Privacy Policy
Last updated: Jan 13, 2022
Introduction
- We are Everfit Technologies, Inc (“Everfit”, “we”, “us”, or “our”) and we provide a software platform that enables health and fitness businesses to manage operations and provide health and fitness coaching, whether in person or online.
- Everfit’s services include workout and nutrition planning, content scheduling and sharing, messaging (in-app, email, SMS, push), logging personal health records, payment services, and providing tools to help businesses collaborate, get analytics, and grow their business.
- We predominantly act as a processor on behalf of Trainers (as defined below) who should have their own privacy notices in respect of their Clients (as defined below).
- This Privacy Policy shall only apply in the limited circumstances where we are a controller (as described below).
We provide our services to:
- personal trainers, sport coaches, and/or health professionals that use Everfit to connect with their clients (Trainers); and
- Trainers’ clients that use Everfit to connect with their Trainers (Clients).
The Privacy Policy applies to both Trainers and Clients, but it is important to distinguish the two as Everfit’s personal information obligations differ, depending on whether you are a Trainer or a Client.
We have tried to make it clear when this Privacy Policy applies to you but if you have any questions at all please contact us here: legal@everfit.io
Trainer | Client |
This Privacy Policy applies in respect of the personal information you, as a Trainer, provide to | This Privacy Policy applies in respect of the personal information you, as a Client, provide to Everfit to: |
When is this Privacy Policy applicable to me?
Trainer | Client |
This Privacy Policy applies in respect of the personal information you, as a Trainer, provide to Everfit to:
register your account (e.g. name, email address, etc.) as further described below. |
This Privacy Policy applies in respect of the personal information you, as a Client, provide to Everfit to:
as further described below. |
You will need an appropriate privacy policy in place in respect of any Client personal information you obtain in the course of providing the Services (as defined below).
Everfit will be a processor (and will process such personal information in accordance with the Data Processing Agreement) but is not a controller of such personal information. |
The Trainer’s privacy policy will apply in respect of any personal information shared with the Trainer in respect of the Services (as defined below). Everfit will be a processor but is not a controller of such personal information. If you want to know more about how your personal information is held by the Trainer, ask to see their privacy policy. |
We use personal data to provide, develop and promote Everfit. Everfit respects your privacy, and we are committed to protecting it as explained throughout this Privacy Policy.
Where applicable (see above), this Privacy Policy describes (a) the types of information we collect from you or that you may provide when you visit the website at www.everfit.io (the “Website”) and/or use our mobile application (the “App”), (b) our practices for collecting, using, maintaining, protecting, and disclosing that information; and (c) your data protection rights and our contact details. We refer to the App and the Website together as the “Platform,” and the services available through the Platform as the “Service”. Please familiarize yourself with our privacy practices and contact us as described below in Section XIII if you have any questions.
This Privacy Policy applies to information we collect:
- Through the Service.
- By e-mail, text, and other communications between you and us and/or the Service.
- Through mobile and desktop applications.
- When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this Privacy Policy.
It does not apply to information:
- Collected by us offline or through any other means, including on any other website or application operated by us or any third party (including but not limited to our affiliates and subsidiaries);
- Collected by any third party (including but not limited to our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from or on the Platform; or
- Information concerning Trainers that we process on behalf of Trainers, in the course of Trainers providing Services.
Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will handle your information. If you do not agree with our policies and practices, you agree not to use our Platform.
Changes to Our Privacy Policy
This Privacy Policy may change from time to time. Your continued use of the Platform after we make changes to this Privacy Policy constitutes acceptance of those changes, so please check this Privacy Policy periodically for updates.
If we make material changes to how we process your personal information or how you may exercise your rights, we will notify you through a notice in the Service. The date this Privacy Policy was last updated is identified at the top of the first page of this Privacy Policy. You are responsible for ensuring we have an up-to-date active and deliverable e-mail address for you, and for periodically visiting this Privacy Policy to check for any changes.
Index
I. Information We Collect
II. How We Use Your Information
III. How We Collect Your Information And How Long We Keep It
IV. How We Share Your Information
V. Children’s Privacy
VI. How We Protect Your Information
VII. How You May Change, Remove, Or Export Your Information
VIII. Links To Third-Party Websites And Services
IX. Updates To This Privacy Policy
X. Non-US Users
XI. Rights Of Users From The EEA
A. Data Controller
B. Rights Of EEA Residents
XII. Your California Privacy Rights
XIII. Everfit Data Usage and Privacy Disclosure for Google API Services
XIV. Contacting Everfit
I. Information We Collect and How We Collect It
The Platform offers Trainers various tools to provide health and exercise information and guidance to their Clients and facilitates communications between and among Trainers and Clients. The information we may collect from and about you through the Platform depends on whether you are a Trainer, a Client, or a general visitor of our Platform.
Personal Information We Collect from Any Users of Our Platform
The information we collect on or through the Platform from Trainers, Clients and other users of our Platform may include:
- Records of your correspondence (including e-mail addresses), if you contact us.
- Details of transactions you carry out through the Platform.
- Your search queries in the Platform.
- Information that you provide by filling in forms on the Platform, for example to subscribe to our newsletter, respond to surveys or enter a contest or promotion, or to report an issue.
- Personal information about you that we receive from others, such as other users or our payment processors.
You also may provide information to be published or displayed on the Platform, or transmitted to other users of the Platform or third parties (collectively, “User Contributions”). Your User Contributions are posted and transmitted to others at your own risk. Please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Platform with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed or accessed by unauthorized persons.
Information We Collect Directly from Trainers
We collect personal information relating to Trainers for the purpose of billing subscription fees and any payment service fees when they use the Services.
In respect of any Trainers that access the Platform through their employing gym or studio we are generally acting only as a processor and the gym or studio owner will be the controller that is ultimately responsible for how their staff’s personal information is used.
However, for the purposes of our legal rights we may be required to process the following types of Trainer personal information as controller:
- Basic personal and contact details (including your name, date of birth, gender and e-mail address.
- Information regarding your business, such as the size and type of your business.
- Payment information, collected and processed by our payment provider.
Information We Collect Directly from Clients
Everfit collects personal information relating to Trainer’s customers or clients (Clients) to allow them to access the Services.
With the exception of any personal information we lawfully collect for our marketing purposes, where we collect and process personal information relating to Clients, we are generally acting only as a processor and the Trainer is the controller that is ultimately responsible for how their Client’s personal information is used.
However, for the purposes of our regulatory obligations and legal rights we may be required to process the following types of Client personal information as controller:
- Basic personal and contact details (including your name, date of birth, gender and e-mail address).
- Username and password.
- Sign-on information provided to third parties (where a Client accesses the Services through a third-party interface, such as a social media platform)
- Membership and/or account details
- Payment information, collected and processed by our payment provider.
Automatic Data-Collection Technologies
In addition to the specific information above, in respect of any users of our Platform, we may use automatic data collection technologies to collect certain information about your location, device, browsing actions, and patterns, including:
- Details of your visits to and actions on the Platform, including traffic data, location data, logs and other communication data, the resources that you access, and your use of the Platform.
- Information about your computer or device and internet connection, including as applicable, your IP address, operating system, browser type, mobile network information, location, time zone and/or telephone number.
- Metadata and other information associated with files stored on your device.
Technologies we use for automatic data collection may include:
- Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of the Service. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to the Service.
- Flash Cookies. Certain features of the Service may use local stored objects (Flash cookies) to collect and store information about your preferences and navigation to, from, and on the Service. Flash cookies are not managed by the same browser settings as are used for browser cookies.
- Web Beacons. The Platform and our e-mails may use small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Third-Party Use of Cookies and Other Tracking Technologies
Some content or applications, including advertisements, on the Service are served by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Service. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content. We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). Contact us at legal@everfit.io for information on how you can opt out of behavioral tracking on the Platform and how we respond to web browser signals and other mechanisms that enable consumers to exercise choice about behavioral tracking.
The information we collect includes personal information, and we maintain it or associate it with personal information we collect in other ways or receive from third parties. This helps us to improve the Service and deliver a better and more personalized service.
II. How We Use Your Information
Clients
We largely use information that we collect about Clients or that Clients provide to us, including any personal information as a processor to provide Everfit to Trainers and gym owners. Consequently, Clients should check the privacy notice of the Trainer or gym from which they registered to receive services.
As detailed above, there are some occasions where we act as controller of Client personal information and this Privacy Policy shall apply. We have provided more detail around the lawful bases for which we process such information within the table below.
Trainers
In accordance with applicable data protection law, we will only process your data where we have a lawful basis for doing so or for our business and commercial purposes. In respect of your personal data, these bases are: (i) where it is necessary to provide services to you under the performance of a contract we have with you; (ii) where we are required to do so in accordance with our legal or regulatory obligations; (iii) where you have given your consent; and (iv) where it is in our legitimate interest to process your personal data, provided that none of these prejudice your own rights, freedoms and interests.
The following are a list of the “Purposes” for which we (including any of our agents, processors, and/or employees) process your personal data and the lawful basis on which we carry out such processing:
Trainer / Client | Purpose | Lawful Basis |
Trainer and Client | To provide the Services to you (including setting-up, managing and validating your account) | Necessary for the performance of a contract. |
Trainer and Client | To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection. | Necessary for the performance of a contract. |
Trainer | To notify you about updates to our Services, including expiration and renewal notices | Necessary for the performance of a contract |
Trainer | To carry out market research campaigns and improve the Platform and our other websites, apps, marketing efforts, products and services. | Legitimate interests so that we can better understand the products and services that our customers most enjoy |
Trainer and Client | To send you push notifications on mobile devices where you have agreed to this | Consent |
Trainer and Client | To prevent and address fraud, breach of policies or terms, and threats of harm | Legitimate interests to prevent fraud, breaches of our agreements, and threats of harm |
Trainer and Client | To store information about you and your preferences, allowing us to customize the services according to your individual interests and recognize you when you return to the platform. | Consent |
When you sign up for a subscription or make a purchase, any credit card information you provide is collected and processed directly by our payment processor, which is currently Stripe, Inc. (“Stripe”), through their checkout service. We never receive or store your full credit card information. Stripe commits to complying with the Payment Card Industry Data Security Standard (PCI-DSS) and using industry standard security. Stripe may use your payment information in accordance with the Stripe Privacy Policy.
We may use the information we have collected from you to enable us to display advertisements to our advertisers’ target audiences. Even though we do not disclose your personal information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.
We also aggregate and anonymise Client’s and Trainer’s personal information to use for developing and monitoring our Services. In addition, we collect analytical information about the use of Everfit to maintain and develop our Services.
III. How Long We Keep Your Information
We will only store your information as long as necessary to fulfill the purposes for which the information is collected and processed or, where applicable law provides for longer storage and retention periods, for the storage and retention period required by law. After that your personal information will be deleted.
IV. How We Share Your Information
We may disclose aggregated information about users, and information that does not identify any individual, without restriction.
The Service provides a platform for virtual training and fitness/health guidance. As a result, personal information of Clients, including workout performance and health information, is made available to Trainers in order for Trainers to provide guidance and advice. Video and audio recordings may be made of Client workouts and instructional sessions in order to facilitate Trainer review and advice. Trainers may also post audio and video recordings for instructional purposes. Clients may further share personal information with Trainers through the communication channels incorporated in the Platform. In some cases, Client information may be shared within Everfit forums or group chats with other Clients and with Trainers other than the Client’s designated principal Trainer.
Trainers are responsible for protecting Clients’ personal information that they collect and processing that information in accordance with applicable data protection laws. Clients who have questions about Trainers’ privacy practices should contact the Trainers directly.
We may also disclose personal information that we collect or you provide as described in this Privacy Policy:
- To our subsidiaries and affiliates.
- To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Everfit’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Everfit about Platform users is among the assets transferred.
- To third parties to market their products or services to you if you have consented to these disclosures. We contractually require these third parties to keep personal information confidential and use it only for the purposes for which we disclose it to them.
- To fulfill the purpose for which you provide it.
- For any other purpose disclosed by us when you provide the information.
- With your consent.
We may also disclose your personal information:
- To comply with any court order, law, or legal process, including responding to any government or regulatory request.
- To enforce or apply our Terms of Service and other agreements, including for billing and collection purposes.
- If we believe disclosure is necessary or appropriate to protect the rights, property, security or safety of Everfit, our customers, or others, or to address technical issues. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
Choices About How We Use and Disclose Your Information
We have created mechanisms to provide you with the following control over your information:
- Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or refuse cookies, please note that some parts of the Service may then be inaccessible or not function properly.
- Promotional Offers from Everfit. If you do not wish to have your contact information used by Everfit to promote our own or third parties’ products or services, you can opt-out by sending us an e-mail stating your request to legal@everfit.io. If we have sent you a promotional e-mail, you may send us a return e-mail asking to be omitted from future e-mail distributions. This opt out does not apply to information provided to Everfit as a result of a product purchase, warranty registration, product service experience or other transactions.
We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You may opt out of receiving targeted ads from members of the Network Advertising Initiative on their website.
California residents may have additional personal information rights and choices. Please see Your California Privacy Rights for more information.
Accessing and Correcting Your Information
You can review and change your personal information by logging into the Service and visiting your account profile page.
You may also send us an e-mail at legal@everfit.io to request access to, object to, correct or delete any personal information that you have provided to us.
If you are a Trainer or Client, deletion of your personal information will require us to also delete your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement, or cause the information to be incorrect.
If you delete your User Contributions, copies of your User Contributions may remain viewable in cached and archived pages, or might have been copied or stored by other users. Proper access to and use of information, including User Contributions, is governed by our Terms of Service.
V. Children’s Privacy
The Service is not intended for children under the age of thirteen (13). If you are under thirteen (13) years of age, do not use or provide any information on the Platform.
If we learn we have collected or received personal information from a child under thirteen (13) without verification of prior parental consent, we will delete that information. If you believe we may possess or have received any information from or about a child under thirteen (13) without such prior parental consent, please immediately contact us at legal@everfit.io.
In one or more countries outside the United States, the applicable age is fourteen (14) years of age, rather than thirteen (13) years of age.
California residents under sixteen (16) years of age may have additional rights regarding the collection and sale of their personal information. Please see Your California Privacy Rights for more information.
VI. How We Protect Your Information
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, theft, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls. Any payment transactions will be encrypted using SSL technology.
The safety and security of your information also depends on you. Where we have issued you (or you have chosen) a password for access to certain parts of our Service, you are responsible for keeping your password confidential. Please do not share your password with anyone.
We do not and will not, at any time, request your credit card information, your login information or other identification in a non-secure or unsolicited communication (such as e-mail).
Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to or on our Service. Any transmission of personal information is at your own risk. You assume this risk by using any part of the Service. We are not responsible for circumvention of any of our privacy settings or security measures, and/or any damages resulting from such circumvention.
VII. How You May Change, Remove, Or Export Your Information
You may e-mail us at legal@everfit.io to request that we delete your personal information from our database. For such requests, please write “delete my account” in the subject line, and include your first and last name and e-mail address in the body of the message. We will use commercially reasonable efforts to honor your request. We may retain an archived copy of your records as required by law or for administrative purposes.
Please note that we will store communications you may send through the Service, as well as any comments you may post, and they may not be subject to modification or deletion.
You may also control the information that we collect through the settings in your browser or mobile device. You may configure your browser to reject cookies from Everfit and may adjust the settings of your mobile device to prevent the Platform from obtaining location information. However, please note that the Service may rely on cookies and location information to function properly and some parts of the Service may not be available if you disable cookies.
VIII. Links To Third-Party Websites And Services
The Service may contain links to other websites and online services, including third-party advertisements. If you choose to click through to one of these other websites or online services, please note that any information you may provide will be subject to the privacy policy and other terms and conditions of that website or service, and not to this Privacy Policy. We do not control third-party websites or services, and fact that a link to such a website or service appears in the Service does not mean that we endorse its or its provider, or have approved the provider’s policies or practices related to user information.
Before providing any information to any third-party website or service, please review the privacy policy and other terms and conditions of that website or service. You agree that Everfit will have no liability for any matters relating to a third-party website or service that you provide information to, including their collection and/or handling of that information.
IX. Non-U.S. Users
When we refer to the term “GDPR” in this Privacy Policy we mean the European Union General Data Protection Regulation. The term “EEA” means the European Economic Area.
Information that you provide may be transferred or accessed by entities around the world as described in this Privacy Policy. If you are located outside the United States, you understand that we may transfer personal information to and process it in the United States. If you are located in the EEA, you freely consent to the transfer of personal information outside of the EEA. Your consent to this Privacy Policy together with your submission of personal information constitute your agreement to these transfers.
XI. Rights Of Users From The EEA
A. Data Controller
For the purposes of this Privacy Policy, Everfit Technologies, Inc is the Data Controller of your personal information.
B. Rights of EEA and UK Residents
If you are accessing or using the Platform from within the EEA or UK, you may have the following rights under the GDPR (as well as other rights). If you wish to exercise any of these rights, you may do so by contacting us as provided (i) in the “Contact” link below, (ii) in Section XIII below, or (iii) otherwise in this Privacy Policy.
- Right of Access: You have the right to obtain confirmation from us as to whether or not we process personal information from you and you also have the right to at any time obtain access to your personal information stored by us.
- Right to Correction of your Personal Information: If we process your personal information, we use reasonable measures to ensure that your personal information is accurate and up-to-date for the purposes for which your personal information was collected. If your personal information is inaccurate or incomplete, you have the right to require us to correct it.
- Right to Deletion of your Personal Information or Right to Restriction of Processing: You may have the right to require us to delete your personal information or to restrict of processing of your personal information.
- Right to Withdraw your Consent: If you have given your consent to the processing of your personal information, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on the consent before the withdrawal.
- Right to Data Portability: You may have the right to receive the personal information concerning you and which you have provided to us, in a structured, commonly used and machine-readable format or to transmit this data to another controller.
- Right to Object: You may have the right to object to the processing of your personal information as further specified in this Privacy Policy.
- Right to Lodge a Complaint with Supervisory Authority: You have the right to lodge a complaint with a data protection supervisory authority . Further information about how to contact your local data protection authority and how these rights can be exercised is available at the website of the European Commission and the Information Commissioner’s Office’s website (for UK citizens).
XII. Your California Privacy Rights
If you are a resident of California, USA resident and user of the Service, you have specific rights regarding our handling of your “personal information” as specifically defined in California’s “Shine the Light” law (Cal. Civil Code Section § 1798.83. This law permits users of our Service who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an e-mail to legal@everfit.io or write us at: Everfit Technologies Inc, c/o Gamma Law, PO Box 136, San Francisco, California 94104-0136.
Within thirty (30) days of receiving such a request, we will provide a list of the categories of personal information disclosed to third parties for such third parties’ direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. A request may be made no more than once per calendar year and we are not required to respond to requests made by means other than through the e-mail address and mailing address above.
Please review our complete Privacy Policy for California Residents.
XIII. Everfit Data Usage and Privacy Disclosure for Google API Services
At Everfit, we are committed to protecting your privacy and ensuring the secure handling of your data. We want to inform you that our app complies with the Google API Services User Data Policy.
Any use and transfer of information received from Google APIs to any other app, within the scope of Everfit’s services, will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
XIV. Contacting Everfit
If you have any questions, inquires, requests, comments or complaints concerning this Privacy Policy or our information practices, please contact us at legal@everfit.io or by regular mail at the following address: Privacy Officer, Everfit Technologies Inc, c/o Gamma Law, PO Box 136, San Francisco, California 94104-0136.