Privacy Policy

1. Who we are

BUMP PUMP ("we") provides a fitness program for women via this web application. We are the data controller for the personal data described here. Contact: support@bumppump.example

2. What we collect

• Account data: email address, name, password (hashed).
• Program data: chosen track, fitness level, equipment, goals.
• Progress data you log: workout completions, weights lifted, body measurements, progress photos.
• Purchase data: products bought, amounts and payment status. Payments are processed by Stripe; we never see your card number.
• Essential cookies to keep you signed in; optional analytics cookies only with your consent.

3. Why we process it (legal bases)

• To deliver the program you purchased (performance of contract).
• To process payments and keep tax records (legal obligation).
• Analytics, only if you consent (and you can withdraw consent anytime).

4. Where your data lives

Data is stored with Supabase (database & private photo storage) and Stripe (payments), with hosting on Vercel. Progress photos are private; only you can access them through your account.

5. Your rights (GDPR)

You can access, correct, export or erase your data at any time. The fastest way to erase everything is Settings → "Delete my account & all data", which permanently removes your account, progress, photos and purchase records. You may also lodge a complaint with your local supervisory authority.

6. Retention

We keep your data while your account exists. Payment records are retained as required by tax law even after account deletion.