Privacy Policy

We collect information you provide directly to us when you create an account, upload certifications, or contact us. This includes:

Personal identification information: Full name, email address, date of birth, country of residence

Professional information: Certifications, issuing organizations, issue and expiry dates, certificate images

Account credentials: Email address and encrypted password

Enterprise information: Company name, registration number, contact details, employee records

Usage data: Pages visited, features used, search queries (anonymized)

Device information: IP address, browser type, operating system (for security purposes)

We use the information we collect to:

• Provide, maintain, and improve the GlobalFitReg platform

• Verify and authenticate fitness credentials

• Maintain the public registry of certified fitness professionals

• Send transactional emails (account confirmation, certificate expiry reminders)

• Respond to your inquiries and support requests

• Detect and prevent fraudulent or unauthorized activity

• Comply with legal obligations

• Analyze usage patterns to improve our services (using anonymized data only)

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

Public registry: Your name, certification type, issue date, expiry date, and active status are publicly visible in the GlobalFitReg registry. This is the core function of our service.

Service providers: We use trusted third-party services (Supabase for database and authentication) that process data on our behalf under strict data processing agreements.

Legal requirements: We may disclose information if required by law, court order, or governmental authority.

Business transfers: In the event of a merger or acquisition, user data may be transferred as part of the transaction, with prior notice to users.

We implement industry-standard security measures to protect your personal information:

• All data is encrypted in transit using TLS/SSL

• Passwords are hashed using bcrypt — we never store plain-text passwords

• Database access is protected by Row Level Security (RLS) policies

• Regular security audits and vulnerability assessments

• Access to personal data is restricted to authorized personnel only

Despite these measures, no method of transmission over the internet is 100% secure. We encourage you to use a strong, unique password for your account.

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

• Active account data: Retained for the duration of your account

• Deleted account data: Removed within 30 days of account deletion request

• Certificate records: Retained for 7 years for audit and compliance purposes (anonymized after account deletion)

• Usage logs: Retained for 90 days for security monitoring

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you

Correction: Request correction of inaccurate or incomplete data

Deletion: Request deletion of your personal data (subject to legal retention requirements)

Portability: Request your data in a machine-readable format

Objection: Object to certain types of data processing

Withdrawal of consent: Withdraw consent for optional data processing at any time

To exercise any of these rights, contact us at privacy@globalfitreg.org. We will respond within 30 days.

We use minimal cookies necessary for the operation of our platform:

Session cookies: Required for authentication and maintaining your logged-in state

Preference cookies: Remember your language and display preferences

Analytics: We use anonymized analytics to understand how our platform is used

We do not use advertising cookies or share data with advertising networks. You can disable cookies in your browser settings, but this may affect platform functionality.

GlobalFitReg operates globally. Your data may be processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international data transfers, including Standard Contractual Clauses where required by applicable law.

GlobalFitReg is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately at privacy@globalfitreg.org.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a prominent notice on our platform. The "Last Updated" date at the top of this policy reflects the most recent revision. Continued use of GlobalFitReg after changes constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@globalfitreg.org

General inquiries: info@globalfitreg.org

Phone: +1 (847) 979-0529

Address: GlobalFitReg — Global Fitness Registration Platform

We are committed to resolving privacy concerns promptly and transparently.