Privacy
Your data, your members' data, our responsibility.
Last updated: 3 June 2026. This page is the working version while the full GDPR-compliant policy is being finalised by counsel. For anything we haven't spelled out yet, email us and we'll answer directly.
What we collect
Account data (name, email, phone if you provide it), gym configuration (classes, plans, coaches, members), booking activity, payment metadata via Stripe, and product analytics on how the app is used. We do not collect biometric data or location beyond the gym's registered city.
Where it lives
EU data residency. Our database and primary infrastructure run in Frankfurt. Stripe processes payments under its own EU-aligned terms. We do not transfer personal data outside the EEA except where the user's own gym chooses to integrate with a third party that does.
Who can see what
Gym owners and head coaches see all members in their own gym. Coaches see only the classes they are assigned to. Members see their own data and aggregate leaderboards. Volta staff access production data only for support requests and only with audit logging.
Your rights under GDPR
Access, correction, export, deletion, restriction, and objection. Email us at the address below to exercise any of them and we'll respond within 30 days.
Cookies and tracking
We use a first-party session cookie for authentication and a single first-party analytics cookie for product usage. No third-party advertising cookies, no cross-site tracking, no Facebook Pixel, no Google Ads remarketing.
Data we do not sell
We do not sell, rent, or share member data with third parties for marketing. Ever. Your members are not the product.
Subprocessors
We use Supabase (EU region), Stripe, Resend for transactional email, and Vercel for hosting (EU edge region). A full subprocessor list with their own DPAs is available on request.
Contact
Privacy questions, data export requests, or anything else legal: tom@voltaconsult.com.