NeoFit/

Privacy Policy

Last updated: September 13, 2025

NeoFit ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the NeoFit platform.

We comply with the EU General Data Protection Regulation (GDPR) and applicable Romanian and EU laws.

1. Controller & Contact Information

NeoFit is operated by:

NEORIMIA S.R.L.

Business Address: Jud. Vrancea, Municipiul Focşani, Bulevardul DIMITRIE CANTEMIR, Nr. 3, Bl. P, Scara 1, Ap. B16

Business Registration Number: 51196719 from: 30.01.2025

Email: privacy@neofit.io

  • For Trainers/Gyms: You act as the data controller for your clients' data. NeoFit acts as your data processor.
  • For Clients: Your trainer is your primary data controller. NeoFit processes data on their behalf.

2. Data We Collect

We may collect the following categories of data:

a) Trainer & Gym Data

  • Name, email, phone number, business information
  • Payment details (processed via secure third-party providers)
  • Login credentials (encrypted)

b) Client Data (via intake forms)

  • Contact details (name, email, phone)
  • Fitness-related information (goals, training preferences, PAR-Q answers)
  • Sensitive health-related data (e.g., past injuries, conditions) – only with explicit consent

c) Technical Data

  • Device/browser information, IP address, log data
  • Usage statistics and performance analytics

3. Purposes of Processing

We process data to:

  • Provide and improve NeoFit services
  • Automate onboarding and scheduling workflows
  • Enable trainers to manage client relationships
  • Send service-related communications (email, reminders, WhatsApp if opted-in)
  • Ensure security and prevent misuse of the platform

We never sell personal data to third parties.

4. Legal Basis for Processing

Processing is based on:

  • Contract performance (Art. 6(1)(b) GDPR): providing the service to trainers/gyms.
  • Consent (Art. 6(1)(a), Art. 9(2)(a) GDPR): for processing sensitive health data and communications.
  • Legitimate interest (Art. 6(1)(f) GDPR): platform security, service improvements.
  • Legal obligation (Art. 6(1)(c) GDPR): compliance with tax/accounting laws.

5. Data Sharing & Recipients

We may share data with trusted third-party providers:

  • Hosting & Database: Neon (Postgres), Vercel
  • Automation: n8n Cloud
  • AI Services: OpenAI (client assessment processing)
  • Media Storage: Cloudinary
  • Communications: Resend (email), Twilio/WhatsApp Business API
  • Payments: Stripe or equivalent

All third parties are bound by Data Processing Agreements (DPAs).

6. International Data Transfers

Some providers (e.g., OpenAI, Resend, Twilio) may process data outside the EU.

  • Transfers are protected by Standard Contractual Clauses (SCCs) and GDPR safeguards.
  • We ensure appropriate contractual and technical protections.

7. Data Retention

  • Trainers/Gyms: Account data is retained as long as your subscription is active.
  • Clients: Data is retained as long as required by your trainer or until deletion is requested.
  • Backups may persist for up to 30 days after deletion.

8. Data Subject Rights

Under GDPR, you have the right to:

  • Access your data (Art. 15)
  • Rectify incorrect data (Art. 16)
  • Erase data ("Right to be forgotten", Art. 17)
  • Restrict processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw consent at any time (Art. 7)

Requests can be sent to privacy@neofit.io. We will respond within 30 days.

9. Security Measures

We apply technical and organizational measures:

  • Encryption at rest and in transit
  • Role-based access control
  • Logging of trainer access to client data
  • Regular security audits and monitoring

10. AI Disclaimer

NeoFit uses AI to generate recommendations and assessments.

  • AI outputs are assistive only and must be reviewed by trainers.
  • NeoFit is not liable for medical or training outcomes based solely on AI suggestions.

11. Cookies & Tracking

  • NeoFit uses cookies for authentication, analytics, and performance.
  • Users can manage preferences via browser settings.
  • For more information, see our Cookie Policy.

12. Children's Privacy

  • NeoFit is not directed at children under 16.
  • If data is collected from minors, it must be with parental/guardian consent.

13. Changes to This Policy

We may update this Privacy Policy from time to time.

  • Material changes will be notified via email or in-app notice.
  • Continued use after updates constitutes acceptance.

14. Complaints

If you believe your rights are violated, you may:

  • Contact us at privacy@neofit.io
  • File a complaint with the Romanian Data Protection Authority (ANSPDCP) or your local EU DPA.