Privacy Policy

1. Introduction

Burnbe ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and services (collectively, the "Service").

We adhere to the principles of the General Data Protection Regulation (GDPR) and are committed to ensuring the privacy and security of your personal data. By using the Service, you consent to the data practices described in this Privacy Policy.

2. Data Controller Information

Burnbe operates as the data controller for the personal information processed through our Service.

Contact Information:

3. Information We Collect

We collect several types of information from and about users of our Service:

3.1 Information You Provide to Us

  • Account Information: When you register for an account, we collect your name, email address, password, and account type (Gym, Trainer, or Client).
  • Profile Information: Information you provide in your user profile, such as profile pictures, biographical information, and professional qualifications (for Trainers).
  • Payment Information: When you subscribe to our paid services, we collect payment information, though payment card details are processed by Stripe, our secure payment processor, and are not stored on our servers.
  • Communications: Records of your communications with us, including support requests and feedback.

3.2 Information We Collect Through the Service

  • Fitness and Health Data: For Clients, this may include workout data, progress metrics, goals, and other fitness-related information shared with their Trainer or Gym.
  • Service Usage Data: Information about how you use the Service, including workout plans created, client engagement metrics, and feature usage statistics.

3.3 Information We Collect Automatically

  • Technical Information: IP address, device information, browser type and version, operating system, and other technical identifiers.
  • Usage Data: Information about your interactions with the Service, including pages visited, time spent, and actions taken.
  • Cookies and Similar Technologies: We use cookies and similar tracking technologies to collect information about your browsing activities. See our Cookie Policy section for more information.

4. How We Use Your Information

We use the information we collect for various purposes, including:

4.1 To Provide and Maintain the Service

  • Creating and managing your account
  • Processing transactions and subscriptions
  • Providing the core functionalities of the Service (workout planning, tracking, communication)
  • Responding to your requests and providing customer support

4.2 To Improve and Personalize the Service

  • Analyzing usage patterns to enhance user experience
  • Developing new features and functionalities
  • Personalizing content and recommendations

4.3 For Communication and Marketing

  • Sending service-related notifications
  • Providing updates about new features or services
  • Marketing communications (with your consent)

4.4 For Security and Legal Compliance

  • Protecting the security and integrity of the Service
  • Detecting and preventing fraudulent activities
  • Complying with legal obligations

5. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Performance of Contract: Processing necessary to provide the Service and fulfill our contractual obligations.
  • Legitimate Interests: Processing that serves our legitimate business interests, such as improving our Service, without overriding your rights and freedoms.
  • Consent: Processing based on your explicit consent, such as for marketing communications.
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations.

6. Data Storage and Transfer

6.1 Data Storage

Our Service is hosted on DigitalOcean in their Amsterdam data center, located in the European Union. All data, including personal information, is stored in this location.

6.2 Database Services

We use Supabase for database management, with data stored in their EU region. Supabase acts as a data processor on our behalf and has implemented appropriate safeguards to protect your data.

6.3 Payment Processing

We use Stripe for payment processing. When you provide payment information, you are providing it directly to Stripe, which operates in compliance with applicable data protection laws. Burnbe does not store your full payment card details.

6.4 International Data Transfers

We primarily process and store your data within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.

7. Data Retention

We retain your personal information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

  • Account Information: Retained while your account is active. After account closure, we retain limited information for legal and administrative purposes for up to 2 years.
  • Fitness and Health Data: Retained while the Client-Trainer relationship is active. Clients can request deletion at any time.
  • Payment Information: Transaction records are retained for accounting and tax purposes as required by law (typically 7 years).
  • Communications: Retained for 2 years after the last interaction.

8. Data Sharing and Disclosure

We may share your information in the following circumstances:

8.1 With Other Users

  • Client Information: Shared with the Gym or Trainer with whom the Client has established a relationship.
  • Trainer Information: Basic profile information is visible to Clients connected with the Trainer.

8.2 With Service Providers

We share information with third-party service providers who help us operate, provide, and improve the Service, including:

  • Stripe (payment processor)
  • Supabase (database and email services)
  • Analytics providers
  • Customer support services

These service providers are obligated to use your information only for the purposes of providing services to us and in compliance with applicable data protection laws.

8.3 For Legal Reasons

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders, government requests).

8.4 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will notify you of any such change and any choices you may have.

9. Your Data Protection Rights

Under GDPR and applicable data protection laws, you have certain rights regarding your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request that we correct inaccurate or incomplete information.
  • Right to Erasure: You can request that we delete your personal data under certain circumstances.
  • Right to Restriction of Processing: You can request that we restrict the processing of your data under certain circumstances.
  • Right to Data Portability: You can request to receive your data in a structured, commonly used, and machine-readable format.
  • Right to Object: You can object to the processing of your personal data under certain circumstances.
  • Right to Withdraw Consent: You can withdraw your consent at any time where we rely on consent to process your personal data.

To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encryption of sensitive data
  • Regular security assessments
  • Access controls and authentication
  • Regular backups
  • Staff training on data protection

While we take reasonable steps to secure your information, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

11. Cookies and Tracking Technologies

11.1 Cookies

We use cookies and similar tracking technologies to collect information about your browsing activities and to remember your preferences. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

11.2 Types of Cookies We Use

  • Essential Cookies: Necessary for the Service to function properly.
  • Preference Cookies: Remember your settings and preferences.
  • Analytics Cookies: Help us understand how visitors interact with the Service.
  • Marketing Cookies: Used to track visitors across websites to display relevant advertisements.

12. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us. If we learn that we have collected personal information from a child under 16, we will take steps to delete such information.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted.

14. Third-Party Links and Services

The Service may contain links to third-party websites or services that are not owned or controlled by Burnbe. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of any third-party websites or services that you visit.

15. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

16. Data Protection Authority

If you are a resident of the European Union and you believe we have not adequately resolved your data privacy concerns, you have the right to lodge a complaint with your local data protection authority.

Last updated: March 23, 2025