MakeItFit

Privacy Policy

Effective 11 July 2026 · applies to the MakeItFit iOS app and makeitfit.app

The short version

MakeItFit connects personal trainers and their clients around a shared schedule. We collect the minimum needed to make that work: your account, your profile, your sessions and agreements, and — only if you connect one — busy/free signals from your calendar. We do not sell data, we do not run third-party advertising, and your calendar event titles never leave your device.

The launch email list (this website)

When you join the launch list on makeitfit.app we store the email address you enter, along with your browser’s user-agent string and the address of the page that referred you. That is the full list — there is no hidden profiling. One purpose: to let you know when MakeItFit launches, plus the occasional launch-related update. The user agent and referrer help us understand which devices and pages bring people here. We do not sell or share this data, and we do not use it for third-party marketing.

Signups are stored in our database (hosted on Supabase) and the site is served by Vercel, which keeps standard, short-lived server logs. The public pages set no cookies and run no third-party analytics or trackers. The list is kept only as long as it is needed: once launch notifications have been sent and the list has served its purpose, it is deleted. You can have your entry removed sooner at any time — email daniel@garden-stack.com from the address you signed up with and we will remove it.

What we collect

  • Account — email address and authentication identifiers (Sign in with Apple or magic-link email).
  • Profile — display name, optional avatar, trainer or client role, working hours and preferences you set.
  • Coaching data — training agreements, booked sessions, booking and reschedule requests, session feedback, and optional client metrics you or your trainer record.
  • Calendar availability — if you connect Apple Calendar or Google Calendar, the app reads busy/free time spans to prevent double-booking. Event titles, notes, and attendees are not read into our systems and are never shown to your trainer or client; counterparts only ever see “Busy”.
  • Calendar write-back — if you enable it, confirmed MakeItFit sessions are written into your own calendar. Turning it off removes upcoming events the app created.
  • Payments — subscription purchases and session payments are processed by Stripe. We store payment status and references, never card numbers.
  • Push tokens — a device token so booking requests and confirmations can notify you. You can disable notifications in iOS Settings at any time.
  • Diagnostics — crash and performance reports via Apple’s MetricKit to keep the app stable.

Where it lives

App data is stored with Supabase (hosted in the EU, eu-central-1) with row-level security so each account can only read what it is a party to. Subscription processing happens through Apple. Session payments run through Stripe. Calendar connections talk directly from your device to Apple/Google — your Google refresh token is stored in the iOS Keychain on your device, not on our servers.

What we never do

  • No selling or renting of personal data.
  • No third-party advertising or cross-app tracking.
  • No reading of calendar event titles, notes, or attendees into our servers.

Google user data (Google Calendar)

If you choose to connect Google Calendar, MakeItFit accesses your Google user data only through Google’s official Calendar API, after you grant permission on Google’s consent screen. MakeItFit’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

  • Google API scopes requested — MakeItFit requests https://www.googleapis.com/auth/calendar.readonly to list the calendars you can select and read busy/free time spans, and https://www.googleapis.com/auth/calendar.events to create, update, or delete only the MakeItFit session events that you choose to write back to Google Calendar.
  • How we use it — the app reads busy/free time spans from your Google Calendar solely to detect scheduling conflicts, prevent double-booking, and show which of your calendars can feed availability. Only if you enable write-back, MakeItFit creates, updates, or removes the MakeItFit session events it itself created in your calendar. That is the only use. We do not use Google user data for advertising, and we do not use it to develop, improve, or train generalised AI or machine-learning models.
  • What we store — your Google OAuth tokens are stored in the iOS Keychain on your device, never on our servers. If you select specific calendars, the selected Google calendar IDs are stored with your account so your choice survives app restarts. When availability sharing is on, stripped busy/free time spans may be stored as server-side busy projections so your approved trainer or client can avoid double-booking without seeing event details. If write-back is on, we store the Google event ID, session ID, provider, start/end times, and MakeItFit session title needed to update or remove the event later. Calendar event notes, attendees, locations, and non-MakeItFit event titles are never read into or stored on our systems.
  • Who we share, transfer, or disclose it to — we do not sell Google user data and we do not disclose raw Google Calendar content to other users. Supabase stores the account, selected-calendar, busy-projection, and write-back mirror records described above as our database processor. Vercel serves the website and may keep standard, short-lived request logs. The only thing another MakeItFit user (your trainer or client) can see is that a time slot is “Busy” or bookable, and only when you allow availability sharing; they never see the underlying Google event. We would disclose data only where required by law, and Google user data would never be transferred as part of a merger, acquisition, or sale of assets without your explicit prior consent.
  • How it is protected — all communication with Google and with our servers is encrypted in transit with TLS (HTTPS); OAuth tokens live in the hardware-backed iOS Keychain with device-only storage; our database is encrypted at rest and guarded by row-level security so users can only read records they own or records intentionally shared through an active trainer-client agreement; and the app requests only the minimum Google scopes needed for calendar availability and optional write-back.
  • Human access — no human at MakeItFit reads your Google user data, except with your explicit permission for a support request, where necessary for security or abuse investigation, or where required by law.
  • Revoking access — disconnect Google Calendar at any time in the app, which deletes the tokens on your device, or revoke MakeItFit’s access at myaccount.google.com/permissions. Revocation stops all access immediately.

Sharing between trainer and client

MakeItFit is a two-sided product: your counterpart sees what the relationship needs — agreements you share, sessions you book together, requests you send each other, your display name and avatar, and busy/free availability outcomes. They never see your raw calendar.

Retention and deletion

You can delete your account from Account → Delete account in the app. Deletion soft-deletes your profile immediately, removes personal identifiers, and detaches you from counterparts. Payment records that Belgian bookkeeping law requires us to keep are retained for the legal period, dissociated from your deleted profile where possible.

Your rights (GDPR)

You can request access, correction, export, or erasure of your data at any time. Contact us at daniel@garden-stack.com and we will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority; for Belgium that is the APD/GBA (dataprotectionauthority.be).

Controller and contact

The data controller is Fontaine Farm SRL, Brussels, Belgium. For any privacy question, email daniel@garden-stack.com.

Changes

If this policy changes materially we will update this page and note it in the app. The effective date above always reflects the current version.

MakeItFit.app
TermsBlogSupport