Beta Didi Fit Club
Studio Classes Online Classes About Didi Original Barre Teacher Training Retreats Blog Contact
Login

Privacy Policy

Last updated: March 2026

Introduction

This Privacy Policy ("Policy") outlines how IAOPSTIMAI S.L., trading as Didi Fit Club ("Didi Fit Club", "we", "us", or "our"), processes personal information of users of our website https://www.didifitclub.com, our online platform, and our in-person services (collectively, "Services" and "Users" respectively).

Your privacy is important to us. We will not use, sell, rent, share, or otherwise disclose your personal information to anyone except as necessary to provide our Services or as described in this Policy.

This Policy forms an integral part of our Terms of Service and Payment Terms, all of which are incorporated herein by reference.

If you do not agree to this Policy, please discontinue and avoid using our Services.

What Personal Information We Collect

Information You Provide

  • Account information: When you create an account, we collect your name, email address, phone number (optional), and language preference.
  • Booking information: When you book a class, we record the booking details (class type, date, time, attendance status).
  • Form submissions: When you submit a contact form, retreat interest form, or teacher training application, we collect the information you provide (name, email, phone, message, and any additional fields on the form).
  • Profile information: Information you voluntarily provide to complete your profile.
  • Health information: If you voluntarily disclose health conditions, injuries, or physical limitations to your instructor (verbally or in writing), we may note this information to ensure your safety during classes.
  • Payment information: When you make a purchase, our third-party payment processor (Stripe) collects your billing address and payment details. We do not store your full payment card details.

Information Collected Automatically

  • Analytics: We use Plausible Analytics, a privacy-friendly analytics tool that does not use cookies, does not collect personal information, and does not track individual users. Plausible collects only aggregate data (page views, referrers, country, device type).
  • Session data: When you log in, a session cookie is stored to maintain your authenticated state. A language preference cookie stores your language choice (English or Spanish).
  • Server logs: Our hosting provider may collect standard server log data (IP address, browser type, pages accessed, timestamps). This data is used for security and performance monitoring only.

How We Use Your Personal Information

We use your personal information to:

  • Provide, operate, and maintain our Services, including processing bookings, managing subscriptions, and delivering content
  • Create and manage your account
  • Process payments and send transaction confirmations
  • Respond to your inquiries and form submissions
  • Send service-related communications (booking confirmations, cancellation notices, session reminders, account updates)
  • Improve our Services and user experience
  • Comply with legal obligations and protect our rights

We do not send marketing or promotional emails. If this changes in the future, we will only do so with your explicit consent.

Legal Basis for Processing (GDPR)

Our legal bases for processing your personal information:

  • Performance of a contract: Processing necessary to provide our Services (account management, bookings, subscriptions, payments).
  • Consent: Where you voluntarily provide information through forms, or where you agree to our Terms and Privacy Policy at signup.
  • Legitimate interests: Maintaining and improving our Services, security monitoring, and protecting against misuse.
  • Legal obligation: Where we need to comply with applicable laws.

Who We Share Your Personal Information With

We do not sell or share your personal information with third parties for their marketing purposes.

We may share your personal information with the following categories of recipients:

  • Service providers: Third parties that help us operate our Services, including:
    • Supabase — database hosting and authentication
    • Stripe — payment processing
    • Resend — transactional email delivery
    • Railway — website hosting
    • Cloudflare — DNS, SSL, and CDN services
    • Mux — video hosting and streaming (for Didi Fit Online content)
    • Plausible — privacy-friendly web analytics (no personal data shared)
  • Legal and regulatory authorities: When required by law, court order, or to protect our rights.
  • Business transfers: In the event of a merger, sale, or reorganization of our business.

All service providers process personal information only as necessary to provide their services to us and in compliance with applicable data protection laws.

International Transfers

Some of our service providers are located outside the European Economic Area (EEA). When transferring personal information outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or transfers to countries with an adequate level of data protection.

Data Retention

We retain your personal information for as long as necessary to provide our Services and fulfill the purposes described in this Policy. Specifically:

  • Account data: Retained while your account is active. Deleted upon account deletion request.
  • Booking history: Retained in anonymized form for business records after account deletion.
  • Form submissions: Retained as long as necessary to respond to your inquiry and for business record-keeping.
  • Payment records: Retained as required by applicable tax and accounting laws.

Your Rights

Under the GDPR and applicable Spanish data protection law, you have the following rights:

  • Access: Request confirmation of whether we process your personal information and obtain a copy.
  • Rectification: Request correction of inaccurate or incomplete personal information.
  • Erasure: Request deletion of your personal information ("right to be forgotten").
  • Restriction: Request restriction of processing in certain circumstances.
  • Data portability: Receive your personal information in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at didi@didifitclub.com. We will respond within 30 days.

If you are an EU resident and believe your rights have been violated, you may lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, www.aepd.es) or the supervisory authority in your country of residence.

Account Deletion

You may delete your account at any time from your profile settings. Account deletion will:

  • Remove your personal information from our active systems
  • Delete your authentication credentials
  • Anonymize your booking history (retained for business records)
  • This action cannot be undone

Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including encryption in transit (HTTPS/SSL), secure authentication (Magic Link, OAuth), and access controls.

However, no method of transmission over the internet is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that a minor has provided us with personal information, we will delete it promptly. If you believe a minor has provided us with personal information, please contact us at didi@didifitclub.com.

Third-Party Websites

Our Website may contain links to third-party websites. We are not responsible for the privacy practices of third-party websites and encourage you to read their respective privacy policies.

Changes to This Policy

We may update this Policy from time to time. Changes take effect upon posting on the Website. We will note the "Last Updated" date at the top. Your continued use of our Services after changes constitutes acceptance of the updated Policy.

Contact Us

If you have any questions about this Policy, please contact us:

Email: didi@didifitclub.com Address: IAOPSTIMAI S.L., Calle Arándiga 18c, 28023 Madrid, Spain