Privacy Policy

Last updated: 3 April 2026

1. Who We Are

R&B Fitness ("we", "us", "our") is a personal training business based in the United Kingdom. We operate the R&B Coach OS application (the "App") to deliver personal training services, workout programming, nutrition guidance, and progress tracking to our clients.

Contact details:
R&B Fitness
Bedford, Bedfordshire, United Kingdom
Email: info@randbfitness.co.uk

For the purposes of UK data protection law, R&B Fitness is the data controller responsible for your personal data.

2. What Data We Collect

We collect and process the following categories of personal data:

  • Identity data: your name, date of birth, profile photo
  • Contact data: email address, phone number
  • Health and fitness data: medical history (via PAR-Q), injuries, medications, body composition measurements, weight, body fat percentage, progress photos, workout logs, and performance data
  • Nutrition data: dietary preferences, food logs, calorie and macronutrient intake
  • Payment data: billing information processed through Stripe (we do not store your full card details)
  • Technical data: device type, browser, IP address, login timestamps
  • Communication data: messages sent through the App, feedback, and check-in responses
  • Community data: posts, comments, and photos shared in community features

3. Why We Collect Your Data

We use your personal data for the following purposes:

  • Service delivery: to provide personalised training programmes, nutrition plans, and coaching
  • Programme design: to create and adjust workout and nutrition plans based on your goals, abilities, and progress
  • Progress tracking: to monitor your body composition, workout performance, and overall progress over time
  • Communication: to send you session reminders, check-in prompts, programme updates, and respond to your enquiries
  • Payment processing: to manage membership payments, invoices, and receipts
  • Safety: to assess health risks through your PAR-Q and medical information, ensuring exercises are safe and appropriate
  • Service improvement: to improve and develop the App and our coaching services

4. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases to process your data:

  • Contractual necessity (Article 6(1)(b)): processing is necessary to deliver the personal training services you have signed up for, including programme design, session scheduling, and progress tracking
  • Legitimate interest (Article 6(1)(f)): we have a legitimate interest in communicating with you about your training, improving our services, and ensuring the security of the App
  • Consent (Article 6(1)(a)): for marketing communications and optional features, we will ask for your explicit consent, which you can withdraw at any time

5. Health Data (Special Category Data)

Health and fitness data, including your medical history, injuries, body composition, and physical performance data, is classified as special category data under UK GDPR Article 9.

We process this data based on your explicit consent (Article 9(2)(a)), which you provide during the onboarding process when completing your PAR-Q and consent forms. This data is essential for us to design safe, effective training programmes tailored to your needs.

You may withdraw your consent at any time by contacting us. However, please note that withdrawing consent for health data processing may affect our ability to provide personal training services safely.

6. How We Store and Protect Your Data

We take the security of your personal data seriously. We implement the following measures:

  • Data is stored on secure servers with encrypted connections (HTTPS/TLS)
  • Passwords are hashed using industry-standard algorithms and are never stored in plain text
  • Access to personal data is restricted to authorised personnel only
  • Regular backups are performed to prevent data loss
  • Session tokens and authentication mechanisms are used to protect your account

While we take all reasonable steps to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to maintaining appropriate safeguards.

7. Third Parties

We share your personal data with the following third parties only as necessary to provide our services:

  • Stripe: for secure payment processing. Stripe acts as an independent data controller for payment data. See Stripe's Privacy Policy
  • Email service provider: to send transactional emails such as session reminders, check-in prompts, and receipts
  • Push notification services: Apple Push Notification Service (APNs) and/or Firebase Cloud Messaging to deliver app notifications
  • Hosting provider: our server infrastructure provider, which stores data in secure data centres
  • Error monitoring: we use Sentry for application error tracking, which may process limited technical data to help us fix issues

We do not sell your personal data to any third party.

8. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected:

  • Active clients: your data is retained for the duration of your membership and active use of the App
  • After membership ends: we retain your data for up to 12 months after your last session to allow for account reactivation and to provide historical progress data if you return
  • Payment records: retained for 7 years as required by UK tax and accounting regulations
  • Health data: deleted within 12 months of your membership ending, unless you request earlier deletion

You can request deletion of your data at any time (see Your Rights below). We will action deletion requests within 30 days, subject to any legal obligations to retain certain records.

9. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access: you can request a copy of the personal data we hold about you
  • Right to rectification: you can ask us to correct any inaccurate or incomplete data
  • Right to erasure: you can request that we delete your personal data (subject to legal obligations)
  • Right to data portability: you can request your data in a structured, machine-readable format
  • Right to restrict processing: you can ask us to limit how we use your data
  • Right to object: you can object to processing based on legitimate interest
  • Right to withdraw consent: where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us at info@randbfitness.co.uk. We will respond within 30 days.

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

10. Cookies and Analytics

The App uses essential cookies and local storage to maintain your login session, remember your preferences (such as theme settings), and ensure the App functions correctly. These are strictly necessary and do not require consent.

We do not currently use third-party analytics or advertising cookies. If this changes in the future, we will update this policy and seek your consent where required.

11. Children's Privacy

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child under 16, please contact us immediately so we can delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes through the App or by email. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

R&B Fitness
Bedford, Bedfordshire, United Kingdom
Email: info@randbfitness.co.uk