Privacy Policy

Effective Date: 5.21.26

Whenever we publish an updated policy, we change this effective date to match the version you are reading.

Match Fit ("Match Fit," the "Service") is operated by Northside Ventures LLC ("we," "us," or "our"). This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our websites, applications, and related services that link to this policy.

By creating an account, using the Service, or otherwise providing information to us, you agree to this Privacy Policy. If you do not agree, do not use the Service.

1. Summary

We built Match Fit to connect clients with coaches and to give coaches tools for profiles, discovery, Fit Hub content, messaging, and optional premium features. We collect account and profile data needed to run the Service, record when you accept this Privacy Policy alongside our Terms where the product requires it, process subscriptions and certain coach payments through Stripe, send security and transactional messages through email infrastructure, deliver optional browser Web Push alerts when you opt in, collect limited usage analytics on public marketing and product pages (such as page views and link clicks), and store your in-app activity (including chats and social posts) on our systems. Client sign-up includes a 14-day platform access trial with no card required; after the trial, you have 14 days to subscribe before the account is deactivated until paid reactivation. You may adjust optional visibility of some profile fields and request in-product account deletion, which schedules removal after a grace period as described in Section 7, while preserving the minimum data we need for trust, safety, and legal compliance. We use reasonable technical and organizational measures to protect personal information. We do not sell your personal information as that term is commonly defined in U.S. state privacy laws.

2. Information We Collect

Depending on whether you are a client, a trainer (coach), or a visitor, we may collect:

2.1 Account and Authentication

• Identifiers and Contact Data: name, preferred name, username, email address, phone number, date of birth, and ZIP or postal code.
• Credentials and Security:password (stored using one-way hashing—we do not store your plaintext password), two-factor authentication settings, verification codes (stored as hashes or transient values, not plaintext in our database), session identifiers in HTTP-only cookies, and "stay logged in" preferences. We do not write plaintext one-time codes to routine application logs. Some Trainer sign-up and email-verification flows may use Supabase Auth (hosted authentication) before your Match Fit account is created; Supabase processes credentials and confirmation links under its own policies when you use those flows.
• Terms, Privacy, and Compliance Timestamps: records of when you accepted applicable terms, when you accepted this Privacy Policy (including at client registration, pending registration, trainer sign-up, or when carried forward from a legacy pending registration completed through Stripe checkout), and when you complete certain compliance steps where the product requires them.

2.2 Client-Specific Data

• Profile and Preferences: public-style bio, profile photo, match and discovery preferences (including goals, service types, interests, and related questionnaire answers), Fit Hub feed preferences, notification preferences, and optional visibility choices that control what appears on your public client profile (for example whether your bio or match snapshot is shown to visitors).
• Wellness and Matching Inputs: daily matching questionnaire content and answers, and derived algorithm context we compute to personalize prompts or matching. Treat this as sensitive wellness-related information you choose to share. The Service is a fitness and coaching marketplace, does not collect or process protected health information (PHI) under HIPAA, and does not provide medical advice.
• Mailing Address (Optional): if you provide it for your own records. Trainer-facing APIs and discovery surfaces are built so coaches do not receive your full street address; they may see general location information consistent with how you use discovery (for example ZIP or regional pool identifiers), not your complete mailing address.
• Billing: Stripe customer and subscription identifiers when you subscribe; payment details are collected by Stripe under its own terms and privacy policy—we do not store full payment card numbers on our servers. We record platform trial end dates, payment grace windows, and account deactivation timestamps to enforce the client sign-up billing lifecycle described in our Terms.
• Social and Engagement on Fit Hub: likes, comments, reposts, shares, and content reports you submit about trainer posts.
• Trainer Relationships:saved trainers, conversation and message content, trainer "nudges," relationship stage labels we display in the product, and optional token "gifts" you send to trainers subject to product rules.

2.3 Trainer-Specific Data

• Professional Profile: bio, photo, pronouns, demographics you choose to disclose (for example ethnicity or gender identity), languages, coaching experience, niches, and links or handles for social profiles you add, along with optional visibility settings that control whether some of those optional fields appear on your public coach profile.
• Compliance and Verification: certification and nutrition credential files you upload, onboarding track selections, background check pipeline status (including Plan B invite request and sent timestamps when our Checkr API backup flow is active), signup fee hold status, W-9 or tax information you submit through our flows, and related review statuses.
• Onboarding Questionnaire:structured answers, optional Additional Questionnaires, and plain text or derived "AI match profile" text generated from your responses to improve discovery and pairing.
• Fit Hub and Premium Tools: posts (text, images, video, carousels), captions, hashtags, scheduling choices, visibility (public or private to you), promotions paid with in-platform tokens, and studio activity timestamps used for notifications.
• Featured Placement Program: regional pool identifiers derived from your published in-person service ZIP (for example the first three digits of a U.S. ZIP code), raffle entries, bid amounts and payment status, display-day keys, and outcomes needed to operate the program described in our Terms.
• Tokens and Rewards: token balances, ledger entries, weekly grants, purchases through Stripe Checkout where enabled, and rewards tied to documented client service transactions.
• Billing (Where Connected): Stripe-related identifiers for coach billing, invoices, or purchases as implemented in the product.
• Session Punch-In (Geolocation): when you record a SESSION STARTED punch-in for a booked session, we store latitude, longitude, and timestamps tied to that booking for compliance, payout gates, and fraud prevention.
• Video Meeting OAuth (Optional): if you connect Zoom, Google Meet, or Microsoft Teams for virtual sessions, we store OAuth tokens needed to create or manage meetings. Refresh tokens may be encrypted at rest in production.

2.4 Beta Waitlist and Launch Gates

• Waitlist: email address, ZIP code, and status if you join a Trainer or Client waitlist when beta capacity is full. Client waitlist sign-up is open to U.S. ZIP codes; trainer waitlist sign-up may require a service ZIP in our Atlanta metro in-person launch area.
• Invite tokens: time-limited signup links and slot reservation timestamps when we invite you from the waitlist.

2.5 Trust, Safety, and Support

• Blocks and Safety Reports: who blocked whom, optional reasons, and reports you file about another user.
• Account Enforcement Records: suspension reasons, timing, and retention windows needed for audit or legal compliance.
• Bug and Feedback Reports: category, description, optional name, email, and whether you chose to submit anonymously.

2.6 Technical and Usage Data

• Device and Log Data: IP address, browser type, app version where applicable, dates and times of requests, referring URLs, and diagnostic logs. We use this for security, fraud prevention, debugging, and service reliability.
• Cookies and Similar Technologies: cookies that maintain your session and security flows. We may use essential cookies even if optional marketing cookies are not present.
• Bot Protection: when enabled, Cloudflare Turnstile tokens on sign-up, sign-in, waitlist, and related forms to distinguish humans from automated abuse.
• In-App Chat Monitoring: message bodies may be scanned with automated heuristics (for example off-platform contact or payment patterns) and, when configured, optional machine-assisted classifiers to flag content for internal trust-and-safety review. Flagged or reviewed messages may be retained in admin tooling.
• Usage Analytics: on public and authenticated pages outside admin tooling, we may record page views, in-app link clicks (including destination paths or external URLs and optional link labels), and pseudonymous visitor and session identifiers stored in a browser cookie and session storage. When deployed on Vercel, we may also use Vercel Web Analytics to collect page views and web performance metrics. Admin routes and API endpoints are excluded from first-party page tracking as implemented.

3. How We Collect Information

• Directly From You when you register, complete profiles or questionnaires, upload media, send messages, make purchases, or contact support.
• Automatically when you use the Service, including through cookies, server logs, and similar technologies.
• From Service Providers such as payment processors (for example confirmation of subscription status from Stripe).

4. How We Use Information

We use personal information to:

• Provide, operate, maintain, and improve Match Fit;
• Create and secure accounts, authenticate users, record acceptance of our Terms and this Privacy Policy where the product captures it, and send security notices (including OTP and password-reset flows);
• Process payments, subscriptions, token purchases, and advertising-style placements you initiate;
• Enable discovery, matching, Fit Hub, chat, notifications, and premium coach tools;
• Honor optional profile visibility settings you choose in account settings;
• Verify identity or eligibility where required for coach onboarding, compliance, or risk controls;
• Operate beta capacity limits, waitlists, founding promotions, and geographic eligibility for in-person services and trainer onboarding during limited launches;
• Detect, investigate, and prevent fraud, abuse, and violations of our Terms or policies;
• Communicate service, billing, and policy updates;
• Comply with law, respond to lawful requests, and establish or defend legal claims;
• Process in-product requests to delete your account, which de-identifies personal data on the account record while preserving the minimum information required for safety, billing, or legal obligations as described in Section 7;
• Analyze usage in aggregated or de-identified form where permitted, to understand product performance, measure traffic, and plan improvements;

5. Legal Bases (EEA, UK, and Similar Jurisdictions)

Where GDPR or similar laws apply, we rely on one or more of the following: Performance of a Contract (providing the Service you request); Legitimate Interests (security, product improvement, and fraud prevention, balanced against your rights); Legal Obligation; and, where required, Consent (for example for certain marketing communications or non-essential cookies, if we offer them and you opt in). You may withdraw consent where processing is consent-based, without affecting the lawfulness of processing before withdrawal.

6. How We Share Information

We may share personal information with:

• Other Users as needed to operate features you use—for example, profile fields you make visible (including visibility choices for optional public profile data), Fit Hub posts you publish as public, chat messages within a conversation, or discovery preferences you enable for coaches to find you.
• Service Providers (Processors) who assist us under contract, including:
  • Stripe, Inc. and affiliates for payments, billing portals, and related fraud and compliance tooling;
  • Supabase for hosted authentication on certain Trainer sign-up and OAuth callback flows when enabled;
  • Cloudflare Turnstile for bot protection on authentication and waitlist forms when enabled;
  • OpenAI (or comparable providers), when configured, for optional chat trust-and-safety classification and certain trainer dashboard pricing-assist features;
  • Resend (or comparable email infrastructure) for transactional and security email;
  • Web Push (through your browser and operating system) for optional lock-screen alerts when you enable them in settings—no per-message carrier charges; you can revoke permission in your browser at any time;
  • Vercel Web Analytics, when deployed on Vercel, for page-view and web-vitals measurement on our sites;
  • Cloud Hosting, Database, and AI Infrastructure vendors (such as Vercel and Supabase) that store or process data on our behalf to operate the Service.
• Professional Advisers such as lawyers or accountants under confidentiality obligations.
• Authorities when we believe disclosure is required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Match Fit, our users, or the public.
• Business Transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality and continuity commitments.

We require subprocessors to use personal information only for the purposes we specify and to implement appropriate security measures. Their own policies also apply where they interact directly with you (for example Stripe's checkout flows).

7. Retention

We retain personal information for as long as your account is active, as needed to provide the Service, and as necessary to comply with legal obligations, resolve disputes, enforce our agreements, and defend claims. Some records (for example certain compliance, billing, or safety audit data) may be kept for longer periods where law or legitimate business needs require. When retention periods end, we delete or de-identify information where feasible.

Account deletion. If you delete your account through in-product settings, we verify your password and schedule permanent removal for thirty (30) days later. During that grace period you may sign in and cancel the scheduled deletion to restore access. When the grace period ends (or if you do not cancel), we cancel active paid subscriptions through Stripe where your account has them and de-identify personal fields on your user record (for example name, contact information, and profile content stored on that record) so you can no longer sign in. We may replace chat message bodies you authored with a short placeholder, set trainer-authored Fit Hub content to private and strip associated media and captions from public view, and clear certain compliance payloads on coach profiles, while retaining the underlying row identifiers needed for foreign keys and minimum enforcement, trust, or billing audit trails. After finalization, deletion is intended to be irreversible.

8. Security

We implement administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit where appropriate for our stack, access controls, and secure handling of secrets. We avoid writing plaintext one-time verification codes to routine application logs. No method of transmission or storage is completely secure; we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your password and devices.

9. Your Choices and Rights

Depending on your location, you may have the right to:

• Access, correct, or update certain profile information through in-product settings, including optional visibility of selected public profile fields (for example bio or match snapshot visibility for clients, or pronouns, ethnicity, gender identity, and languages spoken for coaches);
• Request deletion of your account through the same settings flow (password required), subject to the retention and de-identification approach described in Section 7 and to legal exceptions;
• Object to or restrict certain processing, or request portability of data you provided, where applicable;
• Withdraw marketing consent where we rely on consent;
• Lodge a complaint with a supervisory authority in your country, where GDPR or similar law applies.

California residents may have additional rights under the CCPA/CPRA, including rights to know categories of personal information collected, to request deletion or correction, and to opt out of "sale" or "sharing" for cross-context behavioral advertising. We do not sell personal information for monetary consideration. If we ever use personal information in ways that constitute "sharing" under California law, we will provide a compliant opt-out mechanism and update this policy. Our website responds to Global Privacy Control (GPC) signals to restrict tracking where technically supported by your browser, but we do not otherwise alter our data collection practices in response to generic "Do Not Track" browser headers.

To exercise rights, email support@match-fit.net. We may need to verify your identity before responding. You may designate an authorized agent where permitted by law, with proof of authorization.

10. Children

Match Fit is not directed to children under 13 (or the higher age required in your jurisdiction for valid consent). We do not knowingly collect personal information from children. If you believe we have collected such information, contact us and we will take appropriate steps to delete it.

11. International Users

If you access the Service from outside the United States, your information may be processed in the United States or other countries where we or our vendors operate. Those countries may have different data protection laws than your own. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers.

12. Third-Party Links and Embedded Services

Trainers may link to external social networks or websites. Payment flows may embed or redirect to Stripe. Those third parties have their own privacy policies. We are not responsible for their practices.

13. Automated Processing and Matching

We may use algorithms and, where product features enable it, machine-assisted processing to rank or suggest coaches, personalize questionnaires, generate trainer-facing match profile text from questionnaire answers, flag chat messages for trust-and-safety review, and assist trainers with optional pricing guidance in the dashboard. These processes use information you or trainers provide in the Service. They are not used for decisions that produce legal or similarly significant effects solely by automated means beyond what is inherent to operating a fitness marketplace, unless we disclose otherwise in-product and provide any rights required by law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Each posted version shows its own effective date at the top of this page; we update that date when a new version goes live. If changes are material, we will provide additional notice as required by law (for example, by email or in-app message).

15. Limitations

To the fullest extent permitted by law, this Policy does not create rights enforceable by third parties. Nothing in this Policy limits any non-waivable rights you may have under applicable law.