Last updated: December 2024
Controller (and Service Provider/Business)
Nexera Media Group LTD
1317 N San Fernando Blvd #167, Burbank, CA 91504, United States
Mailing: 1317 N San Fernando Blvd #167, Burbank, CA 91504, United States
Email: help@fitfirst.club
Phone: +1 (888) 301-2388
DPO/Privacy Contact: info@fitfirst.club
1) What We Collect
Data Categories We Collect:
- Account & Identity: name, email, password, country/region, age affirmation (18+)
- Billing: payment token/last-4, billing zip/postcode, transaction IDs (processed by our PCI-certified processor), carrier info if using mobile billing
- Usage & Device: IP, device/OS/browser, language, app/version, referral source, session data, crash logs
- Content & Communications: preferences, support tickets/recordings, community posts, progress logs you choose to store
- Cookies/Similar Tech: session cookies, auth, analytics, A/B testing, fraud prevention, advertising (where applicable and permitted)
- Facial Analysis Data: uploaded images for AI analysis, analysis results, biometric measurements (processed and deleted after analysis)
2) Why We Use Data (Purposes & Lawful Bases)
Where GDPR applies, we rely on Art. 6(1)(b) (contract), (c) (legal duty), (f) (legitimate interests), and (a) (consent) as appropriate.
Data Processing Purposes:
- Provide the service & account management (contract necessity)
- AI facial analysis processing (contract necessity, legitimate interests)
- Billing & fraud prevention (contract, legitimate interests; legal obligations)
- Customer support & communications (contract, legitimate interests)
- Service improvement/analytics (legitimate interests; consent where required)
- Marketing (consent where required; legitimate interests otherwise; CAN-SPAM/TCPA compliance)
- Legal compliance & enforcement (legal obligations, legitimate interests)
3) "Do Not Sell or Share" (U.S. State Laws)
We do not sell personal data for money. If we use cross-context behavioral advertising or share identifiers with ad partners, that may be considered "share for targeted advertising" in some states.
How to Opt-Out (CA/CO/CT/VA/UT residents):
- Use the site's "Do Not Sell/Share My Personal Information" link or cookie banner settings
- Or email help@fitfirst.club (subject: "Do Not Sell/Share")
California residents can also limit use of sensitive personal information via the same mechanisms.
4) Your Rights
EU/EEA/UK/CH Rights:
- Access: Request all personal data we have about you
- Rectification: Correct inaccurate personal data
- Erasure: Delete your personal data under certain circumstances
- Restriction: Limit processing of your data
- Portability: Receive your data in machine-readable format
- Objection: Object to processing for marketing purposes
- Withdrawal of consent: Withdraw consent at any time
U.S. (CA/CO/CT/VA/UT) Rights:
- Access: Know what personal information we collect and use
- Correction: Correct inaccurate personal information
- Deletion: Delete personal information under certain circumstances
- Portability: Receive your data in portable format
- Opt-out: Opt-out of targeted ads/sale
- Limit sensitive PI: Limit use of sensitive personal information (CA)
Request via help@fitfirst.club. We'll verify your identity and respond within statutory timelines. You may use an authorized agent (CA/CO/CT/VA rules apply).
5) Children
FitFirst is for 18+ only. We do not knowingly collect data from children under 13 (COPPA). If you believe a child used the service, contact us to delete the data.
6) Cookies & Tracking
We use required cookies (security, auth) and optional cookies (analytics, performance, ads). Manage via the cookie banner/consent manager and your browser settings. We honor applicable EU ePrivacy/GDPR consent standards for non-essential cookies.
Cookie Types:
- Required Cookies: Security, authentication, core functionality
- Optional Cookies: Analytics, performance optimization, advertising
7) Data Sharing (Categories of Recipients)
We Share Data With:
- Processors/Sub-processors: hosting/CDN, analytics, payment, fraud tools, communication, customer support, AI processing services
- Business Partners: only with consent or as necessary for co-branded features you choose
- Legal/Compliance: to comply with law, protect rights, or enforce terms
- Corporate Events: merger, acquisition, or asset sale (with notice as required)
We require processors to sign DPAs and use appropriate safeguards.
8) International Transfers
We transfer data to the U.S. and other countries with appropriate safeguards (e.g., EU Standard Contractual Clauses / UK IDTA, Swiss addendum, and supplementary measures). Details available on request.
9) Security
We employ administrative, technical, and physical safeguards (encryption in transit, access controls, least privilege, logging/monitoring, regular assessments). No method is 100% secure.
Security Measures:
- Encryption in transit and at rest
- Access controls and least privilege principles
- Regular security assessments and monitoring
- Logging and audit trails
- Secure AI processing with automatic image deletion
10) Retention
We retain data only as long as necessary for the purposes above: generally your account lifetime + a reasonable period (e.g., 3–7 years for billing/tax records; shorter for analytics per policy). Facial images are processed and deleted immediately after analysis completion.
11) Communications
Communication Types:
- Transactional: account, security, billing
- Marketing: with consent where required; opt-out anytime via unsubscribe link in emails
- E-SIGN: by using the service you consent to electronic communications
12) Exercising Rights / Complaints
Submit requests to help@fitfirst.club. EU/EEA/UK users may also complain to their supervisory authority (e.g., CNIL, ICO). We will not discriminate against you for exercising privacy rights.
13) Changes
We'll post updates here and, when material, notify you (email/in-product). Continued use after the effective date means you accept the changes.
Important Disclaimer
Medical Disclaimer: This fitness program is for informational purposes only. Consult with a physician or qualified health provider before beginning any fitness program. Not intended to diagnose, treat, cure, or prevent any medical condition.
Contact for Privacy Matters
For questions about data protection and privacy, please contact us:
Nexera Media Group LTD
1317 N San Fernando Blvd #167, Burbank, CA 91504, United States
Mailing: 1317 N San Fernando Blvd #167, Burbank, CA 91504, United States
Email: info@fitfirst.club
Phone: +1 (888) 301-2388
