Introduction

This Privacy Policy (“Policy”) explains how Flexa Fitness L.L.C-FZ (“Flexa”, “we”, “us”, or “our”) collects, uses, discloses, and protects your personal information when you use the Flexa Fitness mobile application, web dashboard, and related online services (collectively, the “Flexa Platform” or “Services”).

By accessing or using the Flexa Platform, you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, please do not use the Flexa Platform.

This Policy is intended to comply with applicable data protection laws, including, where they apply to our activities, the General Data Protection Regulation (EU/UK GDPR), the California Consumer Privacy Act (CCPA), the Children's Online Privacy Protection Act (COPPA), and the UAE Personal Data Protection Law (PDPL), UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (“UAE PDPL”), and other relevant GCC data protection and privacy laws, to the extent they apply to our activities.

1. Who we are

Flexa Fitness provides a software platform that enables fitness professionals (“Trainers”) and gyms (“Gyms”) to manage clients, sessions, and workout programs.

For most processing activities described in this Policy, Flexa is the data controller (or equivalent under applicable law), meaning we determine how and why personal data is processed.

Trainers and Gyms are independent businesses. They may also act as controllers of the personal data of their clients (“Clients”), for example when they input training notes or health-related information into the Flexa Platform. Flexa does not provide personal training or medical advice, and does not process payments between Trainers, Gyms, and Clients (other than processing platform subscription payments for Trainers and Gyms, as described below).

2. Scope

This Policy applies to:

• The Flexa Fitness mobile app (including the iOS app distributed via the Apple App Store and Google Play Store),
• The Flexa web dashboard and any related online services that link to this Policy.
• The Flexa Website

We do not use your data for cross-app or cross-website tracking for targeted advertising as defined by Apple's App Tracking Transparency (ATT) framework.

3. Information we collect

We collect various categories of personal data to operate and improve the Flexa Platform. We only collect the data that is relevant and necessary for our legitimate business purposes.

4. How we use your information

We use your information for the following purposes and legal bases (where applicable law requires):

1. Provide and operate the Flexa Platform
   • To create and manage accounts, authenticate users, and deliver requested services.
   • Legal basis (where applicable): performance of a contract; legitimate interests.
2. Facilitate Trainer–Client relationships
   • To enable Trainers to manage schedules, track attendance, record training notes, and monitor progress.
   • Legal basis: performance of a contract; legitimate interests.
3. Personalize your experience
   • To tailor training plans and recommendations based on your goals, preferences, and (where consented) health data.
   • Legal basis: consent (for health data); legitimate interests.
4. Communicate with you
   • To send transactional communications (e.g., account notices, session reminders, security alerts, changes to this Policy or our Terms).
   • Legal basis: performance of a contract; compliance with legal obligations; legitimate interests.
5. Customer support
   • To respond to questions, troubleshoot technical issues, and handle support requests.
   • Legal basis: performance of a contract; legitimate interests.
6. Analytics and improvement
   • To develop new features, test changes, and improve the user experience.
   • Legal basis: legitimate interests; consent where required for analytics.
7. Marketing and promotional communications
   • To send you newsletters, offers, and educational content, in accordance with your preferences and applicable law.
   • Legal basis: consent (where required); legitimate interests.
8. Security, fraud prevention, and compliance
   • To detect and prevent fraud, abuse, security incidents, and other harmful activity.
   • To comply with legal obligations, enforcement requests, and regulatory requirements.
   • Legal basis: legitimate interests; compliance with legal obligations.

We do not use your personal data for targeted advertising or cross-app tracking.

5. How we share your information

We share personal data only as necessary and subject to appropriate safeguards.

We do not sell your personal information, and we do not disclose health and fitness data to third parties for advertising or profiling.

6. International data transfers

Your personal data may be stored or processed in countries outside your country of residence, including but not limited to data centers in Europe, the Middle East, and North America (e.g., AWS regions).

Where we transfer personal data internationally, we implement appropriate safeguards, which may include:

• Standard Contractual Clauses (SCCs) approved by relevant regulators;
• Contractual obligations requiring recipients to protect data to an equivalent standard;
• Technical measures such as encryption in transit and at rest.

7. Data retention

We retain personal data only for as long as is necessary to fulfill the purposes described in this Policy, including for legal, accounting, or reporting requirements.

When data is no longer needed, we will delete it or anonymize it so that it can no longer be associated with you.

8. Data security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption in transit (TLS/SSL) and, where applicable, at rest;
• Role-based access controls and internal policies limiting access on a need-to-know basis;
• Regular backups and system monitoring;
• Security logging and auditing.

8.1 Authentication & security

We implement appropriate technical and organizational security measures to protect your personal data, including secure authentication, encryption, and access controls.

We regularly review and update our security practices to help protect against unauthorized access, loss, misuse, or alteration of data.

9. Your rights and choices

Your rights will depend on the laws of your country or region (e.g., GDPR in the EEA/UK, California CCPA, PDPL in the UAE). Subject to applicable law, you may have the right to:

• Access: Request a copy of the personal data we hold about you.
• Rectify: Request correction of inaccurate or incomplete data.
• Delete: Request deletion of your personal data, subject to legal retention obligations.
• Restrict or object to processing: Request that we limit or stop certain processing activities.
• Data portability: Request a copy of certain data in a machine-readable format.
• Withdraw consent: Where processing is based on consent (e.g., health data, certain marketing communications), you may withdraw your consent at any time.
• Opt out of marketing: Opt out of receiving marketing emails or notifications.

You can exercise many of these rights directly in the app (for example, by updating your profile, adjusting notification preferences, or deleting your account). You may also contact us at: privacy@flexafitness.com

We will respond within the timeframes required by applicable law.

9.1 Account deletion

You can delete your account directly from within the app by navigating to:

Settings → Delete Account

Upon confirmation:

• Your account will be deactivated and scheduled for deletion.
• Personal data will be permanently deleted or anonymized, except where we are legally required to retain certain information (for example, for tax or accounting purposes, or to resolve disputes).

10. Cookies and tracking technologies

We use cookies, SDKs, and similar technologies to:

• Keep you logged in and maintain sessions;
• Remember preferences and settings;
• Help detect and prevent fraud and abuse.

Disabling or rejecting some cookies or app permissions may limit certain features of the Flexa Platform.

11. Children's privacy

The Flexa Platform is not directed to children under 13 years of age (or under 16 in some jurisdictions, including parts of the EU and UK), and we do not knowingly collect personal data from such children without appropriate parental or guardian consent where required.

If we discover that we have collected personal data from a child contrary to applicable law:

• We will take steps to delete such information as soon as reasonably practicable.

If you believe that a child has provided personal data to us without proper consent, please contact us at privacy@flexafitness.com.

12. Marketing communications

With your consent or as otherwise permitted by applicable law, we may send you:

• Product and feature updates;
• Educational or fitness-related content;
• Promotions, offers, or surveys;
• Session reminders and motivational messages.

You can opt out at any time by:

• Clicking the “unsubscribe” link in marketing emails;
• Adjusting your notification preferences in the app or on your device;
• Contacting us at privacy@flexafitness.com.

Please note that even if you opt out of marketing communications, we may still send you important transactional or service-related messages (e.g., security alerts, changes to our Terms, or billing notices).

13. Additional information for Apple App Store users

If you access the Flexa app via the Apple App Store:

• Certain device-level data (such as your Apple device identifier, app crash information, and purchase history, if applicable) may also be processed by Apple. Apple's processing is governed by its own privacy policy.
• We do not use your data for tracking across other companies' apps or websites for targeted advertising purposes as defined in Apple's App Tracking Transparency (ATT) framework.
• If, in the future, we introduce features that involve “tracking” under ATT (for example, sharing data with third parties for targeted advertising), we will:
  • Update this Policy; and
  • Request your explicit permission via the iOS system prompt before activating such tracking.

14. Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices, technologies, or legal requirements.

• When we make material changes, we will update the “Effective Date” at the top of this Policy.
• Where required by law, we will notify you through the Flexa Platform, by email, or by other reasonable means, and may seek your consent to material changes.

Your continued use of the Flexa Platform after any update constitutes your acceptance of the revised Policy.

15. Governing law

Unless otherwise required by applicable law, this Policy is governed by the laws of the United Arab Emirates, and any disputes arising out of or relating to this Policy shall be subject to the exclusive jurisdiction of the courts of Dubai, UAE.

16. Contact us

If you have any questions, concerns, or requests regarding this Policy or our privacy practices, please contact us at: