Privacy Policy

1. Information We Collect

We collect information you provide directly to us, information we collect automatically when you use the Services, and information we receive from third parties. The categories of personal information we may collect include, but are not limited to:

1.1 Information You Provide Directly

• Identity Data: First name, last name, username or similar identifier.
• Contact Data: Email address, telephone number, postal address, and social media handles.
• Health and Fitness Data: Body measurements, weight, fitness goals, dietary preferences, health history, medical conditions or limitations, workout history, and progress photographs, where voluntarily provided in connection with coaching Services. You are not required to provide sensitive health information, but certain Services may be unavailable without it.
• Financial Data: Payment card details, billing address, and transaction history. Note: Full payment card information is processed directly by our third-party payment processor (Stripe) and is not stored on our servers.
• Communications Data: The content of any messages, emails, or other communications you send to us through the Site, email, WhatsApp, or other channels, including intake forms, progress check-ins, and coaching session notes.
• Profile Data: Preferences, feedback, and survey responses.
• Marketing Data: Your preferences for receiving marketing communications from us.

1.2 Information Collected Automatically

• Technical Data: Internet Protocol (IP) address, browser type and version, browser plug-in types and versions, operating system and platform, device identifiers, and other technology identifiers on the devices you use to access the Site.
• Usage Data: Information about how you use the Site, including pages viewed, links clicked, time spent on pages, referring URLs, and navigation paths.
• Location Data: General geographic location derived from your IP address. We do not collect precise geolocation data without your express consent.

1.3 Information Received from Third Parties

• Information from payment processors (e.g., Stripe) relating to payment confirmation and fraud prevention.
• Information from form submission service providers (e.g., Formspree) relating to inquiries submitted through our contact forms.
• Information from social media platforms if you choose to interact with us through such platforms (subject to the privacy settings of those platforms).

2. How We Collect Information

We collect personal information through the following methods:

• Direct Interactions: When you complete contact or inquiry forms on the Site, enroll in a coaching program, purchase a digital product, subscribe to our newsletter or waitlist, correspond with us by email, WhatsApp, or other means, or otherwise voluntarily provide information to us.
• Automated Technologies: As you interact with the Site, we may automatically collect technical and usage data. We collect this data using browser local storage, session data, and similar technologies (see Section 11).
• Third-Party Sources: We may receive information about you from third-party service providers engaged to assist in the delivery of our Services, including payment processors and email service providers.

3. How We Use Your Information

We use the information we collect for the following purposes, as necessary and proportionate to provide the Services and operate our business:

• Service Delivery: To create and manage your client account, deliver coaching programs and digital products, process payments, communicate with you regarding your program, and provide customer support.
• Personalization: To tailor fitness plans, nutritional guidance, and coaching recommendations to your individual needs, goals, and health information.
• Communications: To respond to your inquiries, send program-related notifications and updates, and provide information you have requested.
• Marketing: To send promotional communications about our Services, new programs, and digital products, subject to your consent or opt-out preferences where required by applicable law.
• Business Operations: To process transactions, maintain business records, administer and protect our business and the Site, and comply with legal obligations.
• Analytics and Improvement: To understand how users interact with the Site, measure the effectiveness of our Services, and improve our offerings.
• Legal Compliance and Protection: To comply with applicable laws and regulations, respond to legal process, enforce our Terms and Conditions, and protect the rights, privacy, safety, and property of the Company and our clients.

We will not use your personal information for purposes materially different from or incompatible with those described in this Privacy Policy without providing you notice and, where required, obtaining your consent.

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal information on the following legal bases under the General Data Protection Regulation (GDPR) and applicable national implementing legislation:

• Performance of a Contract (Article 6(1)(b)): Processing necessary to perform a contract with you, including delivering coaching Services you have purchased and managing your client relationship.
• Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate interests, including improving our Services, preventing fraud, and ensuring network and information security, where such interests are not overridden by your rights and interests.
• Consent (Article 6(1)(a)): Where you have provided explicit consent, such as for marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.
• Legal Obligation (Article 6(1)(c)): Processing necessary to comply with a legal obligation to which we are subject.
• Special Category Data (Article 9(2)(a)): Where we process health-related data, we do so on the basis of your explicit consent, which you may withdraw at any time. Withdrawal of consent may affect our ability to provide certain coaching Services.

5. Disclosure of Your Information

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may disclose your personal information to the following categories of recipients, solely to the extent necessary:

• Service Providers: Third-party vendors and service providers that perform services on our behalf, including payment processing (Stripe), form submission processing (Formspree), email delivery, website hosting (Cloudflare), and communications services. These parties are contractually obligated to use your information only to provide services to us and in accordance with this Privacy Policy.
• Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of the transaction. We will notify you via email and/or a prominent notice on the Site of any change in ownership or uses of your personal information.
• Legal Requirements: We may disclose your personal information if required to do so by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to (a) comply with applicable law or respond to legal process, (b) protect the rights, property, or safety of the Company, our clients, or others, (c) enforce our Terms and Conditions, or (d) detect, prevent, or address fraud or security issues.
• With Your Consent: We may share your information with third parties when you have given your explicit consent to such disclosure, such as testimonials or case studies (which require separate, specific consent).

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

• Active Client Data: Retained for the duration of your engagement with our Services and for a period of three (3) years thereafter, to comply with applicable business record retention requirements and to respond to any queries or disputes relating to your program.
• Health and Fitness Data: Retained for the duration of your program and for one (1) year thereafter, unless you request earlier deletion and such deletion does not conflict with our legal obligations.
• Financial Records: Retained for seven (7) years in accordance with applicable tax and accounting regulations.
• Marketing Data: Retained until you unsubscribe or withdraw consent, after which we will maintain a suppression record to honor your opt-out.
• Inquiry Data: Retained for two (2) years from the date of inquiry for business purposes.

When personal information is no longer required, we will securely delete or anonymize it in a manner that prevents reconstruction of identifiable information.

7. International Data Transfers

Our Services are operated from the United States. If you are accessing the Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers are located and our central database is operated.

If you are located in the EEA, UK, or Switzerland, we ensure that any transfer of personal data to a third country is subject to appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other legally recognized transfer mechanisms under applicable data protection law.

By using the Services, you consent to the transfer of your information to the United States and other countries, which may have different data protection laws than your country of residence.

8. Your Rights and Choices

Subject to applicable law, you may have the following rights with respect to your personal information:

• Right of Access: The right to request a copy of the personal information we hold about you.
• Right of Rectification: The right to request correction of inaccurate or incomplete personal information.
• Right of Erasure ("Right to Be Forgotten"): The right to request deletion of your personal information, subject to certain exceptions (e.g., where retention is required by law or necessary for the establishment, exercise, or defense of legal claims).
• Right to Restriction of Processing: The right to request that we restrict the processing of your personal information in certain circumstances.
• Right to Data Portability: The right to receive your personal information in a structured, commonly used, machine-readable format and to transmit it to another controller, where technically feasible.
• Right to Object: The right to object to processing of your personal information where we rely on legitimate interests as the legal basis, and the right to object to direct marketing at any time.
• Rights Related to Automated Decision-Making: The right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects, unless you have consented or such processing is necessary for a contract.
• Right to Withdraw Consent: Where processing is based on consent, the right to withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, please submit a written request to info@diario-fit.com. We will respond to your request within thirty (30) days. We may require verification of your identity before processing your request. We will not discriminate against you for exercising your privacy rights.

Marketing Opt-Out

You may opt out of receiving marketing communications from us at any time by (i) clicking the "unsubscribe" link in any marketing email we send, or (ii) contacting us at info@diario-fit.com. Please note that even after you opt out of marketing communications, we may still send you transactional or service-related communications.

9. California Residents — CCPA/CPRA

If you are a California resident, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, "CCPA/CPRA"), provides you with specific rights regarding your personal information. This section describes those rights and explains how to exercise them.

Categories of Personal Information Collected

In the preceding twelve (12) months, we have collected the categories of personal information described in Section 1 of this Privacy Policy, including identifiers, personal information under Cal. Civ. Code § 1798.80(e), health-related information, internet and electronic network activity information, and inferences drawn from such information.

Your California Privacy Rights

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which such information was collected, our business purpose for collecting such information, and the categories of third parties with whom we share such information.
• Right to Delete: You have the right to request deletion of personal information we have collected about you, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information for cross-context behavioral advertising purposes.
• Right to Limit Use of Sensitive Personal Information: To the extent we process sensitive personal information as defined under CPRA, we limit such use to purposes authorized by law.
• Right of Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To submit a CCPA/CPRA rights request, please contact us at info@diario-fit.com with the subject line "California Privacy Rights Request." We will verify your identity and respond within forty-five (45) days, with an extension of an additional forty-five (45) days where reasonably necessary and upon notice to you.

You may designate an authorized agent to make a request on your behalf. We may require the authorized agent to provide written proof of their authorization, and we may verify your identity directly.

10. Children's Privacy

The Services are not directed to, and we do not knowingly collect personal information from, individuals under the age of eighteen (18). Our coaching programs and digital products are designed for adult women. If you are under 18, please do not use the Services or provide any personal information to us.

If we become aware that we have collected personal information from a child under the age of 18 without verified parental consent, we will take steps to delete that information as promptly as possible. If you believe we may have collected information from or about a child under 18, please contact us immediately at info@diario-fit.com.

11. Cookies and Tracking Technologies

The Site uses browser local storage to save your language preference across sessions (ES, EN, or PT). This is a functional technology necessary to provide a consistent user experience and does not track you across other websites or collect personal information for advertising purposes.

We do not currently use third-party advertising cookies or cross-site tracking technologies. If this changes, we will update this Privacy Policy and implement appropriate consent mechanisms.

Third-Party Technologies

Our Site may utilize third-party services including Cloudflare (for hosting and content delivery) and Google Fonts (for typography). These third parties may collect certain technical data as part of their service delivery. We encourage you to review the privacy policies of these providers for information about their data practices.

Our contact form utilizes Formspree's services. Submissions through our contact form are subject to Formspree's privacy policy in addition to our own. Information submitted is transmitted to Formspree's servers and forwarded to our email address.

12. Third-Party Links and Services

The Site may contain links to third-party websites, platforms, or services, including Instagram, WhatsApp, and other social media platforms. We are not responsible for the privacy practices or content of such third parties. This Privacy Policy applies only to information collected through our Site and Services. We encourage you to review the privacy policies of any third-party sites you visit.

Our coaching Services may involve communication through WhatsApp or Instagram Direct. Please be aware that communications through these platforms are subject to Meta's privacy practices in addition to ours.

13. Security

We implement commercially reasonable technical, administrative, and organizational security measures designed to protect your personal information against unauthorized access, disclosure, alteration, loss, or destruction. Our Site is served through Cloudflare's infrastructure, which provides enterprise-grade security including TLS encryption for data in transit.

However, no method of transmission over the Internet or electronic storage is one hundred percent (100%) secure. While we strive to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected individuals and relevant regulatory authorities as required by applicable law.

You are responsible for maintaining the confidentiality of any passwords or account credentials you establish in connection with the Services. Please notify us immediately at info@diario-fit.com if you suspect unauthorized access to your information.

14. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time. We will provide notice of material changes by updating the "Last Updated" date at the top of this Privacy Policy and, where required by applicable law or where we deem appropriate, by sending you an email notification or posting a prominent notice on the Site.

Your continued use of the Services following the posting of changes constitutes your acceptance of the revised Privacy Policy. If you do not agree to the revised Privacy Policy, please discontinue your use of the Services and contact us to discuss the impact on any existing coaching relationship.

We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• By Email: info@diario-fit.com
• By Website: diario-fit.com
• Response Time: We will endeavor to respond to all privacy-related inquiries within thirty (30) days.

If you are located in the EEA or UK and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority.