BasischFit LogoBasischFitFit
Legal · last updated June 1, 2026

Privacy Policy

We coach people for a living. Trust is the entire job. This page explains, in detail, what we collect, why we collect it, what we do with it, and the rights you have at every step.

1. The short version

We collect the minimum amount of personal information we need to coach you well, run our website and keep our business alive. We don't sell your data to anyone. Ever. We store data on servers inside the European Union, secure it with industry-standard encryption, and give you the right to download or delete everything we hold about you at any time.

This page is the long version of all of that. It's written in plain English on purpose. If anything is unclear, write to info@basischfit.com and a real human will explain it.

2. Who we are

This Privacy Policy applies to BasischFit Coaching GmbH ("BasischFit", "we", "us", "our"), a company registered in Cologne, Germany under HRB 123456, with our registered office at Hohenzollernring 42, 50672 Köln.

We are the data controller for the personal data we collect through our website (basischfit.com), our mobile and web apps, our coaching services and our newsletter.

3. What we collect

Account information: your name, email address, date of birth, and, if you choose to provide them, your phone number, profile photo and physical location.

Coaching information: training history, current goals, injuries, lifestyle context, body composition measurements, lift logs, check-in responses and messages you exchange with your coach.

Payment information: billing name, billing address and the last four digits of your card. Full card numbers are processed by our payment partner (Stripe) and never touch our servers.

Technical information: device type, browser, IP address, language, timezone and approximate location derived from your IP. We use this to make the site work and to detect abuse.

Cookies and analytics: see Section 6.

4. How we use what we collect

To deliver coaching: programming your training, reviewing your check-ins, replying to your messages and adjusting plans based on your data.

To run our business: processing payments, sending receipts, handling support requests and complying with legal and tax obligations.

To improve the product: anonymised, aggregated analysis of which features members use, which programs work best, and where the site or app is breaking.

To send communications you've opted into: our weekly newsletter, product updates and member-only emails. Every email contains a one-click unsubscribe link.

5. Legal basis for processing (GDPR)

Performance of a contract — for everything required to deliver coaching you've paid for.

Legitimate interests — for product analytics, fraud detection and securing our infrastructure, where those interests don't override your fundamental rights.

Consent — for marketing emails, optional analytics cookies and any sensitive health data you choose to share. You can withdraw consent at any time.

Legal obligation — for tax records, anti-money-laundering checks and statutory reporting.

6. Cookies and similar technologies

We use a small number of cookies. Strictly necessary cookies keep you signed in and remember your preferences — these are always on. Analytics cookies (we use Plausible, a privacy-friendly EU-based analytics service) let us count visits and see which pages work. We don't use third-party advertising cookies and we don't share data with ad networks.

You can disable analytics cookies in the cookie banner the first time you visit, or any time later through the link in the footer.

7. Who we share data with

Service providers we couldn't run the business without: Stripe (payments), Postmark (transactional email), Cloudflare (security and CDN), AWS Frankfurt (hosting). Each is bound by a data-processing agreement and may only use your data to provide the service we hired them for.

Your coach: every staff member who can see your data signs an NDA and a data-handling policy as a condition of employment.

Authorities: only when we are legally required to disclose, and only after we've checked the request is valid.

We have never sold personal data and we will never sell personal data. If that ever changes, we will email every affected member first and give you the chance to opt out before it happens.

8. How long we keep your data

Active members: for as long as you have an account, plus 60 days after cancellation so you can change your mind.

Inactive accounts: anonymised after 36 months of no activity.

Newsletter subscribers: until you unsubscribe, plus 30 days for our records.

Invoices and tax records: 10 years, as required by German law.

You can request earlier deletion at any time — see Section 10.

9. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access to production systems is limited to a small number of engineers, requires multi-factor authentication, and is logged. We run quarterly internal security reviews and an annual external penetration test.

If we ever experience a breach affecting your personal data, we will notify you within 72 hours, in line with GDPR Article 33–34.

10. Your rights

You have the right to access, correct, export, restrict the processing of, and delete your personal data. You also have the right to object to processing and to lodge a complaint with your local data-protection authority. In Germany the supervisory authority is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen.

To exercise any of these rights, email info@basischfit.com. We respond inside 30 days, usually inside one week.

11. Children

Our services are not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact info@basischfit.com and we will delete it.

12. International transfers

All personal data is stored on servers inside the European Union. If a service provider needs to transfer data outside the EU (for example, support teams in the US), we rely on Standard Contractual Clauses approved by the European Commission to ensure your data receives the same level of protection.

13. Changes to this policy

We will update this policy from time to time. Material changes will be announced by email and through an in-app banner at least 14 days before they take effect. The date below shows when this version was published.

14. Contact us

Questions, requests or complaints about how we handle your data? Email info@basischfit.com or write to BasischFit Coaching GmbH, Hohenzollernring 42, 50672 Köln, Germany. We reply to every message.