1. Introduction
RugbyFit ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, how we protect it, and your rights regarding your data.
This policy applies to the RugbyFit mobile application (iOS and Android), our website, and related services.
2. Information We Collect
2.1 Account Information
When you create a RugbyFit account, we collect:
- Email address
- Display name
- Password (encrypted and never visible to our team)
- Profile photo (optional)
- Date of birth (if provided)
2.2 Training & Fitness Data
As you use RugbyFit, we collect:
- RF75 Challenge data: start date, current day, completion status, last check-in date
- Daily check-in responses: workout completion, breathwork practice, diet choices, water intake, alcohol consumption, self-learning time
- Progress photos: images you upload during daily check-ins
- Personal metrics: weight, fitness goals, health data you voluntarily enter
2.3 Payment Information
When you subscribe or purchase, we collect:
- Subscription plan selected (Clubhouse or StartUp)
- Payment history and billing status
- Stripe processes payment cards directly — we do not store card numbers or payment details
2.4 Device & Usage Information
We automatically collect:
- Device type and operating system
- App version
- Timezone and locale settings
- Firebase Cloud Messaging (FCM) token for push notifications
- Unique device identifier (for app analytics)
- How you interact with the app (button taps, page views, feature usage)
2.5 Communication Data
- Any messages you send us via support or feedback channels
- Opt-in push notification tokens (only if you grant permission)
3. How We Use Your Data
3.1 Core App Functionality
- Creating and managing your account
- Tracking your RF75 Challenge progress
- Storing and displaying your daily check-ins
- Processing your subscription or one-time purchase
- Sending push notifications (only if you've opted in)
3.2 Personalization
- Showing your progress stats and achievement badges
- Tailoring content recommendations based on your selected program
- Calculating your current day in the RF75 Challenge
3.3 Payment Processing
- Processing subscriptions via Stripe
- Managing billing and subscription renewals
- Preventing fraud and payment disputes
3.4 Analytics & Improvement
- Understanding which features are used most
- Identifying bugs and performance issues
- Making data-driven decisions about new features
- Improving app stability and user experience
3.5 Legal & Safety
- Complying with legal obligations
- Enforcing our Terms of Service
- Protecting against fraud or abuse
- Responding to law enforcement requests (if legally required)
3.6 Marketing (Only With Your Consent)
- Sending you occasional emails about new features (if you opt in)
- Notifying you about exclusive offers or challenges (if you opt in)
4. Data Retention
4.1 Account Data
- While active: We keep your account data as long as your account exists.
- After deletion: We retain your account data for 90 days to allow account recovery. After 90 days, all personal data is permanently deleted.
- Exception: We may retain aggregated, anonymized data indefinitely for analytics.
4.2 Daily Check-In Data
- While active: Stored in your account for as long as your account exists.
- After account deletion: Deleted within 90 days.
4.3 Payment Records
- Transaction history: Retained for 7 years for accounting and tax compliance (required by law).
- Stripe data: Stripe retains payment data according to their own Privacy Policy.
4.4 Push Notification Tokens
- Kept until you revoke notification permissions or delete your account.
- You can disable push notifications anytime in app settings.
4.5 Usage Analytics
- Anonymized usage data retained for 12 months, then automatically deleted.
5. Data Deletion & User Rights
5.1 How to Request Data Deletion
In-App Deletion:
- Open RugbyFit → Go to Profile → Settings
- Tap "Delete Account"
- Confirm the deletion request
Email Request:
- Email us at support@rugbyfit.online with the subject line "Data Deletion Request"
- Include your account email address and any relevant details
- We will respond within 30 days
5.2 What Gets Deleted
When you delete your account:
- Your email, name, and profile photo
- All daily check-in data
- Your RF75 Challenge progress
- All progress photos
- Your subscription status
5.3 What Is NOT Deleted
- Payment records (kept for 7 years for legal/tax reasons)
- Aggregated analytics (cannot identify you)
5.4 Your Other Rights (GDPR)
If you're in the EU or under GDPR, you have the right to:
- Access: Request a copy of all data we hold about you
- Correction: Ask us to fix inaccurate information
- Deletion: Request removal of your data (see Section 5.1)
- Portability: Request your data in a portable format (e.g., CSV)
- Opt-out: Unsubscribe from marketing emails anytime
To exercise these rights, email support@rugbyfit.online
6. Third-Party Services
6.1 Firebase (Google Cloud)
- What they handle: User authentication, database storage, file storage, cloud functions
- Data processed: Account info, training data, photos, analytics
- Location: Data may be processed in multiple regions; we use europe-west1 as default
- Privacy: Firebase Privacy Policy
6.2 Stripe
- What they handle: Payment processing and subscription billing
- Data processed: Billing address, subscription status, transaction history (NOT full card numbers)
- PCI Compliance: Stripe is PCI DSS Level 1 certified
- Privacy: Stripe Privacy Policy
6.3 RevenueCat
- What they handle: Subscription management and entitlements
- Data processed: Subscription status, purchase history, app store receipt validation
- Privacy: RevenueCat Privacy Policy
6.4 MailerLite
- What they handle: Optional email campaigns and newsletters
- Data processed: Email address (only if you opt in), email open/click data
- Privacy: MailerLite Privacy Policy
6.5 Google Analytics / Firebase Analytics
- What they handle: App usage analytics, crash reporting
- Data processed: Anonymized user behavior, device info, app performance metrics
- Privacy: Google Analytics Privacy Policy
6.6 Apple App Store & Google Play Store
- What they handle: App distribution, purchase processing, in-app subscriptions
- Data processed: App installation, update data, subscription status
- Privacy: Apple Privacy Policy | Google Privacy Policy
7. Data Security
7.1 How We Protect Your Data
- Encryption in Transit: All data uses industry-standard HTTPS encryption (TLS 1.2+)
- Encryption at Rest: Sensitive data is encrypted in our database. Firebase automatically encrypts data at rest.
- Access Controls: Only authorized RugbyFit team members can access user data. Access is logged and monitored.
- Password Security: Your password is hashed using industry-standard algorithms. We never store or view your password in plain text.
7.2 What We Cannot Guarantee
While we take security seriously, no system is 100% secure. We cannot guarantee protection against sophisticated attacks, a compromised personal device, or if you share your login credentials with others.
If you suspect a security breach, email support@rugbyfit.online immediately.
8. Contact Us
Email: support@rugbyfit.online
Mailing Address: RugbyFit · De Best Digital B.V. · Amsterdam, Netherlands
Data Protection: If you're in the EU, you may lodge a complaint with your local Data Protection Authority.
Response Time: We aim to respond to all privacy requests within 30 days.