Data Handling

Understanding how we manage, secure, and process your fitness data

Data Collection and Processing

At 9X Fitness, we handle your data with the utmost care and transparency. This page provides detailed information about our data handling practices, security measures, and your control over your information.

1. Types of Data We Handle

1.1 Account Data

  • Identity Information: Name, email address, username
  • Authentication Data: Encrypted passwords, device tokens
  • Profile Information: Profile photos, bio, preferences
  • Contact Details: Phone number, emergency contacts (optional)

1.2 Health and Fitness Data

  • Physical Metrics: Height, weight, body measurements, BMI
  • Fitness Goals: Weight loss, muscle gain, endurance targets
  • Activity Data: Workout sessions, exercise types, duration, intensity
  • Progress Tracking: Weight changes, strength improvements, endurance gains
  • Nutrition Data: Meal logs, calorie intake, dietary preferences
  • Health Conditions: Injuries, limitations, medical considerations (optional)

1.3 Technical Data

  • Device Information: Device model, OS version, app version
  • Usage Analytics: Feature usage, session duration, navigation patterns
  • Performance Data: App crashes, loading times, error logs
  • Location Data: General location for time zone settings (if enabled)

2. Data Processing Principles

2.1 Lawful Basis

We process your data based on:

  • Consent: You explicitly agree to data processing for specific purposes
  • Contract Performance: Processing necessary to provide our fitness services
  • Legitimate Interests: Improving app functionality and user experience
  • Legal Obligations: Compliance with applicable laws and regulations

2.2 Data Minimization

We only collect and process data that is:

  • Necessary for providing our fitness services
  • Relevant to your fitness goals and preferences
  • Limited to what you explicitly provide or consent to
  • Updated regularly to maintain accuracy

3. Data Storage and Security

3.1 Storage Infrastructure

  • Cloud Storage: Secure, industry-standard cloud infrastructure
  • Data Centers: Geographically distributed with redundancy
  • Backup Systems: Regular automated backups with encryption
  • Access Controls: Role-based access with multi-factor authentication

3.2 Encryption Standards

  • Data in Transit: TLS 1.3 encryption for all data transmission
  • Data at Rest: AES-256 encryption for stored data
  • Database Encryption: Field-level encryption for sensitive data
  • Key Management: Secure key rotation and management protocols

3.3 Security Measures

  • Regular security audits and penetration testing
  • Continuous monitoring for security threats
  • Incident response procedures and protocols
  • Employee security training and background checks
  • Secure development practices and code reviews

4. Data Processing Activities

4.1 Personalization

We process your data to:

  • Create customized workout plans based on your fitness level
  • Recommend nutrition plans aligned with your goals
  • Adjust difficulty levels based on your progress
  • Suggest exercises suitable for your preferences and limitations

4.2 Progress Tracking

Your data helps us:

  • Monitor your fitness journey and achievements
  • Generate progress reports and analytics
  • Identify patterns and trends in your activity
  • Provide motivational insights and recommendations

4.3 App Improvement

We analyze anonymized data to:

  • Improve app performance and user experience
  • Develop new features based on user needs
  • Fix bugs and optimize functionality
  • Understand usage patterns and preferences

5. Data Sharing and Third Parties

5.1 Service Providers

We work with carefully vetted third-party providers for:

  • Cloud Infrastructure: Secure hosting and database services
  • Analytics: App performance and usage analytics (anonymized)
  • Customer Support: Help desk and communication platforms
  • Payment Processing: Secure subscription and payment handling

5.2 Data Processing Agreements

All third-party providers must:

  • Sign comprehensive data processing agreements
  • Implement equivalent security measures
  • Limit data use to specified purposes only
  • Allow audits and compliance verification
  • Report any security incidents immediately

6. Your Data Rights

6.1 Access and Portability

  • View Your Data: Access all personal data we hold about you
  • Data Export: Download your data in a portable format (JSON/CSV)
  • Data History: View historical changes and updates to your data
  • Processing Activities: Information about how your data is processed

6.2 Control and Management

  • Update Information: Modify or correct your personal data
  • Delete Data: Request permanent deletion of your account and data
  • Restrict Processing: Limit how we process certain data types
  • Object to Processing: Opt out of specific data processing activities

6.3 Communication Controls

  • Customize notification preferences
  • Opt out of marketing communications
  • Control data sharing with third parties
  • Manage consent for different data uses

7. Data Retention and Deletion

7.1 Retention Periods

  • Active Accounts: Data retained while account is active and for service provision
  • Inactive Accounts: Data retained for 2 years after last activity
  • Deleted Accounts: Data permanently removed within 30 days of deletion request
  • Legal Requirements: Some data may be retained longer if required by law

7.2 Deletion Process

When you delete your account:

  • Personal data is immediately marked for deletion
  • Data is removed from active systems within 30 days
  • Backup systems are purged during the next backup cycle
  • Anonymous, aggregated data may be retained for analytics

8. International Data Handling

8.1 Data Transfers

Your data may be processed in different countries to:

  • Provide global app functionality and performance
  • Ensure data redundancy and disaster recovery
  • Optimize app response times worldwide
  • Comply with local data residency requirements

8.2 Transfer Safeguards

We ensure international transfers are protected by:

  • Standard contractual clauses approved by regulatory authorities
  • Adequacy decisions for countries with appropriate protection levels
  • Binding corporate rules and privacy frameworks
  • Regular assessments of transfer risks and protections

9. Incident Response

9.1 Security Incident Procedures

In case of a data security incident, we will:

  • Assess the scope and impact within 24 hours
  • Contain and remediate the issue immediately
  • Notify regulatory authorities within 72 hours if required
  • Inform affected users without undue delay
  • Provide support and guidance to affected users

9.2 Communication

We will communicate incidents through:

  • In-app notifications for immediate alerts
  • Email notifications with detailed information
  • Website updates and status pages
  • Direct communication for high-risk incidents

10. Contact and Support

10.1 Data Protection Officer

For data protection inquiries, contact our Data Protection Officer:

  • Email: dpo@9xfitness.com
  • Subject Line: "Data Protection Inquiry - [Your Request]"
  • Response Time: Within 30 days for standard requests

10.2 User Support

For general data questions and account management:

  • Email: support@9xfitness.com
  • In-App Support: Available through the app settings
  • Response Time: Within 24-48 hours

🛡️ Data Security Commitment

Your data security is our top priority. We continuously invest in advanced security measures, regular audits, and staff training to ensure your personal and fitness data remains protected at all times.

Questions about our data handling? Contact our team - we're here to help!