Privacy Policy

1. What we collect

When you use King Fitness, we collect:

• Account info (name, email, password hash)
• Booking and order history
• Payment data via Stripe (we never store your card)
• IP address and browser info for security and analytics
• Cookies — only those you've consented to

2. How we use it

We use your data to operate the site (fulfill bookings and orders, send transactional emails), to communicate with you (only if you've opted in to marketing), and to keep the service secure (rate limits, fraud detection). We do not sell your data, ever.

3. Your rights (GDPR)

If you're in the EU/UK you have the right to:

• Access your data — exportable as JSON from your account page
• Correct or update your information
• Delete your account ("right to be forgotten") — within 30 days
• Withdraw consent for marketing emails at any time

4. Cookies

We use three categories of cookies: necessary (always on, required for the site to work), analytics (only with your consent), and marketing (only with your consent). You can change your preferences any time by clearing your site data and refreshing.

5. Third-party processors

• Stripe — payment processing
• Vercel/AWS — hosting (data stored in EU region by default)
• Resend — transactional email

6. Retention

Account data is kept for as long as your account is active. Transactions are kept for 7 years for accounting and legal reasons. Logs are kept for 90 days.

7. Contact

Questions? Email privacy@kingfitness.com.