Privacy

Your data, your members' data, our responsibility.

Last updated: 3 June 2026. This page is the working version while the full GDPR-compliant policy is being finalised by counsel. For anything we haven't spelled out yet, email us and we'll answer directly.

What we collect

Account data (name, email, phone if you provide it), gym configuration (classes, plans, coaches, members), booking activity, payment metadata via Stripe, and product analytics on how the app is used. We do not collect biometric data or location beyond the gym's registered city.

Where it lives

EU data residency. Our database and primary infrastructure run in Frankfurt. Stripe processes payments under its own EU-aligned terms. We do not transfer personal data outside the EEA except where the user's own gym chooses to integrate with a third party that does.

Who can see what

Gym owners and head coaches see all members in their own gym. Coaches see only the classes they are assigned to. Members see their own data and aggregate leaderboards. Volta staff access production data only for support requests and only with audit logging.

Your rights under GDPR

Access, correction, export, deletion, restriction, and objection. Email us at the address below to exercise any of them and we'll respond within 30 days.

Cookies and tracking

We use a first-party session cookie for authentication and a single first-party analytics cookie for product usage. No third-party advertising cookies, no cross-site tracking, no Facebook Pixel, no Google Ads remarketing.

Data we do not sell

We do not sell, rent, or share member data with third parties for marketing. Ever. Your members are not the product.

Subprocessors

We use Supabase (EU region), Stripe, Resend for transactional email, and Vercel for hosting (EU edge region). A full subprocessor list with their own DPAs is available on request.

Contact

Privacy questions, data export requests, or anything else legal: tom@voltaconsult.com.