Fitmore Privacy Policy

Fitmore B.V. (“Fitmore,” “we,” “us,” or “our”) is a technology company organized under the laws of the Netherlands, with its principal place of business in Amsterdam. We operate a fitness instructor marketplace platform (the “Platform”) available at fitmore.co, serving users in the United States, Canada (excluding Quebec), the Netherlands, the United Kingdom, Ireland, and Australia.

This Privacy Policy describes how we collect, use, disclose, and otherwise process your personal information in connection with your use of the Platform, and explains your rights and choices regarding your personal information.

We collect personal information in the following categories:

We use the personal information we collect for the following purposes:

• Platform Operations: Creating and managing accounts, facilitating connections between clients and instructors, processing bookings and payments.
• Communications: Sending transactional emails (account verification, booking confirmations, message notifications), Platform updates, browser push notifications (with your permission), and optional marketing communications.
• Service Improvement: Analyzing usage patterns, improving features, and enhancing user experience.
• Security and Fraud Prevention: Protecting against abuse, verifying identities, and maintaining Platform integrity.
• Advertising Measurement: Measuring the effectiveness of our advertising campaigns through Meta Pixel.
• Legal Compliance: Meeting regulatory requirements and responding to lawful requests from governmental authorities.

We process your personal information on the following legal bases:

• Contractual Necessity: Processing necessary to perform our contract with you (providing the Platform services).
• Legitimate Interests: Processing necessary for our legitimate business interests (security, fraud prevention, service improvement, and basic analytics), where those interests are not overridden by your rights.
• Consent: Processing based on your consent (marketing communications, optional cookies, precise geolocation). You may withdraw consent at any time.
• Legal Obligations: Processing necessary to comply with applicable laws and regulations.

We do not sell your personal information for monetary consideration. However, under California law (CCPA/CPRA), we may “share” limited data with advertising partners for cross-context behavioral advertising (see Section 10).

We use the following service providers to operate the Platform. Each provider processes data only according to our instructions and is contractually required to protect your information:

• Authentication: Clerk (user authentication and account management)
• Payments: Stripe (payment processing and subscription billing)
• Email Delivery: Resend (transactional and marketing emails)
• File Storage: UploadThing (profile photos, videos, and message attachments)
• Real-Time Messaging: Pusher (instant message delivery, typing indicators, read receipts)
• Mapping Services: Mapbox (location search and display)
• Hosting: Vercel (website hosting)
• Database: Supabase (PostgreSQL database hosting)
• Caching: Upstash (Redis caching for performance)
• Analytics: Google Analytics 4 (Google LLC) — website usage and visitor behavior tracking
• Advertising Analytics: Meta Pixel (Meta Platforms, Inc.) — tracks page views and user actions to measure ad effectiveness. Data is hashed before transmission.

We may also disclose your information: (i) to comply with legal obligations; (ii) to protect and defend our rights or property; (iii) to prevent fraud or other illegal activity; (iv) to protect the personal safety of users or the public; or (v) in connection with a merger, acquisition, or sale of assets.

Essential Cookies: Required for Platform functionality (authentication, security, user preferences). These cannot be disabled.

Analytics Cookies: Google Analytics 4 collects anonymized usage data to help us understand how users interact with the Platform.

Advertising Cookies: Meta Pixel tracks conversions and user actions to measure advertising effectiveness.

Cookie Consent: For users in the European Union, we require explicit consent before loading non-essential cookies (analytics and advertising). For users in the United States, Canada, and Australia, analytics and advertising cookies load by default (opt-out model), but you may decline via our cookie banner or browser settings.

Global Privacy Control (GPC): We honor Global Privacy Control signals. If your browser sends a GPC signal, we will treat it as a valid opt-out request for the sale or sharing of your personal information.

We retain personal information only as long as necessary for the purposes described in this Privacy Policy or as required by law:

• Account Data: Retained while your account is active and for up to 90 days after account closure.
• Profile Information: Public profiles remain visible while accounts are active; deleted within 30 days of account closure.
• Messages and Attachments: Retained while the conversation exists; deleted within 30 days of both participants closing their accounts.
• Transaction Records: Retained for 7 years for tax and legal compliance.
• Marketing Preferences: Retained until you unsubscribe.
• Security Logs: Retained for up to 12 months (longer only if required for legal proceedings).

After account deletion, we may retain anonymized data for analytics and minimum necessary records for legal compliance.

As a company based in the Netherlands using global cloud providers, your data may be processed in the European Union and the United States. If you are located in Australia, you acknowledge and consent to this transfer of your personal information to the Netherlands and the United States, which may have different data protection laws than Australia.

Data Transfer Mechanisms: We transfer data to service providers in the United States relying on the EU-U.S. Data Privacy Framework (DPF) for certified vendors, or Standard Contractual Clauses (SCCs) for vendors not certified under the DPF. These mechanisms ensure your data remains protected to GDPR standards.

Depending on your location, you may have the following rights regarding your personal information:

• Right to Know/Access: Request information about the categories and specific pieces of personal information we have collected about you in the preceding 12 months.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Portability: Request a copy of your personal information in a portable, machine-readable format.
• Right to Opt-Out of Sale/Sharing: Direct us not to sell or share your personal information for cross-context behavioral advertising.
• Right to Limit Sensitive Information: Limit the use and disclosure of your sensitive personal information to what is necessary to provide the services.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

This section provides additional information for California residents pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, “CCPA”).