Privacy Policy

How FitTrybe collects, uses, and protects your personal data

Effective Date: 14 April 2025 · Version 1.0

1. Introduction

FitTrybe Ltd (“FitTrybe”, “we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the FitTrybe mobile application, website (fittrybe.co.uk), and related services (the “Platform”).

This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read it carefully. By using the Platform, you acknowledge that you have read and understood this policy.

2. Who We Are (Data Controller)

FitTrybe Ltd is the data controller for personal data collected through the Platform. Our registered address is Redhill, Surrey, United Kingdom. If you have any questions or concerns about how we handle your data, please contact us at legal@fittrybe.co.uk.

3. Data We Collect

3.1 Information You Provide Directly

  • Account registration data: name, email address, phone number, profile photo;
  • Identity verification information (for Hosts using Stripe Connect): date of birth, bank account details, government-issued ID — collected and held by Stripe, not by FitTrybe;
  • Session details created by Hosts: sport type, venue, time, pricing, description;
  • Payment information: processed exclusively by Stripe — FitTrybe does not store full card numbers;
  • Communications: messages sent via in-app chat, support emails;
  • User-generated content: ratings, reviews, stories, and profile content.

3.2 Information Collected Automatically

  • Device information: device type, operating system, app version;
  • Usage data: session interactions, features accessed, click patterns, crash reports;
  • Location data: approximate location (used to surface nearby sessions) — we do not continuously track your location;
  • Push notification tokens (via Firebase Cloud Messaging);
  • IP address and log data.

3.3 Information from Third Parties

  • Stripe: payment transaction status, Connect account status;
  • Supabase: authentication tokens and database events;
  • Firebase: push notification delivery data.

4. How and Why We Use Your Data

We process your personal data on the following legal bases under UK GDPR:

4.1 Performance of a Contract (Article 6(1)(b))

  • Creating and managing your account;
  • Facilitating session bookings and payments;
  • Processing refunds and cancellations;
  • Enabling communications between Hosts and Players;
  • Sending transactional push notifications (session reminders, booking confirmations).

4.2 Legitimate Interests (Article 6(1)(f))

  • Improving the Platform through usage analytics;
  • Detecting and preventing fraud, abuse, and violations of our Terms;
  • Sending non-marketing service updates and safety notices;
  • Calculating Host reliability scores and session quality ratings;
  • Maintaining platform security and integrity.

4.3 Consent (Article 6(1)(a))

  • Marketing communications (where you have opted in);
  • Non-essential analytics or tracking (where applicable).

You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

4.4 Legal Obligation (Article 6(1)(c))

  • Complying with applicable laws, regulations, and lawful requests from authorities.

5. Sharing Your Data

We do not sell your personal data. We may share it with:

  • Stripe — for payment processing, Connect onboarding, and payout management. Stripe’s privacy policy applies to data they hold: stripe.com/gb/privacy;
  • Supabase — our database and authentication infrastructure provider. Data is processed under Data Processing Agreements in accordance with UK GDPR;
  • Firebase (Google) — for push notification delivery via Firebase Cloud Messaging;
  • Other users — limited profile information (display name, photo) is visible to other users as necessary for the Platform to function;
  • Legal and regulatory authorities — where required by law or to protect the rights, safety, or property of FitTrybe or others;
  • Professional advisers — lawyers, accountants, and auditors acting under confidentiality obligations.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Platform’s services, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Account data: retained while your account is active and for up to 2 years after deletion;
  • Transaction records: retained for 7 years in line with UK financial record-keeping requirements;
  • Chat messages: retained for up to 12 months unless flagged for investigation;
  • Device/analytics data: anonymised or deleted within 12 months.

You may request deletion of your data at any time (subject to legal retention obligations). See Section 8 for how to exercise your rights.

7. International Transfers

Our infrastructure providers (including Supabase and Firebase/Google) may process data in countries outside the UK. Where data is transferred outside the UK, we ensure it is protected by appropriate safeguards — such as the UK International Data Transfer Agreements (IDTAs) or equivalent adequacy measures — in accordance with UK GDPR Chapter V.

8. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of access: to obtain a copy of the personal data we hold about you;
  • Right to rectification: to correct inaccurate or incomplete data;
  • Right to erasure: to request deletion of your data in certain circumstances;
  • Right to restrict processing: to limit how we use your data in certain circumstances;
  • Right to data portability: to receive your data in a structured, machine-readable format;
  • Right to object: to object to processing based on legitimate interests or for direct marketing;
  • Rights in relation to automated decision-making: not to be subject to solely automated decisions that significantly affect you.

To exercise any of these rights, please contact us at legal@fittrybe.co.uk. We will respond within one calendar month. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.

9. Security

We implement industry-standard technical and organisational security measures to protect your data against unauthorised access, disclosure, alteration, or destruction. These measures include encrypted data storage and transmission (TLS), row-level security on our database, access controls, and regular security reviews.

While we take data security seriously, no system is completely secure. You should ensure your device and account credentials are kept safe. Please notify us immediately if you suspect any security breach involving your account.

10. Children’s Privacy

The Platform is intended for users aged 18 and over. We do not knowingly collect personal data from individuals under 18. If you believe we have inadvertently collected data from a minor, please contact us at legal@fittrybe.co.uk and we will delete it promptly.

11. Cookies and Tracking

The FitTrybe mobile app does not use browser cookies. Our website (fittrybe.co.uk) may use cookies and similar technologies for analytics and performance purposes. A separate Cookie Policy will be made available on the website. You can manage your cookie preferences through your browser settings.

12. Push Notifications

We use Firebase Cloud Messaging (FCM) to deliver push notifications to your device. Your device push token is stored securely and used solely for delivering Platform notifications. You can disable push notifications at any time through your device settings or within the FitTrybe app.

13. Links to Third-Party Sites

The Platform may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notification or email. The updated policy will display a revised effective date. Your continued use of the Platform after changes are made constitutes your acceptance of the updated policy.

15. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Email: legal@fittrybe.co.uk
Post: FitTrybe Ltd, Redhill, Surrey, United Kingdom
Website: fittrybe.co.uk

For UK GDPR-related enquiries or to make a formal data subject request, please write to us at the above email address and mark your message “Data Subject Request”.