alert you when cookies are being sent
• Impact: Disabling essential cookies will prevent you from using certain features or may prevent login
• Browser Help: Consult your browser's help documentation for specific instructions

10.7 Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. Currently, there is no industry consensus on how to respond to DNT signals. We do not currently respond to DNT browser signals but will update this policy if standards emerge.

11.1 Data Location

Your personal information may be transferred to, stored, and processed in countries other than your country of residence. These countries may have data protection laws that differ from the laws of your country.

11.2 Cloud Infrastructure

• Database: MongoDB Atlas may store data in various global regions
• Image Storage: Cloudinary uses a global CDN for image delivery and storage
• Application Servers: Hosted in data centers that may be located in different countries

11.3 Safeguards for International Transfers

• We ensure that all international data transfers are protected by appropriate safeguards, including:
  • Standard contractual clauses approved by relevant authorities
  • Adequacy decisions recognizing equivalent data protection
  • Binding corporate rules for service providers
  • Compliance with Privacy Shield principles (where applicable)

11.4 EEA and UK Users

For users in the European Economic Area (EEA) or United Kingdom, we take additional measures to ensure your data receives an equivalent level of protection when transferred outside the EEA/UK. You may contact us to obtain more information about the specific mechanism used for your data transfers.

12.1 Age Requirements

Our Service is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children under these age limits.

12.2 Parental Consent

• Users between ages 13-18 (or 16-18 in the EEA) should use our Service only with parental or guardian consent
• Parents or guardians should supervise minors' use of the Service and their submission of personal information

12.3 Discovery of Children's Data

If we discover that we have collected personal information from a child under the applicable age limit without proper consent, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child improperly, please contact us immediately at mail.fitcoach@gmail.com.

12.4 COPPA Compliance

For users in the United States, we comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect, use, or disclose personal information from children under 13 without verifiable parental consent.

13.1 Third-Party Services We Use

• Cloudinary: Image hosting, transformation, and CDN services (Privacy Policy)
• MongoDB Atlas: Database hosting and management (Privacy Policy)
• Email Service Providers: Transactional email delivery
• Payment Processors: Secure payment processing (if integrated)

13.2 Third-Party Links

• Our Service may contain links to third-party websites, including:
  • Coach social media profiles (Instagram, Facebook, Twitter, LinkedIn, YouTube)
  • Coach personal websites
  • External resources and references
• We are not responsible for the privacy practices of third-party websites
• We encourage you to review the privacy policies of any third-party sites you visit

13.3 Social Media Integration

• Coaches may display links to their social media profiles
• Clicking these links may allow those social networks to collect information about you
• We do not control what data social networks collect when you visit their sites

13.4 Our Responsibility

FitCoach is not responsible for the content, privacy policies, or practices of third-party websites or services. Your interactions with third parties are governed solely by their terms and privacy policies.

14.1 Updates and Modifications

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Update the "Last Updated" date at the top of this policy
• Post the revised policy on this page
• Notify you of material changes through email or prominent notice on our Service

14.2 Material Changes

For material changes that significantly affect your rights or how we use your personal information, we will:

• Provide at least 30 days' advance notice
• Seek your consent if required by law
• Provide clear information about the nature of the changes

14.3 Your Acceptance

• Continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy
• If you do not agree with changes, you should discontinue use and may request deletion of your account

14.4 Review Responsibility

We encourage you to periodically review this Privacy Policy to stay informed about how we protect your information.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

15.1 General Inquiries

• Email: mail.fitcoach@gmail.com
• Subject Line: "Privacy Policy Inquiry"
• Response Time: We will respond to all inquiries within 5-7 business days

15.2 Privacy Rights Requests

• Email: mail.fitcoach@gmail.com
• Subject Line: "Privacy Rights Request"
• Include: Full name, email address, account details, specific request, and identity verification information
• Response Time: Within 30 days (or as required by applicable law)

15.3 Data Protection Officer

For users in the EEA, UK, or other jurisdictions requiring a Data Protection Officer (DPO), please direct inquiries to mail.fitcoach@gmail.com with "DPO" in the subject line.

15.4 Supervisory Authority

If you are located in the EEA or UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

15.5 Security Concerns

If you discover a security vulnerability or have security concerns, please email us immediately at mail.fitcoach@gmail.com with "Security Issue" in the subject line.

16.1 California Residents (CCPA/CPRA)

Shine the Light Law: California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

Categories of Information: We collect the categories of personal information described in Section 2 of this policy.

No Sale of Data: We do not sell personal information as defined by California law.

16.2 Nevada Residents

Nevada residents may opt out of the "sale" of personal information. We do not sell personal information as defined under Nevada law. If you have questions, contact us at mail.fitcoach@gmail.com.

16.3 European Economic Area (EEA) and UK

• Legal Basis: See Section 5 for detailed information on our legal basis for processing
• Your Rights: See Section 9 for comprehensive information on your GDPR rights
• Data Controller: FitCoach acts as the data controller for personal information processed through the Service
• International Transfers: See Section 11 for information on international data transfers

16.4 Australia

Australian users have rights under the Privacy Act 1988. You can access and correct your personal information, make complaints, and request information about our privacy practices by contacting us.

16.5 India - Primary Jurisdiction

FitCoach operates primarily under Indian jurisdiction and complies with Indian data protection laws.

• Given the nature of our health coaching services, we collect sensitive personal data as defined under Indian law (health information, biometric data). We implement reasonable security practices and procedures as required under the Information Technology Act, 2000 and the IT (Reasonable Security Practices) Rules, 2011
• We comply with the Consumer Protection Act, 2019 for consumer data rights
• Data may be stored with international cloud providers (MongoDB, Cloudinary) as permitted by Indian law
• Financial records are retained for 7 years in compliance with Indian tax and accounting regulations
• We do not sell or trade personal data to third parties for commercial purposes
• For data protection inquiries, contact us at mail.fitcoach@gmail.com

• "Personal Information" or "Personal Data": Information that identifies, relates to, describes, or could reasonably be linked to you
• "Processing": Any operation performed on personal data, including collection, storage, use, disclosure, or deletion
• "Service": The FitCoach platform, including website, applications, and all related services
• "User", "You", "Your": Any person who accesses or uses the Service
• "We", "Us", "Our": FitCoach and its affiliates
• "Coach": Certified health and fitness professionals using the platform to provide services
• "Client": Individuals using the platform to receive coaching services
• "Admin": Platform administrators with elevated privileges
• "Third Party": Any entity other than you or FitCoach

Thank you for trusting FitCoach with your health and wellness journey.

We are committed to protecting your privacy and providing a secure, transparent platform for your fitness goals.