Privacy Policy

1. Introduction

Combat Vault ("we", "our", "us") is a gym management platform operated from Manchester, United Kingdom. We are committed to protecting your personal data and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform at combatvault.com (the "Service").

2. Data We Collect

We collect the following categories of personal data:

• Account Information: Name, email address, phone number, and profile details you provide when creating an account.
• Gym Membership Data: Membership tier, class bookings, attendance records, training history, and fitness-related data.
• Payment Information: Billing details processed securely through our payment providers (Stripe and GoCardless). We do not store your full card details on our servers.
• Social Media Data: If you connect your Facebook, Instagram, or Google account, we may receive basic profile information as permitted by those platforms.
• Usage Data: Information about how you interact with our Service, including pages visited, features used, and device information.
• Communications: Messages, enquiries, and correspondence you send to us.

3. How We Use Your Data

We use your personal data for the following purposes:

• Providing and managing your gym membership and class bookings
• Processing payments and managing billing
• Sending transactional emails (booking confirmations, membership updates)
• Improving our platform and user experience
• Managing social media integrations for gym marketing and lead generation
• Monitoring platform performance and diagnosing technical issues
• Complying with legal obligations

4. Legal Basis for Processing

Under UK GDPR, we process your data on the following lawful bases:

• Contract: Processing necessary to fulfil our membership agreement with you.
• Legitimate Interest: Improving our services, platform security, and marketing our gym.
• Consent: Where you have opted in to marketing communications or social media integrations.
• Legal Obligation: Where we are required to process data by law.

5. Third-Party Services

We use the following third-party services to operate our platform:

• Stripe: Payment processing for card payments and subscriptions.
• GoCardless: Direct Debit payment processing.
• Resend: Transactional email delivery.
• Vercel: Platform hosting and infrastructure.
• Neon (PostgreSQL): Database hosting and storage.
• OpenAI: AI-powered features within the platform.
• Sentry: Error monitoring and performance tracking.
• Meta (Facebook/Instagram): Social media integration for marketing and lead generation.
• Google: Authentication and analytics services.

Each third-party provider has their own privacy policy governing how they handle your data. We encourage you to review their policies.

6. Cookies

We use cookies and similar technologies to maintain your session, remember your preferences, and analyse how our platform is used. Essential cookies are required for the Service to function. You can manage your cookie preferences through your browser settings, though disabling essential cookies may affect platform functionality.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. If you close your account, we will delete or anonymise your personal data within 90 days, unless we are required to retain it for legal or regulatory purposes.

8. Your Rights

Under UK GDPR, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing: Request that we limit how we use your data.
• Right to Data Portability: Request your data in a machine-readable format.
• Right to Object: Object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us using the details below.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes encryption in transit, secure hosting infrastructure, and regular security reviews.

10. Children's Privacy

Our Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

12. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

• Email: benjokemp@gmail.com
• Address: 4 Riverside Avenue, Chorlton, Manchester, M21 7PU

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.