Privacy
How Stay Fit Handles Your Data
A plain-language GDPR privacy notice for the Stay Fit sandbox. Business and privacy-contact details must be completed and professionally reviewed before live launch.
Draft for sandbox testing
Stay Fit is currently testing with Stripe sandbox payments. This notice describes the implemented data flow but is not a substitute for Dutch legal advice.
Data Stay Fit Uses
Account and profile data includes your name, email address, postal address, membership status, selected weekly gym target, attendance, points, warnings, comments, progress posts, and information you submit to use the service. Stripe handles payment-card details; Stay Fit stores Stripe customer, subscription, and status references rather than full card details.
Photos And Fitness Content
Meal photos, optional gym proof, captions, and community content are used for accountability and member support. Do not upload medical documents or information about other people. Fitness content may be sensitive, so access should remain limited to authenticated members and authorized administration.
Purposes And Legal Grounds
Account, membership, program, and payment-status data is used to provide the membership contract. Security, fraud prevention, moderation, and service reliability are handled for Stay Fit's legitimate operational interests. Records required by tax, accounting, or consumer law are kept to meet legal obligations. Any optional processing that legally requires consent will be presented separately.
Photo Retention
Members see meal photos from the latest 7 days. Admin review is performed weekly. Meal-photo files, their meal-photo database records, and connected comments are automatically deleted after 30 days. Non-photo discipline-point history may remain. Other personal data is kept only while needed for the membership, legal duties, disputes, security, or valid recordkeeping.
Service Providers And Security
Supabase provides authentication, database, and file storage. Stripe provides checkout, subscriptions, invoices, and billing management. Vercel hosts the web application. These providers process data to operate Stay Fit. Secrets are kept in protected server environments, and member/admin routes use authentication and access controls.
Your Privacy Rights
Depending on applicable law, you may request access, correction, deletion, restriction, portability, or object to certain processing. You may also complain to the Dutch Autoriteit Persoonsgegevens. Identity verification may be required before a request is completed. A working privacy contact and registered-business details must be published before live launch.