GDPR Compliance
Last updated: June 3, 2026
Fitzpot is committed to GDPR compliance for all customers operating in or with data subjects from the European Economic Area (EEA) and the United Kingdom. This page explains how Fitzpot supports your GDPR obligations.
Fitzpot as a Data Processor
When you use Fitzpot to manage your gym or studio, you are the Data Controller and Fitzpot acts as a Data Processor on your behalf. We process member data only under your instructions, as described in our Data Processing Agreement (DPA).
Data Processing Agreement (DPA)
All Fitzpot customers are covered by our standard DPA, which is incorporated by reference into our Terms of Service. Enterprise customers can request a customised DPA. To request a signed DPA, email: gdpr@fitzpot.com
Your GDPR Obligations as Controller
As a gym or studio owner using Fitzpot, you are responsible for: informing your members how their data is processed, obtaining proper consent for marketing communications, responding to data subject rights requests from your members, and maintaining your own records of processing activities.
How We Support Your Compliance
Data Deletion
Delete any member's data from within Fitzpot at any time. We complete deletion within 30 days.
Data Portability
Export all member data in CSV or JSON format from Settings → Data Export.
Access Controls
Restrict staff access to member personal data using role-based permissions.
Processing Records
We maintain records of all data processing activities on your behalf.
Breach Notification
We will notify you within 72 hours of discovering a data breach affecting your data.
Data Transfers
All data is stored in EU/India regions. Cross-border transfers are covered by standard contractual clauses.
GDPR Questions?
Our Data Protection Officer is available to answer compliance questions, review your DPA, or assist with a member data request.