← Back to home

Privacy Policy

Last updated: 10 April 2026

1. Who we are

FittBio Ltd ("FittBio", "we", "us") operates the FittBio platform at fittbio.com. We are the data controller for the personal data described in this policy. You can reach us at privacy@fittbio.com. Registered office: [Registered office address].

2. What we collect

  • Account data — name, email, and password hash, managed on our behalf by Clerk.
  • Profile content — anything you publish on your public link-in-bio page (display name, bio, links, photos, programmes).
  • Payment metadata — subscription status, customer ID, and last 4 digits of your card. Full card details are stored by Stripe, not by us.
  • Uploaded media — profile and programme files you upload, stored on Cloudflare R2.
  • Analytics events — page views, link clicks, and form submissions on your public profile. Visitor IP addresses are SHA-256 hashed before storage so individuals cannot be identified.
  • Lead form submissions — answers visitors give to forms you publish. You are the controller of this data; we process it on your behalf.

3. Lawful basis (UK GDPR)

  • Contract — we process account, profile, and payment data to provide the service you signed up for.
  • Legitimate interest — aggregated analytics so you can see how your profile performs.
  • Legal obligation — tax and accounting records related to subscription billing.

4. Sub-processors

We share data with the following third parties:

  • Clerk — authentication and account management
  • Stripe — subscription billing and Stripe Connect for trainer payouts
  • Cloudflare R2 — file storage for uploaded media
  • Resend — transactional email

Where these providers are based outside the UK or EEA, we rely on Standard Contractual Clauses or equivalent transfer mechanisms.

5. Your rights

Under UK GDPR you have the right to access, correct, delete, export, or restrict processing of your personal data. You can:

  • Delete your account from your dashboard settings — this removes your profile, links, programmes, uploads, and analytics data.
  • Export your data by emailing privacy@fittbio.com.
  • Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).

6. Retention

Active account data is retained while your account is open. After deletion, we keep billing records for 7 years to meet UK tax law. Analytics events older than 24 months are automatically purged.

7. Cookies

We only use essential cookies — the session cookie set by Clerk to keep you logged in. We do not run third-party advertising or tracking cookies.

8. Changes to this policy

We may update this policy from time to time. Material changes will be announced in-app or by email at least 14 days before they take effect.