Send It Fit ("we", "us", "our") is committed to protecting your personal data in accordance with the Personal Data Protection Act 2012 (PDPA) of Singapore and guidelines issued by the Personal Data Protection Commission (PDPC).
By accessing or using the Send It Fit website, mobile application, or any related services (the "Platform"), you acknowledge that you have read, understood, and consent to the practices described in this Privacy Policy. If you do not agree, you must discontinue use of the Platform immediately.
We collect only the personal data reasonably necessary for the purposes identified in this Policy. We do not sell your personal data to third parties for their marketing purposes.
This Policy applies to: all visitors to senditfit.com and associated subdomains; registered members and subscribers of any Send It Fit programme or plan; individuals who contact us via email, social media, or in-app messaging; and coaches, trainers, affiliates, and business partners who engage with us professionally.
This Policy does not apply to third-party websites linked from our Platform.
Identity & Contact Data: Full name and display name, email address and phone number, date of birth and gender, profile photograph (if uploaded), billing address.
Health, Fitness & Body Composition Data: Height, weight, and body measurements; body fat percentage, lean mass, and metabolic rate estimates; fitness goals, training history, and experience level; dietary preferences, restrictions, and calorie/macronutrient targets; medical conditions, injuries, and physical limitations (if voluntarily disclosed); heart rate, activity, and biometric data where integrated with wearables; progress photos and check-in data.
Payment & Transaction Data: Transaction records and purchase history; partial payment card details (we do not store full card numbers — these are handled by PCI-DSS-compliant payment processors); subscription plan and billing cycle information.
Technical & Usage Data: IP address, device type, browser type, and operating system; log data including pages visited, features used, and session duration; cookies and similar tracking technology data; crash reports and diagnostic data.
Communications Data: Messages sent via support channels or in-app chat; survey responses and feedback submissions; comments and posts in community or forum features.
Data from Third Parties: Information from social media platforms (e.g. Google, Facebook) if you sign in via OAuth; fitness data from connected wearable platforms (e.g. Apple Health, Garmin, Strava) subject to your authorisation; payment verification data from payment processors.
Note: Health data including medical conditions, injury history, and progress photos is provided entirely at your discretion. You are never required to submit this information.
We collect and use your personal data for the following purposes:
Creating and managing your account (basis: consent / contractual necessity); delivering personalised fitness programmes and coaching (basis: consent / contractual necessity); processing payments and managing subscriptions (basis: contractual necessity); providing customer support (basis: consent / legitimate interests); sending service-related notifications such as receipts and programme updates (basis: contractual necessity); sending marketing communications with your opt-in consent (basis: consent); improving our Platform through analytics (basis: legitimate interests); conducting research and developing new products using anonymised data (basis: legitimate interests); complying with applicable laws and court orders (basis: legal obligation); detecting and preventing fraud (basis: legitimate interests / legal obligation); enforcing our Terms of Service (basis: legitimate interests).
You may withdraw consent for marketing communications at any time by clicking "unsubscribe" in any email or by contacting our Data Protection Officer.
Health and body composition data is treated as sensitive personal data under our internal data governance framework. We apply the following heightened protections: we obtain explicit informed consent before collecting health-related information; access to health data is restricted to personnel who require it to deliver your services (e.g. your assigned coach); we will never sell, rent, or share your health or fitness data with advertisers or data brokers; where health data is used for research, it is anonymised so it cannot be linked back to you; health data is subject to shorter retention periods and prioritised for deletion upon account closure.
We use cookies, web beacons, and pixel tags to operate our Platform.
Categories:
Strictly Necessary cookies — core functionality including authentication, security, and session management. Cannot be disabled as they are essential to the service.
Functional cookies — remembering preferences, language settings, and personalisation. Can be disabled.
Analytics cookies — understanding usage patterns and improving features (e.g. Google Analytics). Can be disabled.
Marketing cookies — serving relevant advertisements on third-party platforms, only with your consent. Can be disabled.
You may manage cookie preferences via our Cookie Settings panel or by adjusting your browser settings. We honour browser-level "Do Not Track" signals for analytics and marketing cookies.
We do not sell your personal data. We may disclose your data to the following:
Service Providers & Data Processors: Cloud infrastructure providers (e.g. Amazon Web Services, Google Cloud); payment processors (e.g. Stripe, PayNow partners); email and communication platforms (e.g. SendGrid, Mailchimp); analytics providers (e.g. Google Analytics); customer support tools; video conferencing tools for live coaching sessions. All service providers are subject to data processing agreements.
Coaches & Programme Partners: If your programme involves a third-party coach, we will share the personal and fitness data necessary for them to deliver your programme. You will be notified of this at enrolment.
Legal & Regulatory Disclosure: We may disclose your data to law enforcement, regulators, courts, or government bodies in Singapore or abroad where required by law, including for prevention or investigation of offences, or protection of an individual's life or safety in urgent circumstances.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the relevant successor entity. We will provide notice prior to any such transfer.
Where personal data is transferred outside Singapore, we comply with Section 26 of the PDPA, ensuring the recipient provides a comparable standard of protection through binding contractual clauses, or by transferring only to countries assessed as providing adequate protection. Countries to which we may transfer data include the United States and countries within the European Economic Area.
Account & identity data: Duration of account plus 5 years after closure.
Health & fitness data: Duration of active programme plus 2 years; deleted upon request.
Payment & transaction records: 7 years (Singapore income tax and GST compliance).
Communications & support records: 3 years from last interaction.
Marketing consent records: 5 years from date of consent.
Technical & log data: 12 months rolling.
Cookie & analytics data: 13 months rolling.
When retention periods expire, we securely delete or irreversibly anonymise the relevant data.
We implement the following technical and organisational security measures: all data transmitted is encrypted using TLS 1.2 or higher; sensitive data fields are encrypted at rest using AES-256; role-based access control limits staff access on a need-to-know basis; multi-factor authentication is available and encouraged for all accounts; regular penetration testing and security audits are conducted by independent third parties; we maintain a documented data breach response plan.
In the event of a data breach likely to result in significant harm, we will notify you and the PDPC within 3 calendar days of becoming aware of the breach, in accordance with Singapore's Mandatory Data Breach Notification obligations.
Right of Access: You may request access to the personal data we hold about you and information about how it has been used or disclosed.
Right of Correction: You may request correction of any error or omission in your personal data.
Right to Withdraw Consent: You may withdraw consent to the collection, use, or disclosure of your personal data at any time, subject to legal or contractual restrictions.
Right to Data Portability: Where technically feasible, you may request that we transmit your personal data to another organisation in a commonly used machine-readable format such as CSV or JSON.
Right to Lodge a Complaint: You have the right to lodge a complaint with the Personal Data Protection Commission of Singapore (www.pdpc.gov.sg) if you believe we have handled your personal data inconsistently with the PDPA.
To exercise any of these rights, submit a written request to our Data Protection Officer. We will respond within 30 days of receipt. We do not charge a fee for access requests unless they are manifestly unfounded or excessive.
Our Platform is not directed at individuals under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided personal data without parental consent, please contact our DPO and we will delete such data promptly. Where services are provided to individuals aged 13–17, express parental or guardian consent is required prior to registration.
We may update this Policy from time to time. When we make material changes, we will post the updated Policy with a revised date; notify you by email or in-app notification at least 14 days before changes take effect; and seek fresh consent where required by law. Continued use of the Platform after the effective date constitutes acceptance.
If you have any questions about this Privacy Policy or our data practices, please reach out to our team.
