Fitness Visuals Privacy Policy

1. Information We Collect

We collect the following categories of information:

• Account data — your email address and the full name you provide at signup. If you sign in with Google, we receive your Google account identifier, email, and name.
• Authentication — passwords are hashed and salted by our authentication provider (Supabase); we never see or store plaintext passwords.
• Purchase data — Stripe customer identifier, order history, license records, and the last four digits of the payment card. Your full card number is handled exclusively by Stripe and never touches our servers.
• App registration — when you register an application against your license, we store the app name, package/bundle identifier, platform, and optional store URL you provide.
• Usage data — timestamps, IP address, and user-agent string associated with each asset download, to maintain an audit trail.
• Technical data — standard server logs (request paths, response codes, IP, referrer) and error reports (stack traces, limited context, your user ID for correlation) sent to our error-monitoring provider.

2. How We Use Your Information

We use the information we collect to:

• create and maintain your account;
• process payments and grant licenses to purchased assets;
• enforce license terms and maintain a record of asset usage for compliance and audit purposes;
• provide customer support and respond to your inquiries;
• detect, investigate, and prevent fraudulent or abusive activity;
• operate, maintain, and improve the Service, including diagnosing errors;
• comply with legal obligations, tax reporting, and lawful requests from authorities.

3. Legal Bases for Processing (EU/UK)

If you are located in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR / UK GDPR:

• Performance of a contract — to provide the Service you purchased or signed up for;
• Legitimate interests — to secure the Service, prevent fraud, enforce licenses, and improve the product, balanced against your rights;
• Legal obligation — to retain records required by tax, accounting, or other laws;
• Consent — where required (e.g., optional cookies or marketing communications, should we introduce them).

4. Third-Party Service Providers

We rely on a small number of trusted providers to run the Service. They process data on our behalf and are bound by contractual data-protection obligations.

• Supabase — authentication, database, and file storage. Hosts your account data, license records, and asset files. (Privacy)
• Stripe — payment processing. Collects and stores card and billing information directly; PCI-DSS Level 1 certified. (Privacy)
• Google — if you choose to sign in with Google, Google processes your authentication request and shares your email and name with us. (Privacy)
• Vercel — hosting, edge network, and basic web-performance measurement. Logs include IP and request metadata. (Privacy)
• Sentry — error-reporting and performance monitoring. Receives error stack traces and limited context, including your user identifier for correlation. (Privacy)

We do not sell your personal information, and we do not share it with advertising networks or data brokers.

5. International Data Transfers

Our providers primarily store data in the United States. If you access the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States. Where required, our providers maintain Standard Contractual Clauses or equivalent safeguards for cross-border transfers.

6. Data Retention

We retain account and related data for as long as your account is active. You may request deletion of your account at any time; upon deletion, we will delete or anonymize personal data we hold about you, except that we retain purchase records (orders, invoices, and license records) for up to seven (7) years to comply with tax, accounting, and audit obligations. Anonymized or aggregated usage metrics may be retained indefinitely for analytics.

7. Security

We take reasonable measures to protect your information. Data is transmitted over TLS; authentication credentials are hashed; database access is restricted by row-level security policies that scope each user’s reads and writes to their own records. No system is perfectly secure, and we cannot guarantee absolute security.

8. Your Privacy Rights

Depending on where you live, you may have rights in relation to your personal data, including:

• Access — request a copy of the data we hold about you;
• Correction — update inaccurate or incomplete data;
• Deletion — request removal of your data, subject to our retention obligations;
• Portability — receive your data in a structured, machine-readable format;
• Objection — object to processing based on legitimate interests;
• Withdrawal of consent — where processing is based on consent;
• Lodging a complaint — with your local data-protection authority.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what categories of personal information we collect, the right to delete, and the right to non-discrimination for exercising your rights. We do not sell personal information.

To exercise any of these rights, contact us at fitnessvisualsweb@gmail.com. We may need to verify your identity before acting on your request.

9. Cookies

We use only essential cookies required to operate the Service — primarily an authentication-session cookie that keeps you signed in. We do not use third-party advertising cookies, tracking pixels, or cross-site behavioral trackers. If we introduce optional analytics cookies in the future, we will update this Policy and, where required, request your consent.

10. Children’s Privacy

The Service is intended for commercial use by adult software developers. It is not directed at children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will take steps to delete it.

11. Do-Not-Track

Most web browsers offer a “Do Not Track” (DNT) setting. Because there is no industry-standard agreement on how to respond to DNT signals, we do not currently modify our practices based on DNT. We also do not use behavioral tracking, so DNT has limited practical effect on this Service.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the version shown above and, where practical, notify active account holders by email. The date and version of the latest revision will always be shown at the top of this page.

13. Contact

Fitness Visuals is operated by Jorge Gonzales. For privacy questions or to exercise your rights, contact us at fitnessvisualsweb@gmail.com.

See also our Terms of Service and License Terms.