Wedding FitBack home

Privacy Policy

Last updated · 2 June 2026

Wedding Fit is operated by Figlabs Limited, a company registered in England and Wales. This Privacy Policy explains what personal data we collect when you use weddingfit.app, how we use it, who we share it with, and the rights you have over it under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We're a small team building a single product. We collect only what we need to deliver your personalised wedding-fitness plan, and we don't sell or share your data with advertisers beyond the analytics integrations described below.

1. Who we are

Figlabs Limited is the data controller for personal data processed via weddingfit.app. You can reach us at hello@weddingfit.app for any privacy question or to exercise your rights.

2. The data we collect

Information you give us

  • Account details: your email address, and (if you sign in with Google) your name and profile picture.
  • Onboarding answers: your wedding date, height, current weight, target weight, training history, body type, training location, available equipment, fitness goal, and the behavioural self-assessment questions you answer during the quiz. We use these to generate your plan.
  • Workout activity: which workouts you mark complete, when, and on which plan day.
  • Preferences: notification preferences (daily reminders, rest-day nudges, marketing) and unit preferences (metric / imperial).

Information collected automatically

  • Technical data: IP address, browser type, device type, operating system, referrer URL.
  • Usage data: pages visited, features used, completion events. Used for service improvement and aggregate analytics.
  • Cookies and similar technologies: we use essential cookies for authentication (Supabase) and analytics cookies (Google Tag Manager, Meta Pixel) — see Section 8 for detail.

Payment data

Payments are processed by Stripe. We never see or store your full card number — Stripe handles all card data under their own PCI-DSS-compliant infrastructure. We receive only the transaction outcome (paid / failed), the last four digits of the card, the currency, and a Stripe-issued payment-intent ID.

3. How we use your data

  • Deliver your plan: generate, deliver, and update your personalised workout programme based on your onboarding answers.
  • Send transactional emails:account confirmations, payment receipts, daily workout reminders (only if you've opted in), and plan-related notifications.
  • Process payments: via Stripe, for the one-time plan-unlock fee.
  • Improve the service: aggregate, de-identified usage analytics so we can understand which features are working and where users get stuck.
  • Marketing attribution:to measure which marketing channels bring in new users. Only when you've consented to marketing tracking.
  • Security and compliance: to detect abuse, prevent fraud, and meet legal obligations.

4. Legal basis for processing

Under UK GDPR we must have a lawful basis for each type of processing. For Wedding Fit:

  • Contract (Article 6(1)(b)): processing your onboarding answers and workout activity is necessary to provide the service you signed up for.
  • Legitimate interests (Article 6(1)(f)): aggregate analytics, security monitoring, and service improvement.
  • Consent (Article 6(1)(a)): marketing emails, marketing attribution tracking, and any non-essential cookies. You can withdraw consent at any time.
  • Legal obligation (Article 6(1)(c)): tax, accounting, and other statutory record-keeping (e.g., payment receipts).

5. Who we share your data with

We use a small set of trusted processors to operate the service. Each is bound by a Data Processing Agreement and processes your data only as instructed by us.

  • Supabase (United States; EU-hosted region for our project) — database hosting, authentication, and storage.
  • Stripe (Ireland and United States) — payment processing.
  • Resend (United States) — transactional email delivery from our verified weddingfit.app domain.
  • Vercel (United States) — web application hosting and edge delivery.
  • Google (United States) — only if you choose to sign in with Google. Google processes the OAuth authorisation itself; we receive your email + basic profile info.
  • Google Tag Manager / Google Analytics (United States) — page and event analytics. Only fires when you accept analytics cookies.
  • Meta (Facebook / Instagram) (Ireland) — conversion attribution if you arrived from a Meta ad. Only fires when you accept marketing cookies.

We do not sell your personal data. We do not share your personal data with any party other than the processors listed above, except where required by law (e.g., a binding court order).

6. International transfers

Several of our processors (Stripe, Resend, Vercel, Google, Meta) are based in the United States. Transfers outside the UK / EEA are protected by the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, or by adequacy decisions where one exists. You can request a copy of the safeguards in place by emailing hello@weddingfit.app.

7. Data retention

  • Account & plan data: retained while your account is active. If you delete your account, we delete identifying data within 30 days; anonymised aggregate data may be retained for analytics.
  • Payment records: retained for 7 years to meet UK tax and accounting requirements.
  • Email logs: retained for up to 12 months for deliverability monitoring.
  • Analytics events: retained for up to 26 months (Google Analytics default) before automatic deletion.

8. Cookies and tracking

We use three categories of cookies:

  • Essential:session cookies for authentication (Supabase). These can't be disabled without breaking sign-in.
  • Analytics: Google Tag Manager and Google Analytics set cookies to measure how the service is used. Only when you accept the analytics tier.
  • Marketing: Meta Pixel sets cookies to measure conversion from Meta ads. Only when you accept the marketing tier.

You can change your cookie preferences at any time by clearing site data in your browser or by emailing us.

9. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data — most account fields are editable inside the app.
  • Eraseyour data (the "right to be forgotten").
  • Restrict or object to certain processing.
  • Data portability — receive a machine-readable copy of your data.
  • Withdraw consent at any time for processing based on consent.
  • Lodge a complaintwith the UK Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, email hello@weddingfit.app. We respond within 30 days.

10. Security

We use TLS 1.2+ for all data in transit, encrypted storage at rest, Row-Level Security on every database table, and follow least-privilege access principles for our small team. No system is perfectly secure, but we take measures proportionate to the sensitivity of the data we hold.

11. Children

Wedding Fit is intended for adults aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will notify you by email (if you have an account) and update the "Last updated" date at the top. Continued use of the service after a change indicates acceptance of the updated policy.

13. Contact us

For any privacy question or to exercise your rights, email hello@weddingfit.app.