Terms Privacy Cookies Health Disclaimer Sign in

Privacy Policy

Version 2026-06-01 · Data Controller: Classic Fit

This Privacy Policy explains how Classic Fit collects, uses, stores, and shares personal data when you use our corporate wellness platform. We comply with the Kenya Data Protection Act, 2019 and apply international privacy principles for cross-border processing where applicable.

1. Data we collect

Account data: name, email, phone, employee details, profile photo, timezone.
Health & fitness data (with consent): steps, workouts, distance, duration, calories, hydration logs, meal logs, wellness goals, height, weight, streaks, challenge participation.
Device & usage data: device tokens for push notifications, IP address, user agent, app usage analytics, session data.
Wearable sync: activity data you authorise from Apple Health, Google Fit, or Health Connect via the mobile app.
Community: comments, likes, videos you upload, event registrations.
Payment data: processed by third-party payment providers; we do not store full card numbers.

2. Lawful basis

We process health and fitness data based on your explicit consent. Account and programme data may be processed to perform our contract with your employer and for legitimate interests in operating a secure wellness platform.

3. How we use data

Deliver activity tracking, challenges, leaderboards, rewards, and wellness content.
Generate wellness scores, reports, and employer analytics (aggregated where possible).
Send reminders, notifications, and programme communications.
Provide AI-assisted wellness suggestions (informational only).
Maintain security, audit logs, and fraud prevention.

4. Sharing

We share data with your employer’s programme administrators within your tenant, trusted processors (cloud hosting, email, analytics, payment gateways), and authorities when required by law. We do not sell personal data.

5. Cross-border transfers

Standard contractual clauses and encrypted storage with reputable cloud providers. You may contact our Data Protection Officer before consenting if you have questions about international transfers.

6. Retention

Activity data: up to 1095 days unless deleted earlier.
Inactive accounts: reviewed after 730 days.
Audit logs: 365 days.

7. Your rights

Under the Kenya Data Protection Act you may request access, correction, deletion, restriction, objection, and data portability. Use in-app export/delete tools or email privacy@classicfit.co.ke. We will respond within statutory timeframes.

8. Security

We use encryption in transit, tenant isolation, access controls, and audit logging. No system is perfectly secure; report concerns to privacy@classicfit.co.ke.

9. Children

The Service is not directed at children under 13. Employer programmes involving minors require parental/guardian consent as required by law.

10. Contact

Data Protection Officer: privacy@classicfit.co.ke
Address: Nairobi, Kenya