Privacy Policy

Privacy Policy

Effective Date: July 1, 2025

1. Introduction

Elite You ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our fitness tracking and coaching platform located at www.eliteyou.app (the "Service").

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide to Us

We collect information you provide directly to us, including:

  • Account Information: Name, email address, password, and profile information
  • Fitness Data: Training goals, preferences, and fitness-related information
  • Coach Applications: Qualifications, experience, bio, and profile pictures (for coach applicants)
  • Communication: Messages sent through our platform and support requests
  • Payment Information: Payment method details (processed securely by our payment providers)

2.2 Information We Collect Automatically

When you use our Service, we automatically collect:

  • Usage Data: How you interact with our Service, features used, and pages visited
  • Device Information: Device type, operating system, browser type, and IP address
  • Location Data: General location information (city/country level) for service optimization
  • Cookies and Similar Technologies: Information stored on your device to enhance your experience

2.3 Information from Third Parties

We may receive information from:

  • Strava: Activity data, profile information, and fitness metrics (with your consent)
  • Google Analytics: Website usage statistics and user behavior data
  • Payment Processors: Payment confirmation and transaction details

3. How We Use Your Information

We use the information we collect to:

3.1 Provide and Improve Our Service

  • Create and manage your account
  • Generate personalized AI training plans
  • Provide coaching services and facilitate coach-user connections
  • Process payments and manage subscriptions
  • Send service-related communications (account updates, security alerts)

3.2 Personalize Your Experience

  • Customize training recommendations based on your fitness data
  • Improve our AI algorithms for better training plan generation
  • Provide relevant content and features

3.3 Analytics and Research

  • Analyze usage patterns to improve our Service
  • Conduct research to enhance training plan effectiveness
  • Generate aggregated, anonymized statistics

3.4 Marketing Communications

  • Send promotional emails about new features and services (with your consent)
  • Provide updates about Elite You news and events
  • You can opt out of marketing communications at any time

3.5 Legal and Security Purposes

  • Comply with legal obligations
  • Protect against fraud and security threats
  • Enforce our Terms of Service
  • Respond to legal requests and investigations

4. Information Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4.2 Service Providers

We may share your information with trusted service providers who assist us in operating our Service:

  • Google Cloud Platform (GCP): Data hosting and storage (USA)
  • Brevo: Email services and communications
  • Paystack: Payment processing for traditional payments
  • Arrel: Cryptocurrency payment processing
  • OpenAI: AI training plan generation
  • Google Analytics: Website analytics and user behavior tracking

4.3 Coach Services

When you interact with coaches through our platform:

  • Coaches can see your profile information and fitness data you choose to share
  • Messages between you and coaches are stored securely on our platform
  • We do not share your personal contact information with coaches

4.4 Legal Requirements

We may disclose your information if required by law or in response to:

  • Legal process or government requests
  • Protection of our rights, property, or safety
  • Investigation of potential violations of our Terms of Service

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, subject to the same privacy protections.

5. Data Retention

5.1 Retention Periods

We retain your information for the following periods:

  • Account Data: 5 years from your last activity or account deletion
  • Fitness Data: 5 years from your last activity
  • Communication Data: 3 years from the last interaction
  • Payment Data: 7 years (for tax and legal compliance)
  • Analytics Data: 2 years (aggregated and anonymized)

5.2 Account Deletion

When you delete your account:

  • Your personal information is immediately removed from active use
  • Data is retained for legal and regulatory purposes for the specified retention periods
  • You may request complete data deletion by contacting our support team

6. Data Security

6.1 Security Measures

We implement appropriate technical and organizational measures to protect your information:

  • Encryption: Data is encrypted in transit and at rest
  • Access Controls: Limited access to personal information on a need-to-know basis
  • Regular Security Audits: We conduct regular security assessments
  • Data Backup: Secure backup procedures with disaster recovery plans

6.2 Data Breach Response

In the unlikely event of a data breach, we will:

  • Notify affected users within 72 hours (as required by GDPR)
  • Take immediate steps to contain and remediate the breach
  • Cooperate with relevant authorities
  • Provide guidance on protective measures users can take

7. Your Rights and Choices

7.1 Access and Control

You have the following rights regarding your personal information:

  • Access: Request a copy of your personal information
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your personal information
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Limit how we process your information
  • Objection: Object to certain types of processing

7.2 Marketing Preferences

You can control marketing communications by:

  • Unsubscribing from marketing emails using the link in each email
  • Updating your preferences in your account settings
  • Contacting our support team

7.3 Cookies and Tracking

You can control cookies and tracking by:

  • Adjusting your browser settings
  • Using our cookie consent management tools
  • Opting out of Google Analytics tracking

8. International Data Transfers

8.1 Data Location

Your data is primarily stored in the United States (Google Cloud Platform) and may be processed in other countries where our service providers operate.

8.2 Adequacy and Safeguards

For international transfers, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) for GDPR compliance
  • Adequacy decisions where applicable
  • Other appropriate safeguards as required by law

9. Children's Privacy

9.1 Age Requirements

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

9.2 Parental Consent

If you are under 18, you represent that your parent or legal guardian has reviewed and agreed to this Privacy Policy on your behalf.

10. Third-Party Services

10.1 External Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites.

10.2 Third-Party Integrations

When you use third-party integrations (like Strava):

  • You authorize us to access and process data from these services
  • The third-party's privacy policy also applies to your data
  • You can revoke access at any time through your account settings

11. Changes to This Privacy Policy

11.1 Updates

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on our Service
  • Sending email notifications to registered users
  • Displaying prominent notices on our Service

11.2 Continued Use

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

12. Legal Basis for Processing (GDPR)

12.1 Legal Grounds

We process your personal information based on the following legal grounds:

  • Consent: For marketing communications and optional features
  • Contract Performance: To provide our services and fulfill our obligations
  • Legitimate Interest: For service improvement, security, and fraud prevention
  • Legal Obligation: To comply with applicable laws and regulations

12.2 Your Rights Under GDPR

If you are in the European Union, you have additional rights under GDPR:

  • Right to lodge a complaint with a supervisory authority
  • Right to withdraw consent at any time
  • Right to data portability
  • Right to be forgotten (subject to legal requirements)

13. South African Privacy Law (POPI Act)

13.1 POPI Act Compliance

We comply with the Protection of Personal Information Act (POPI Act) and:

  • Process personal information lawfully and reasonably
  • Collect information directly from you when possible
  • Use information for the purpose for which it was collected
  • Maintain data quality and security standards

13.2 Your Rights Under POPI Act

You have the right to:

  • Be notified when personal information is collected
  • Know why personal information is being collected
  • Access and correct your personal information
  • Object to the processing of your personal information
  • Lodge a complaint with the Information Regulator

14. Contact Information

14.1 Privacy Inquiries

For questions about this Privacy Policy or to exercise your rights, please contact us:

  • Email: support@eliteyou.app
  • Address: 26 Cotswold Drive, Westville, South Africa
  • Privacy Contact: CEO of Elite You

14.2 Data Protection Officer

For GDPR-related inquiries, you may also contact our Data Protection Officer at the same email address.

14.3 Response Times

We will respond to your privacy requests within:

  • General Inquiries: 30 days
  • Data Subject Requests (GDPR): 30 days
  • POPI Act Requests: 30 days
  • Data Breach Notifications: 72 hours (GDPR requirement)

15. Definitions

  • Personal Information: Any information that identifies or can be used to identify an individual
  • Processing: Any operation performed on personal information
  • Data Controller: Elite You, responsible for determining how and why personal information is processed
  • Data Processor: Third-party service providers who process data on our behalf
  • Data Subject: The individual whose personal information is being processed

By using the Elite You Service, you acknowledge that you have read, understood, and agree to this Privacy Policy.