Important infomation
Privacy Policy
Fitness OS Privacy Policy
Last updated: 06/03/2026
This Privacy Policy explains how FITNESS OS LTD (“Fitness OS”, “we”, “us” or “our”) collects, uses, stores and protects personal data.
This policy applies to:
visitors to our website;
people who enquire about Fitness OS;
users who sign up for a trial or paid subscription;
customers who use our software platform; and
people who communicate with us by email, forms, calls or social media.
If you have any questions about this Privacy Policy or about how we handle personal data, please contact us at [email protected].
1. Who We Are
Company name: FITNESS OS LTD
Company number: 15629363
Registered office: 43 High Street, Uppermill, Oldham, Greater Manchester, England, OL3 6HS
Contact email: [email protected]
FITNESS OS LTD is an active private limited company registered in England.
2. Data Protection Roles
For personal data relating to our own website visitors, leads, subscribers, billing contacts and marketing contacts, Fitness OS acts as the data controller.
Where our software is used by customers to store and manage their own leads, clients and contacts, the customer is usually the data controller and Fitness OS usually acts as a data processor on that customer’s behalf. ICO guidance explains that controllers decide why and how personal data is processed, while processors handle personal data on the controller’s behalf.
3. The Personal Data We Collect
We may collect and use the following categories of personal data:
Information you provide directly
This may include:
name;
email address;
phone number;
business name;
billing details;
login and account information;
support requests;
onboarding information; and
any other information you choose to provide to us.
Payment and billing information
If you sign up for a trial or paid subscription, we may collect billing-related information and subscription records. Payment card details are typically processed by our third-party payment processor rather than stored directly by us.
Website and device information
When you use our website, we may collect:
IP address;
browser type;
device type;
operating system;
referring URLs;
pages viewed;
actions taken on the site; and
cookie and analytics data.
Platform usage information
If you use Fitness OS, we may collect information relating to how your account is configured and used, including:
user activity;
settings and workflows;
form submissions;
booking activity;
page or funnel activity;
automation usage;
support history; and
technical logs and diagnostics.
Communications data
We may keep records of emails, support tickets, calls and other communications with you.
4. How We Collect Personal Data
We collect personal data:
when you visit our website;
when you submit a form;
when you request a demo or trial;
when you subscribe to a plan;
when you contact us;
when you use the platform;
through cookies and similar technologies; and
from service providers or integrations connected to your account where relevant.
5. How We Use Personal Data
We use personal data for the following purposes.
To provide the service
We use personal data to create and manage accounts, provide access to the platform, deliver features, provide onboarding and support, and communicate with users about the service.
Lawful basis: performance of a contract, or steps taken at your request before entering into a contract.
To manage trials, subscriptions and billing
We use personal data to run free trials, process subscriptions, store and manage billing records, send reminder emails before trial expiry, and manage failed payments or cancellations.
Lawful basis: performance of a contract and legitimate interests in running our business.
To respond to enquiries
We use personal data to respond to demo requests, support questions and general enquiries.
Lawful basis: legitimate interests, or steps taken at your request before entering into a contract.
To improve and secure our services
We use technical and usage data to troubleshoot issues, monitor performance, improve features, detect abuse or fraud, and help maintain the security and reliability of the website and platform.
Lawful basis: legitimate interests.
To send marketing communications
We may send marketing communications about Fitness OS where permitted by law.
Lawful basis: consent where required, or legitimate interests where permitted.
You can unsubscribe from marketing emails at any time.
To comply with legal obligations
We may use personal data where necessary to comply with legal, regulatory, tax, accounting or enforcement requirements.
Lawful basis: legal obligation.
ICO guidance says privacy information should explain what data is used, why it is used, and the lawful bases relied on.
6. Who We Share Personal Data With
We may share personal data with:
payment processors;
hosting and infrastructure providers;
analytics providers;
cloud software providers;
email and communications providers;
support and implementation tools;
domain and technical service providers;
professional advisers; and
regulators, courts or law enforcement where required.
Where third parties process personal data on our behalf, we expect them to handle it appropriately and in line with applicable law.
7. International Transfers
Some of our service providers may process personal data outside the UK.
Where that happens, we take steps intended to ensure appropriate safeguards are in place, such as recognised contractual protections or other lawful transfer mechanisms where required.
8. How Long We Keep Personal Data
We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide services, manage the relationship, comply with legal obligations, resolve disputes and enforce our agreements.
Examples:
enquiry data may be kept for a reasonable follow-up period;
billing and payment records may be retained for legal, accounting and tax purposes;
active account data will usually be retained while the account remains live and for a limited period after closure;
system logs and backups may remain in secure archives for a limited time.
Where we do not specify a fixed retention period, we use criteria such as legal obligations, operational need, security, and dispute risk. ICO guidance says that where a fixed period is not used, organisations should explain the criteria used to decide retention.
9. Your Rights
Depending on the circumstances, you may have the right to:
request access to your personal data;
request correction of inaccurate data;
request erasure;
request restriction of processing;
object to processing based on legitimate interests;
withdraw consent where consent is the lawful basis;
request portability of certain data; and
complain to the ICO.
To exercise any of these rights, contact [email protected].
You also have the right to complain to the Information Commissioner’s Office if you believe your data has been handled unlawfully. ICO guidance expects privacy notices to explain the rights available and how individuals can complain.
10. Customer Data Within the Platform
If you use Fitness OS to manage your own leads, customers or contacts:
you are generally responsible for deciding why and how that personal data is used;
you are responsible for your own privacy notices, lawful bases and marketing compliance; and
Fitness OS generally processes that personal data on your behalf under the relevant terms and Data Processing Addendum.
11. Security
We take appropriate technical and organisational measures intended to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage.
No online service can be completely secure, but we work to maintain reasonable safeguards.
12. Cookies
Our website uses cookies and similar technologies. Please see our Cookie Policy for more information.
13. Changes to This Policy
We may update this Privacy Policy from time to time.
Where appropriate, we will notify users of material changes by email, website notice or in-platform notice.
14. Contact Us
If you have any questions about this Privacy Policy or our handling of personal data, contact:
FITNESS OS LTD
43 High Street, Uppermill, Oldham, Greater Manchester, England, OL3 6HS
Email: [email protected]
Data Processing Addendum
Fitness OS Data Processing Addendum
Last updated: 06/03/2026
This Data Processing Addendum (“DPA”) forms part of the agreement between FITNESS OS LTD and the customer using Fitness OS where Fitness OS processes personal data on the customer’s behalf.
This DPA applies where the customer is a controller and Fitness OS is a processor in relation to personal data processed through the Fitness OS platform.
ICO guidance states that whenever a controller uses a processor, there must be a written contract containing the required UK GDPR terms.
1. Parties
This DPA is made between:
Controller: the customer using Fitness OS and determining the purposes and means of the relevant personal data processing.
Processor: FITNESS OS LTD, company number 15629363, registered office 43 High Street, Uppermill, Oldham, Greater Manchester, England, OL3 6HS, email [email protected].
2. Scope and Order of Precedence
This DPA applies only to the extent that Fitness OS processes personal data on behalf of the customer as processor.
If there is any conflict between this DPA and the main Terms in relation to data protection and processor obligations, this DPA will prevail to the extent of that conflict.
3. Subject Matter and Duration
The subject matter of the processing is the provision of the Fitness OS software platform and related support, onboarding, hosting, account administration, automation, forms, CRM, booking, website and communication functionality.
The duration of the processing is for as long as Fitness OS processes personal data on the customer’s behalf in connection with the customer’s use of the platform, unless otherwise required by law.
4. Nature and Purpose of Processing
Fitness OS may process personal data to:
host and store customer data;
organise, retrieve and display records within the platform;
provide CRM, booking, website, form, workflow and automation functionality;
support communications initiated or configured by the customer;
maintain security, performance and backups;
provide support and troubleshooting; and
otherwise provide the service requested by the customer.
5. Categories of Data Subjects
Depending on how the customer uses the platform, data subjects may include:
the customer’s leads and prospects;
the customer’s clients and former clients;
the customer’s staff, contractors or users;
website visitors;
contacts and subscribers; and
any other individuals whose personal data the customer uploads to the platform.
6. Categories of Personal Data
Depending on the customer’s use of the platform, personal data may include:
names;
email addresses;
phone numbers;
postal addresses;
booking details;
form submissions;
notes and communications;
billing-related records;
account and user information;
online identifiers; and
any other personal data uploaded by the customer.
If the customer chooses to upload special category data or other sensitive data, the customer is responsible for ensuring it has a lawful basis and appropriate safeguards.
7. Controller Obligations
The customer:
confirms it is responsible for determining the lawful basis, purposes and means of processing;
confirms it will comply with applicable data protection law;
confirms it has provided any necessary privacy notices and obtained any required consents;
warrants that its instructions to Fitness OS are lawful; and
remains responsible for the accuracy, quality and legality of the personal data it uploads.
8. Processor Obligations
Fitness OS will:
process personal data only on documented instructions from the customer, unless required by law to do otherwise;
ensure that persons authorised to process the data are subject to appropriate confidentiality obligations;
take appropriate technical and organisational measures to protect personal data;
assist the customer, taking into account the nature of processing and the information available to Fitness OS, with responding to data subject requests where reasonably necessary;
assist the customer, where reasonably necessary, with security, breach notification, impact assessments and regulator enquiries;
notify the customer without undue delay if Fitness OS becomes aware of a personal data breach affecting customer personal data;
delete or return personal data at the end of the provision of services, unless retention is required by law; and
make available information reasonably necessary to demonstrate compliance with applicable processor obligations.
These are all areas the ICO expects to be covered in controller-processor contracts.
9. Confidentiality
Fitness OS will ensure that anyone authorised to process customer personal data is under an appropriate duty of confidentiality.
10. Security
Fitness OS will implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
Such measures may include, where appropriate:
access controls;
authentication controls;
role-based permissions;
logging and monitoring;
secure hosting arrangements;
encryption in transit where supported;
backup processes; and
policies and procedures designed to support security.
11. Subprocessors
The customer authorises Fitness OS to use subprocessors to help deliver the service.
Fitness OS will ensure that where a subprocessor is engaged to process customer personal data, an appropriate written agreement is in place imposing data protection obligations that are not less protective than those set out in this DPA, so far as applicable.
A current list of subprocessors may be:
made available on request; or
published separately by Fitness OS.
ICO guidance states that if a processor uses another organisation to assist in processing, a written contract with that subprocessor is required.
12. International Transfers
Where Fitness OS or its subprocessors transfer personal data outside the UK, Fitness OS will take steps intended to ensure that the transfer is carried out in accordance with applicable data protection law.
13. Data Subject Requests
Taking into account the nature of the processing, Fitness OS will provide reasonable assistance to the customer in responding to requests from data subjects to exercise their rights.
Where Fitness OS receives a request directly relating to customer personal data, Fitness OS may:
forward the request to the customer; or
advise the requester to contact the customer directly,
unless Fitness OS is legally required to respond.
14. Personal Data Breaches
If Fitness OS becomes aware of a personal data breach affecting customer personal data, Fitness OS will notify the customer without undue delay and provide reasonable information available to help the customer meet any legal obligations.
15. Audit and Information Rights
Fitness OS will make available information reasonably necessary to demonstrate compliance with its obligations under this DPA.
Any audit or inspection right must be exercised reasonably, on notice, and in a way that does not unreasonably disrupt Fitness OS operations or compromise the rights of other customers or confidential information.
16. Return or Deletion of Data
Upon termination of the service, and subject to the main agreement and any applicable retention period, Fitness OS will delete or return customer personal data, unless Fitness OS is required by law to retain some or all of it.
The customer is responsible for exporting its data before final deletion where required.
17. Liability
Liability under this DPA is subject to the liability provisions set out in the main Terms, unless applicable law requires otherwise.
18. Contact
For data protection matters relating to this DPA, contact:
FITNESS OS LTD
43 High Street, Uppermill, Oldham, Greater Manchester, England, OL3 6HS
Email: [email protected]