Legal

Privacy Notice

Last updated: July 9, 2026

1. Who We Are

This Privacy Notice explains how Nathanael Alcide, an individual sole proprietor trading as "Natebeenfit" ("we", "us"), collects and uses personal data when you visit our website or use our subscription services (the "Service"). We are the data controller for the personal data described here.

2. Personal Data We Collect

  • Account data — email address, password (stored hashed), display name, and optional profile fields such as fitness goal and dietary preference.
  • Authentication data — sign-in method (email/password or Google), and, if you use Google sign-in, basic profile information Google returns to us.
  • Subscription and billing metadata — plan, subscription status, and billing period dates. Full payment card details are collected and stored by Paddle, not by us; see section 4.
  • Support communications — the content of messages you send us.
  • Technical data — device and browser information, IP address, and usage/telemetry needed to operate the Service securely.

3. How We Use Personal Data

PurposeLegal basis
Creating and maintaining your accountPerformance of a contract
Providing meal plans, workouts, and subscription featuresPerformance of a contract
Providing customer supportPerformance of a contract / legitimate interests
Security, fraud prevention, and abuse investigationLegitimate interests
Improving the Service (aggregated/analytics)Legitimate interests
Complying with legal obligations (tax, accounting)Legal obligation

4. Payments — Paddle as Payment Processor and Merchant of Record

Our order process is conducted by our online reseller Paddle.com. Paddle is the Merchant of Record for all our orders and acts as an independent data controller for the personal data it collects to process your payment, calculate and remit taxes, issue invoices, prevent fraud, and handle refunds and chargebacks.

When you check out, Paddle collects your name, billing address, email address, and payment details directly. We do not receive or store your full card number. We do receive a Paddle customer ID, subscription ID, plan, status, and billing period dates so we can grant you access to what you paid for.

Paddle's privacy notice describes its own practices: paddle.com/legal/privacy.

5. Who We Share Personal Data With

  • Paddle — as Merchant of Record and payment processor (see section 4).
  • Hosting and infrastructure providers — including our authentication, database, and hosting providers, which process personal data on our behalf under written agreements.
  • Google — if you choose Google sign-in, to authenticate you.
  • Professional advisers — such as accountants or lawyers, where reasonably necessary.
  • Authorities — where required by law, legal process, or to protect rights, safety, or property.

We do not sell your personal data.

6. International Transfers

The providers we use may be located outside your country of residence, including the United States and the European Economic Area. Where personal data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions where these apply.

7. Retention

We retain account and subscription data for as long as your account is active and for a reasonable period afterwards to comply with legal, tax, and accounting obligations, resolve disputes, and enforce our agreements. When personal data is no longer required, we delete or anonymize it. Paddle applies its own retention periods to the data it holds as controller.

8. Your Rights

Depending on where you live, you may have the following rights in relation to your personal data:

  • access a copy of the personal data we hold about you;
  • request that inaccurate personal data be corrected;
  • request that personal data be erased (subject to legal retention requirements);
  • request that we restrict processing of your personal data;
  • object to processing based on our legitimate interests;
  • request portability of certain personal data;
  • withdraw consent where processing is based on consent;
  • complain to your local data protection authority.

To exercise any of these rights, contact us through the contact options on this site. We will respond within the timeframes required by applicable law (typically within one month under the GDPR).

9. Security

We use appropriate technical and organizational measures to protect personal data — including encryption in transit, hashed passwords, access controls, and least-privilege administrative access. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

10. Cookies

We use strictly necessary cookies and local storage to keep you signed in and to remember essential preferences. If we introduce analytics or marketing cookies in future, we will update this notice and, where required, request your consent first. Paddle sets its own cookies at checkout under its own privacy notice.

11. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children.

12. Changes to This Notice

We may update this Privacy Notice from time to time. The "Last updated" date above indicates when the notice was most recently revised.

13. Contact

To contact us about this Privacy Notice or your personal data, please use the contact options on this site. For payment-related privacy questions handled by Paddle as controller, contact Paddle via paddle.com/legal/privacy.