Privacy Policy

1.1 Information You Provide

We collect information you voluntarily provide when using Forged Fitness:

Account Information (All Users):

• Full name, email address, phone number
• Password (stored in encrypted/hashed form)
• Profile photo and cover image
• Date of birth (must be 18+ to register)
• Timezone and location preferences

For Trainers:

• Professional certifications and credentials (title, issuer, year, proof documents)
• Business information (display name, headline, bio)
• Coaching experience and specialties
• Social media links (Instagram, YouTube, TikTok, LinkedIn, Facebook, website)
• Video introduction URL
• Bank account information for payouts (bank name, last 4 digits only)
• Client capacity and availability settings

For Clients:

• Fitness goals and personal goals
• Body measurements (height, weight, body fat percentage, waist, hips, chest, arms, thighs)
• Progress photos with captions and dates
• Personal struggles and challenges (optional, may include sensitive information)
• Gender and occupation
• Fitness level assessment

Health & Medical Information (Clients):

We may collect sensitive health information including:

• Medical conditions and health history
• Current medications
• Allergies
• Injuries (past and current)
• Emergency contact information (name and phone)
• Doctor approval status for exercise

Communications:

• Messages between Trainers and Clients (text and attachments)
• Support tickets and inquiries
• Feedback and reviews
• Video call recordings (when enabled)

Workout & Progress Data:

• Workout logs and exercise history
• Set completion data
• Meal plan adherence
• Progress milestones (3-month, 6-month, 12-month goals)
• Achievement and streak data

1.2 Information Collected Automatically

When you use Forged Fitness, we automatically collect:

• Device Information: Device type, operating system, browser type
• Log Data: IP address, access times, pages viewed, referring URL
• Usage Data: Features used, actions taken, time spent on pages
• Location Data: General location based on IP address
• Session Data: Login times, session duration, last activity

1.3 Information from Third Parties

We may receive information from:

• Payment processor (Paystack) for Platform subscription and purchase transactions
• Social media platforms if you connect your accounts
• Google Analytics for website usage analytics

We use your information for the following purposes:

2.1 Providing Services

• Create and manage your account
• Connect Trainers with Clients
• Deliver workout programs and meal plans
• Process platform subscription payments for Trainers
• Enable messaging and communication
• Track fitness progress and goals

2.2 Platform Improvement

• Analyze usage patterns to improve features
• Develop new products and services
• Personalize your experience
• Conduct research and analytics

2.3 Communication

• Send service-related notifications
• Respond to your inquiries and support requests
• Send marketing communications (with your consent)
• Notify you of policy changes

2.4 Safety & Security

• Detect and prevent fraud
• Enforce our Terms of Service
• Protect the rights and safety of users
• Comply with legal obligations
• Security Compromise Response: Maintain and execute a documented response plan in the event of a security compromise or data breach, including notification to the Regulator and affected data subjects as required by Section 22 of POPIA.

We do not sell your personal information. We may share your information in the following circumstances:

3.1 With Other Users

• Trainers can see: Client profile information, fitness data you share, progress photos, body measurements, workout logs, goals, and messages
• Clients can see: Trainer profile information, certifications, specialties, bio, and reviews

3.2 With Service Providers (Operators)

We share information with trusted third parties who assist us in operating the Platform. In accordance with POPIA, we ensure that as "operators", these service providers have signed agreements committing to maintain the same level of security and confidentiality as we do.

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption of data in transit (SSL/TLS) and at rest
• Secure password hashing (bcrypt)
• Regular security assessments
• Access controls and authentication
• Data breach detection, reporting, and investigation procedures

We retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete information (using our Online Request Form or POPIA Form 2).
• Deletion: Request that we delete your personal information when it is no longer needed (using our Online Request Form or POPIA Form 2).
• Restriction: Request that we restrict the processing of your data.
• Portability: Request a copy of your data in a structured, machine-readable format.
• Objection: Object to our processing of your data for legitimate reasons or for direct marketing (using **Form 1**).

6.2 Procedure for Exercising Rights

To exercise any of these rights, please follow these procedures:

1. Identity Verification: Before processing any request, we will take steps to verify your identity to prevent unauthorised access to information. This may involve providing a copy of your ID document or answering security questions.
2. Form Submission: While we accept requests via email, we recommend using our Online Legal Request Form for faster processing. Alternatively, you may complete a formal physical request form (e.g., Form 1 for objections or Form 2 for corrections/deletions).
3. Response Timeframe: We aim to acknowledge and process all requests without undue delay and at least within 30 days of receipt, as per legislative requirements.
4. Cost: Basic requests for information are generally free, but more complex requests may incur a reasonable fee as permitted by law.

We use cookies and similar tracking technologies to track activity on our platform and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier.

• Essential Cookies: Required for platform functionality (authentication, session management, CSRF protection)
• Analytics Cookies: Google Analytics cookies to help us understand how you use the platform
• Preference Cookies: Remember your settings and preferences (theme, sidebar state)

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality. For detailed information, please see our Cookie Policy.

Our platform integrates with the following third-party services:

• Paystack: Payment processing for Platform subscriptions and purchases (Privacy Policy)
• Cloudinary: Image and video hosting (Privacy Policy)
• Resend: Email delivery (Privacy Policy)
• Sentry: Error monitoring (Privacy Policy)
• Google Analytics: Website analytics (Privacy Policy)
• Agora: Video calling (Privacy Policy)
• Vercel: Web hosting (Privacy Policy)
• Supabase: Database hosting (Privacy Policy)

These services have their own privacy policies governing how they handle your data. We encourage you to review their policies.

Forged Fitness is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

Forged In Fitness (Pty) Ltd is based in South Africa. Your information may be transferred to and processed in countries other than your own, including South Africa and countries where our service providers operate. These countries may have different data protection laws. By using Forged Fitness, you consent to the transfer of your information to these countries.

We implement appropriate safeguards for international transfers, including standard contractual clauses where applicable, particularly when transferring data from the EU or other jurisdictions with stringent data protection laws.

As a South African company, Forged In Fitness (Pty) Ltd is committed to the Protection of Personal Information Act (POPIA). We ensure that all personal information is processed according to the eight conditions for lawful processing:

1. Accountability: We take full responsibility for the data we process.
2. Processing Limitation: We only process data that is necessary, for a specific purpose, and with consent where required.
3. Purpose Specific: Data is collected for explicit, defined, and legitimate purposes.
4. Further Processing Limitation: We do not use data for purposes incompatible with the original collection.
5. Information Quality: We take steps to ensure your data is complete, accurate, and up-to-date.
6. Openness: We are transparent about how we collect and use your information.
7. Security Safeguards: We implement technical and organizational measures to protect your data from loss or unauthorized access.
8. Data Subject Participation: You have the right to access, correct, or delete your personal information.

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. We may also send you an email notification for significant changes.

Your continued use of Forged Fitness after changes become effective constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy or our data practices, please contact us:

• Company: Forged In Fitness (Pty) Ltd
• Address: 7 Riviera Crescent, Uvongo, KwaZulu-Natal, 4270, South Africa
• Email: support@forgedfitness.co
• Phone: +27 83 696 2435
• Information Officer: Drew Hall

For privacy-related inquiries, complaints, or to exercise your data protection rights under POPIA or other laws, please contact our Information Officer at support@forgedfitness.co. You also have the right to lodge a complaint with the Information Regulator of South Africa:

JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: enquiries@inforegulator.org.za / PAIAComplaints@inforegulator.org.za