1. SCOPE & ROLE

This policy applies to personal data processed in connection with the Staunch user-facing Services. Staunch acts as the Data Fiduciary (controller) for user personal data and engages trainers and vendors as processors to deliver the Services.

2. INFORMATION WE COLLECT (USERS)

a) Personal Information (required unless marked optional)

• Full name
• Mobile number
• Email address
• Date of birth (required)
• Height and weight (required during onboarding)
• Gender (if collected)
• Profile photo (if uploaded)
• Preferences (e.g., fitness goals)
• Partner contact for couple plans (partner phone; name if provided)

b) Service & Booking Information

• Plan/subscription selections, booking history, session schedule/status
• Approved service address/venue notes, society/clubhouse access details where relevant
• Trainer allocation/substitution metadata
• In-app identifiers (session IDs, QR/access tokens)

c) Location Data

• Precise or approximate geolocation when permitted, used to check serviceability, help select/confirm addresses (e.g., Google Places/Maps), and route trainers
• On Android, you may see background (“always”) access prompts to support seamless operation around session times; you can disable location anytime in device settings

d) Payment & Transaction Data

• Payment order IDs, payment status, and reconciliation references from our payment processor (e.g., Razorpay)
• We do not store full card numbers or CVV
• GST invoicing references

e) Device & App Usage Data

• Device type, OS version, IP address, crash reports, and usage analytics via Firebase Analytics and Crashlytics
• Cookies/local storage identifiers on web to keep you signed in and prevent fraud

f) Login & Authentication

• Sign-in using OTP/email via Firebase Authentication
• Secure session cookies and encrypted tokens for backend access

g) Communication Data

• Firebase Cloud Messaging (FCM) for session updates, reminders, and app notifications

h) Media Uploads (Optional)

• Progress photos, testimonials, or feedback you voluntarily submit; stored securely on our servers

3. HOW WE USE YOUR INFORMATION

• Register and manage your account and profile
• Book, reschedule, and manage training sessions
• Allocate and substitute trainers and coordinate service delivery
• Process payments, reconcile status, and issue tax invoices
• Verify serviceability at your location and enable trainers to reach approved venues
• Provide transactional communications, reminders, and important updates
• Improve app functionality, performance, and support (analytics and crash diagnostics)
• Comply with legal obligations (tax, accounting, fraud prevention) and enforce our Terms and User Agreement

4. LEGAL BASIS FOR PROCESSING

• Contractual Necessity – processing that is strictly necessary to provide the Services you request and to perform our contract with you (for example: account creation, authentication, bookings and rescheduling, trainer allocation/substitution, service delivery at your approved address, and payment processing). If you do not provide such information, we may be unable to deliver the Services.
• Consent – for optional processing where required by law (for example: precise location, certain analytics).
• Legitimate Interests – for uses that help operate and secure the Services (for example: preventing fraud, ensuring app security and reliability), balanced against your rights.
• Legal Obligation – where we must process data to comply with laws (for example: GST invoicing, accounting, responding to lawful requests).

5. SHARING OF INFORMATION

We do not sell or rent your personal information. We may share your data with:
• Trainers: only the details necessary to perform your session (e.g., first name, session time, approved service address/venue notes). Trainers are instructed not to contact you off-platform.
• Service providers (processors): Firebase (Authentication, Analytics, Crashlytics), Google Maps/Places, Razorpay/payment networks, secure hosting, communication and support tools—all under contracts with confidentiality and security controls.
• Government authorities where required by law.
• Internal staff under confidentiality.
• Advisors and auditors as required.
• Business transfers (e.g., merger/acquisition), pursuant to this Policy.

6. STORAGE & SECURITY

• Encryption in transit and at rest; restricted access on a need-to-know basis
• Encrypted authentication tokens; logging and monitoring
• Regular security reviews and access control measures
No method of transmission or storage is fully secure; we cannot guarantee absolute security.

7. DATA RETENTION

We retain your information as long as necessary to meet legal and operational needs. You may request deletion, but some information may be retained as required by law (e.g., tax/accounting records).

8. YOUR RIGHTS UNDER DPDPA 2023

• Right to Information
• Right to Access
• Right to Correction
• Right to Erasure
• Right to Withdraw Consent
• Right to Grievance Redressal

9. CHILDREN’S PRIVACY

The Services are intended for users aged 18 and above. We do not knowingly collect data from children.

10. COOKIES & TRACKING

While the mobile app does not use cookies, web sessions may use cookies and similar technologies to keep you signed in, operate the site, measure performance, and prevent fraud. Firebase and other SDKs may use identifiers for analytics and crash monitoring. You can clear cookies/local storage via browser/device settings.

11. DATA PROTECTION MEASURES

• Security assessments
• Staff training and access restrictions
• Breach detection and incident response protocols
• Processing documentation

12. CHANGES TO THIS POLICY

We may update this Policy and will notify users via the app, website, or email where required. Continued use after updates indicates acceptance.

13. DATA PROTECTION OFFICER & CONTACT

Data Protection Officer & Grievance Officer (India): Shamnad Abubacker
Email (all privacy, grievance, and support queries): shamnad@staunch.fit
Customer Support Helpline: +91 9886163131
Address: SHA MANZIL, 16/9, CHERUKODU, VILAPPIL, VILAPPILSALA PO, Thiruvananthapuram, Kerala, India, 695573
Website: https://www.staunch.fit

14. BREACH NOTIFICATION

In case of a personal data breach, we will notify affected users and authorities as required by law without undue delay.

15. INTERNATIONAL DATA TRANSFERS

Your data is primarily stored in India. If transferred internationally through our service providers, we ensure appropriate safeguards are in place.

16. GRIEVANCE REDRESSAL

You may contact the Grievance Officer with concerns. We will acknowledge within 7 days and aim to resolve within 30 days. If unsatisfied, you may escalate to the Data Protection Board of India as per applicable law.

17. ACCOUNT DELETION REQUEST

To delete your account, submit a request via this form: https://forms.gle/yXzmiqog5JyrpR5y9 (or use in-app options where available). Verified requests are processed within 7 working days. Certain information may be retained for legal or regulatory purposes.

Note: This User Privacy Policy mirrors the structure and standards of the Staunch Trainer Privacy Policy and adapts content for end users of the Staunch app.