Privacy Policy
Last updated: 4 July 2026
NEXUSVIBE SL (trading as FitConnect Pro), with registered office at C/Casas de Miravete Nº 22A, Planta 4, Oficina 4, 28031 Madrid, Spain (NIF: B70966650), is the data controller responsible for your personal data. This policy explains how we collect, store, use and share your information when you use FitConnect Pro (https://fitconnect.pro), a SaaS platform that connects personal trainers, strength coaches and dietitians with their clients to manage training plans, nutrition plans, progress tracking, communication and payments. Please read it carefully, and pay particular attention to the section on health data.
Data controller
The data controller for the purposes of Regulation (EU) 2016/679 (GDPR) and the Spanish Organic Law 3/2018 on Personal Data Protection and Digital Rights (LOPD-GDD) is:
- ·Company name: NEXUSVIBE SL
- ·NIF: B70966650
- ·Registered office: C/Casas de Miravete Nº 22A, Planta 4, Oficina 4, 28031 Madrid, Spain
- ·Commercial Registry of Madrid, Volume 46502, Folio 135, Section 1, Sheet M-816510
- ·Privacy and data-protection email: privacidad@fitconnect.pro
- ·Company contact: gestion@nexusvibe.net
Personal data we collect
We collect information you provide directly, information generated automatically when you use the platform, and limited information from third parties. Depending on whether you are a trainer or a client, we process the following categories:
- ·Account data: first and last name, email address, password (encrypted), profile photo, role (trainer or client), language and timezone.
- ·Trainer profile data: public name, biography, speciality, qualifications and verification documents, services offered and pricing.
- ·Trainer-client relationship data: hires, the speciality of each trainer, the status of the relationship and assignments.
- ·Training data: training plans, exercises, sets, repetitions and session logs.
- ·Nutrition data: diet plans, planned meals, meal check-ins, meal photos and comments.
- ·Communication data: trainer-client chat messages and their attachments (photos, documents, videos and voice notes).
- ·Payment data: billing address and Stripe customer and payment-method identifiers. We never store full card numbers.
- ·Technical data: IP address, browser type, operating system, device identifiers and timezone.
- ·Usage data: pages visited, features used and activity frequency.
- ·Support data: emails, bug reports and feedback.
Health data (special categories)
FitConnect Pro processes special-category personal data within the meaning of Article 9 of the GDPR. Because of its nature, this data receives enhanced protection.
The legal basis for this processing is your EXPLICIT CONSENT (Art. 9(2)(a) GDPR), which you give separately and unambiguously before entering any health data. Without that consent we do not process this information.
This data is shared only with the trainer or trainers you have personally hired, and only to the extent necessary to provide your service. It is not shared with other clients or with trainers you have not hired.
Health data is stored encrypted and under strict access controls, so that only you and your hired trainers can access it. You can withdraw your consent and request its deletion at any time, without affecting the lawfulness of processing carried out before withdrawal.
- ·Physical activity readiness questionnaire (PAR-Q): injuries, chronic conditions, medications, pregnancy and postpartum.
- ·Progress photos uploaded by the client.
- ·Body measurements (weight, girths and body composition).
- ·Medical documents the client chooses to upload.
Purposes and legal bases for processing
We process your personal data for the following purposes, each supported by a GDPR legal basis:
- ·Service delivery (contract performance, Art. 6(1)(b)): create and manage your account, connect clients with trainers, deliver training and nutrition plans, enable chat and progress tracking.
- ·Payment processing (contract performance, Art. 6(1)(b)): handle client-to-trainer payments, trainer subscriptions and payouts through Stripe.
- ·Health data (explicit consent, Art. 9(2)(a)): process the PAR-Q questionnaire, progress photos, body measurements and medical documents to tailor your training and nutrition.
- ·Security and fraud prevention (legitimate interest, Art. 6(1)(f)): maintain platform security, detect abuse and ensure the integrity of the service.
- ·Service improvement and analytics (legitimate interest, or consent for analytics cookies, Art. 6(1)(f) / 6(1)(a)): understand how the platform is used and improve its features.
- ·Transactional communications (contract performance, Art. 6(1)(b)): send confirmations, receipts and operational notices.
- ·Compliance with legal obligations (Art. 6(1)(c)): tax, accounting and regulatory obligations under Spanish and EU law.
Processors and third parties
We do not sell your personal data. We share data with service providers (processors) only to the extent necessary to operate FitConnect Pro:
- ·Supabase: database, authentication and file storage. Data is hosted in EU data centers.
- ·Vercel: application hosting and edge layer; processes IP addresses and request metadata.
- ·Stripe (including Stripe Connect): processing of client-to-trainer payments, trainer subscriptions and payouts. Stripe acts as an independent controller for payment data. We never store full card numbers.
- ·Resend: transactional email delivery; receives email addresses and message content.
- ·Google Analytics: web analytics (usage data and cookies; requires your consent).
- ·OpenFoodFacts: barcode-based product macro lookup. Only the barcode number is sent; no personal data is transmitted.
- ·YouTube / Vimeo: trainer-provided embedded videos; may set third-party cookies on playback.
International data transfers
Some of our providers may be located outside the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure an adequate level of protection through:
- ·The EU-US Data Privacy Framework (for certified providers).
- ·Standard Contractual Clauses (SCCs) approved by the European Commission.
- ·European Commission adequacy decisions, where applicable.
Data retention
We retain your personal data only for as long as necessary to fulfil the purposes described in this policy, unless a longer period is required by law.
- ·Account data: while the account is active and for up to 3 years after deletion, unless a legal obligation requires otherwise.
- ·Health data (special categories): while you maintain your consent and your relationship with your trainer; deleted upon withdrawal of consent or on an erasure request, subject to any legal retention obligation.
- ·Financial and transaction data: 6 years, as required by Spanish tax law (Ley General Tributaria).
- ·Training, nutrition and chat data: while the trainer-client relationship exists and for a reasonable period afterwards needed to handle claims.
- ·Technical and usage data: up to 12 months, after which it is anonymized or deleted.
- ·Support communications: 2 years after the last interaction.
Your rights
Under the GDPR and LOPD-GDD, you have the following rights regarding your personal data:
- ·Right of access: obtain confirmation of whether we process your data and request a copy.
- ·Right to rectification: correct inaccurate or incomplete data.
- ·Right to erasure: request deletion of your data when it is no longer necessary or when you withdraw your consent.
- ·Right to data portability: receive your data in a structured, commonly used and machine-readable format.
- ·Right to object: object to processing based on legitimate interest.
- ·Right to restriction: request that we limit processing in certain circumstances.
- ·Right to withdraw consent: withdraw at any time any consent you have given, including the explicit consent for your health data, without retroactive effect.
- ·Right to lodge a complaint: file a complaint with the Spanish Data Protection Agency (AEPD, www.aepd.es).
How to exercise your rights
To exercise any of these rights, write to us at privacidad@fitconnect.pro. We will respond within one month as required by the GDPR, extendable under the terms provided by law.
If you believe your data-protection rights have been infringed, you may lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.
Security measures
We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), encryption and access control for health data, restricted access policies and secure infrastructure hosting.
No system is 100% secure. If we become aware of a data breach that poses a risk to your rights, we will notify the AEPD within 72 hours and inform affected individuals without undue delay.
Children
FitConnect Pro is not directed to individuals under 18 years of age, and we do not knowingly collect data from minors. If we discover that we have processed a minor's data without an appropriate legal basis, we will delete it promptly.
Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised version at https://fitconnect.pro with an updated date. Continued use of the service after changes constitutes acceptance of the updated policy.
Contact
NEXUSVIBE SL, C/Casas de Miravete Nº 22A, Planta 4, Oficina 4, 28031 Madrid, Spain.
Privacy and data protection: privacidad@fitconnect.pro · Company contact: gestion@nexusvibe.net · Support: support@fitconnect.pro.