Privacy Policy

At Ecole Fit, we believe your data belongs to you. We do not sell, rent, or share your personal information with third parties for marketing purposes. Ever.

We collect only what is necessary to run your academy smoothly: names, contact details, attendance records, belt progressions, and billing information. Nothing more.

We do not engage in satire, deceptive practices, or hidden data collection. Every piece of data we hold has a clear purpose.

All data is transmitted over TLS 1.3 encrypted connections. Passwords are hashed using bcrypt — we never store plain text credentials.

Each academy operates in its own isolated workspace. There is no cross-tenant data access. An academy owner can only see their own students, staff, and records.

Database access is restricted, monitored, and audited. We maintain regular backups to protect against data loss.

We do not store government IDs, social security numbers, or any sensitive personal documents beyond what is needed for academy management.

Ecole Fit does not store credit card numbers, CVV codes, or any payment card details on our servers. Ever.

All billing is handled manually by academy owners through their own preferred channels: cash, bank transfer, or direct card readers. The platform simply generates invoices and tracks payment status.

We never process automatic charges, recurring billing, or payment holds. Academy owners have full control over how and when they collect fees from students.

In the future, if we integrate with a payment processor, it will be a PCI-DSS compliant third-party gateway (like Stripe) where card data never touches our servers.

Academy Owners: name, email, academy name, plan type, billing address (for invoice generation only).

Students: name, email, phone, belt rank, attendance history, discipline enrollment, and optional profile photo.

Staff/Teachers: name, email, role permissions, and assigned workspace access.

Usage Data: anonymized analytics (page visits, feature usage) to improve the platform. No personally identifiable tracking.

We do not collect location data, browsing history outside our platform, or any data unrelated to academy operations.

Right to Access: You can export all your academy data at any time, including student records, attendance logs, and billing history.

Right to Delete: Academy owners can permanently delete their workspace and all associated data. Student accounts can be removed by the academy owner upon request.

Right to Portability: Your data is yours. Export it in standard formats (CSV, JSON) whenever you want.

Right to Correction: Update or correct any information directly through your dashboard settings.

We honor all data requests within 30 days. No bureaucratic hurdles. Just email us.

Vercel: Hosting and edge delivery. Data stays within EU/US regions with full encryption.

PostgreSQL (managed): Secure database hosting with automated backups and access logging.

NextAuth.js: Authentication library. Credentials are hashed before storage.

Gmail SMTP (optional): Academy owners may connect their own Gmail for email automation. We do not read your emails.

We do not use Facebook Pixel, Google Analytics (with tracking cookies), or any advertising trackers.

We send essential emails only: account verification, password resets, and billing reminders (if configured by the academy owner).

No marketing emails unless you explicitly opt in. Unsubscribe anytime with one click.

Academy owners control all student-facing communications. We do not contact students directly except for portal access notifications.

Active accounts: Data is retained as long as your subscription or trial is active.

Cancelled accounts: We retain data for 90 days after cancellation to allow easy reactivation. After 90 days, data is permanently purged from our systems and backups.

Deleted student records: Immediately removed from the active database. Backups retain them for up to 30 days before permanent deletion.

Ecole Fit is provided 'as is' for academy management purposes. We make every reasonable effort to protect your data but cannot guarantee 100% protection against unforeseen security events beyond our control.

Academy owners are responsible for maintaining strong passwords and controlling staff access levels within their workspace.

In the event of a data breach, we will notify affected users within 72 hours and take immediate remediation steps.

By using Ecole Fit, you agree to this Privacy Policy. If you do not agree, please discontinue use of the platform.