Last updated: Jan 12, 2025

Our Commitment to Privacy

We are committed to protecting the privacy and security of users of our website, mobile app, and online products. This privacy policy outlines what information we collect, how we use it, and your choices concerning our possession and use of this information. This policy applies to all WorkoutLabs platforms, including Fit, Train, and Club.

Scope of Privacy Policy

This policy applies to your use of workoutlabs.com, owned or operated by WorkoutLabs, LLC and affiliated companies (collectively “we,” “us,” or “our”), including workoutlabs.com, workoutlabs.shop, and our associated platforms, Fit, Train, and Club. It also applies to our social media profiles and any other digital services we offer (collectively, the “Website”).

What Information We Collect

Personal Identification Information

We may collect personal information from you, such as your name, email address, phone number, and payment details, when you use our services. This information is used solely to provide and improve our services.

No Payment Information Stored

Your privacy is of utmost importance to us. As part of our commitment to safeguarding your data, we do not store any bank or credit card information on our servers. Instead, we rely on PCI-DSS-certified third-party payment services to handle all transactions. These providers are industry leaders in payment security and compliance, ensuring that your payment information is processed securely and efficiently.

For payment processing, we utilize the following trusted service:

• Stripe: A globally recognized payment platform known for its robust security measures and compliance with PCI-DSS standards. You can learn more about their privacy practices by visiting their privacy policy page.

High-Availability Databases

Our data is processed on AWS RDS databases (PostgreSQL) and replicated in a high-availability configuration.

Daily Backups

Every day, our databases are backed up and stored in an encrypted format. Backups are verified regularly to ensure data integrity and recoverability in case of unexpected incidents.

Maintenance Windows

System updates that could impact availability are scheduled outside of local business hours whenever possible to minimize disruption to our users.

Secure Development Lifecycle

We follow industry best practices in software development to ensure the security and stability of our applications and infrastructure. Our processes include:

• Using version control (Git) for development.
• Developing features and fixes in separate branches to maintain code integrity.
• Scanning code for known security vulnerabilities before deployment.
• Performing manual testing (Quality Assurance) before merging updates into the main codebase.

Security Certifications

Our hosting provider, DigitalOcean, maintains rigorous security certifications to ensure the highest standards of data protection:

• SOC 2 Type II and SOC 3 Type II: DigitalOcean complies with globally recognized information security controls and is independently audited by Schellman & Company LLC.
• ISO 14001 and ISO 50001: Several DigitalOcean colocated data centers have obtained these certifications, reflecting their commitment to environmental and energy management systems.
• CSA STAR Level 1: DigitalOcean has achieved Cloud Security Alliance (CSA) STAR Level 1 certification, ensuring compliance with fundamental cloud security principles across multiple domains.
• APEC CBPR PRP Certification: DigitalOcean meets high privacy and data protection standards as part of the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules Privacy Recognition for Processors program.

Your Rights & Data Portability

Depending on your location, you may have certain rights regarding your personal data, including the right to access, correct, delete, or transfer your information. To request access to your data or to exercise any of your rights, please contact us at info@workoutlabs.com.

Third-Party Services & Data Sharing

We may use third-party service providers for hosting, analytics, payment processing, and other essential business functions. These providers have access to your data only to perform necessary tasks on our behalf and are contractually obligated to maintain the confidentiality and security of your information.

Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance user experience, analyze website performance, and improve our services. You can control or disable cookies through your browser settings.

Data Breach Notification

In the event of a data breach that affects your personal data, we will notify affected users promptly and take all necessary steps to mitigate the impact.

Account Deletion

You may request the deletion of your account and associated data by contacting us at info@workoutlabs.com. Certain data may be retained as required by law or for legitimate business purposes.

Children’s Privacy

Our services are not intended for children under the age of 13, and we do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete it.

Changes to This Policy

We may update this policy periodically. Changes will be posted on this page with an updated revision date.

Contact Us

If you have any questions regarding this Privacy Policy, please contact us at info@workoutlabs.com.