Trust, privacy and security

FitConnect Pro is a European platform for personal trainers and dietitians. We handle professional and client data with a privacy-by-design approach, EU data residency and GDPR compliance.

EU data residency

We host data on infrastructure located in the European Union. Our database, authentication and storage run on Supabase (EU region) and the app is served from Vercel. We do not sell personal data or use it for third-party advertising.

Subprocessors

These are the providers that process data on our behalf. Each is bound by a data processing agreement (DPA) and GDPR safeguards.

ProviderPurposeLocation
SupabaseDatabase, authentication and file storageEU
VercelApplication hosting and delivery (hosting/CDN)EU / global edge
Vercel AnalyticsAggregated, cookieless usage analyticsEU / global edge
Google AnalyticsSite usage analytics, only if you accept analytics cookiesEU / US (standard contractual clauses)
StripePayment processing (subscriptions and trainer–client payments via Stripe Connect)EU / US (standard contractual clauses)
ResendTransactional email delivery (notices and confirmations)EU / US (standard contractual clauses)
GoogleSign in with Google (OAuth), optionalEU / US (standard contractual clauses)

AI features are not active yet. When enabled, we will update this list with the corresponding AI provider before processing any data with it.

Security practices

  • Per-user and per-role data isolation via Row Level Security (RLS) on every database table.
  • Encryption in transit (HTTPS/TLS) and at rest at the database level.
  • Least-privilege principle: service keys are never exposed to the client browser.
  • Audit logging of sensitive actions (who did what and when).
  • Authentication managed with Supabase Auth and optional Sign in with Google, with role verification.
  • We never store card numbers: payments are processed by Stripe (PCI-DSS certified).

Your rights (GDPR)

As a data subject, you can exercise the following rights over your personal data at any time:

  • Access to your personal data.
  • Rectification of inaccurate data.
  • Erasure ("right to be forgotten").
  • Portability of your data in a structured format.
  • Restriction of and objection to processing.
  • Withdraw consent at any time.

Payment security

Payments are processed by Stripe, certified PCI-DSS Level 1. We never see or store full card details. For trainer-to-client payments we use Stripe Connect: the money goes to the professional's Stripe account.

Contact and Data Protection Officer

To exercise your rights or resolve any privacy question, email us at privacidad@fitconnect.pro. We respond within the time limits set by GDPR.

Legal information

Data controller: NEXUSVIBE SL (trading as FitConnect Pro), Tax ID (NIF) B70966650, registered office at C/Casas de Miravete No 22A, Planta 4, Oficina 4, 28031 Madrid, Spain. Registered in the Commercial Registry of Madrid, Volume 46502, Folio 135, Section 1, Sheet M-816510. Contact: gestion@nexusvibe.net.

FitConnect Pro operates under European Union and Spanish law. See also our Legal Notice, Privacy Policy, Terms and Cookies Policy.

Frequently asked questions

Where is my data hosted?
Your data is hosted on infrastructure located in the European Union (Supabase in an EU region and Vercel). It is not transferred outside the EEA except to subprocessors with GDPR safeguards via standard contractual clauses.
Is FitConnect Pro GDPR compliant?
Yes. We apply privacy by design, data minimization and data processing agreements (DPAs) with our subprocessors, and we support the rights of access, rectification, erasure and portability.
Who are the subprocessors?
We work with Supabase (database and authentication), Vercel (hosting), Stripe (payments), Resend (transactional email) and Google (optional sign-in). Each processes data only for the stated purpose.
Do you store my card details?
No. Payments are processed by Stripe, which is PCI-DSS certified. FitConnect Pro never sees or stores the full card number.
How do I exercise my GDPR rights?
Email privacidad@fitconnect.pro with your request (access, rectification, erasure, portability or objection). We will verify your identity and respond within the legal time limits.