Coding Warehouse Limited operates the FittBio platform at fittbio.com under the FittBio brand ("FittBio", "we", "us"). We are the data controller for the personal data described in this policy. You can reach us at privacy@fittbio.com. Registered office: 1007 London Road, Leigh-On-Sea, Essex SS9 3JY.
2. What we collect
Account data — name, email, and password hash, managed on our behalf by Clerk.
Profile content — anything you publish on your public link-in-bio page (display name, bio, links, photos, programmes).
Payment metadata — subscription status, customer ID, and last 4 digits of your card. Full card details are stored by Stripe, not by us.
Uploaded media — profile and programme files you upload, stored on Cloudflare R2.
Analytics events — page views, link clicks, and form submissions on your public profile. Visitor IP addresses are SHA-256 hashed before storage so individuals cannot be identified.
Lead form submissions — answers visitors give to forms you publish. You are the controller of this data; we process it on your behalf.
3. Lawful basis (UK GDPR)
Contract — we process account, profile, and payment data to provide the service you signed up for.
Legitimate interest — aggregated analytics so you can see how your profile performs.
Legal obligation — tax and accounting records related to subscription billing.
4. Sub-processors
We share data with the following third parties:
Clerk — authentication and account management
Stripe — subscription billing and Stripe Connect for trainer payouts
Cloudflare R2 — file storage for uploaded media
Resend — transactional email
Where these providers are based outside the UK or EEA, we rely on Standard Contractual Clauses or equivalent transfer mechanisms.
5. Your rights
Under UK GDPR you have the right to access, correct, delete, export, or restrict processing of your personal data. You can:
Delete your account from your dashboard settings — this removes your profile, links, programmes, uploads, and analytics data.
Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).
6. Retention
Active account data is retained while your account is open. After deletion, we keep billing records for 7 years to meet UK tax law. Analytics events older than 24 months are automatically purged.
7. Cookies
We use three categories of cookies and similar technologies. The analytics and advertising categories are strictly opt-in — nothing is set or loaded until you click "Accept" on the cookie banner.
Essential — session cookies set by Clerk to keep you logged in. Always active; necessary for the service. Lawful basis: contract and legitimate interest.
Analytics (first-party) — profile views, link clicks, and social clicks on public trainer pages. Visitor IP addresses are SHA-256 hashed before storage. Loaded only with your consent. Lawful basis: consent.
Advertising (Facebook Pixel) — used to measure the performance of our advertising and reach similar audiences. The pixel script is not loaded until you consent. If you revoke consent after accepting, refresh the page to fully unload the pixel. Lawful basis: consent.
You can change your preferences at any time using the Cookie Settings link in the page footer, or here:
8. Changes to this policy
We may update this policy from time to time. Material changes will be announced in-app or by email at least 14 days before they take effect.