Custom Plans Contribute GitHub

Privacy Policy

Last updated: June 1, 2026

This Privacy Policy ("Policy") sets forth the data collection, processing, and safeguarding practices of BuffBook ("we," "our," or "us"). By accessing or utilizing the BuffBook website, services, and related applications (collectively, the "Service"), you ("User," "you," or "your") explicitly acknowledge and consent to the practices described in this Policy.

1. Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Sensitive Data: A specific subset of Personal Data, including but not limited to health data, physical metrics, and biometric information.
  • Usage Data: Data collected automatically, generated by the use of the Service or from the Service infrastructure itself.

2. Categories of Data Collected

In the course of operating the Service, we may collect the following categories of data:

  • Account Data: Including but not limited to email addresses, cryptographic hashes of passwords, and profile identifiers, collected upon account creation and authentication.
  • Health and Fitness Data (Sensitive Data): Should you elect to purchase or utilize our custom mesocycle programming, you will be required to submit physical metrics, injury history, biomechanical considerations, and fitness objectives. Pursuant to Article 9 of the General Data Protection Regulation (GDPR), such data is processed strictly on the basis of your explicit consent and contractual necessity.
  • Financial Data: Transactional information required to process payments. We utilize third-party payment gateways (e.g., Stripe) and do not directly collect or retain full payment card numbers on our servers.
  • Usage and Telemetry Data: Including Internet Protocol (IP) addresses, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, and diagnostic data, collected via Google Analytics and similar tracking technologies.

3. Legal Basis for Processing (GDPR Compliance)

If you reside within the European Economic Area (EEA), our legal basis for collecting and utilizing the Personal Data described above depends on the specific context in which we collect it. We process Personal Data under the following lawful bases:

  • Contractual Necessity: To perform our obligations pursuant to our Terms of Service (e.g., delivering custom programming).
  • Consent: Where you have granted explicit consent to process Sensitive Data.
  • Legitimate Interests: To maintain and improve our Service, provided such interests are not overridden by your data protection rights.

4. Retention of Data

We shall retain your Personal Data only for as long as is strictly necessary for the purposes set out in this Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Sensitive Data submitted for custom programming is retained only as long as your account remains active or until you request its deletion.

5. Disclosure and Transfer of Data

Your information, including Personal Data, may be transferred to—and maintained on—computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

We reserve the right to disclose your Personal Data under the following circumstances:

  • To comply with a legal obligation or a valid request by public authorities.
  • To protect and defend the rights or property of BuffBook.
  • To prevent or investigate possible wrongdoing in connection with the Service.
  • To protect the personal safety of Users of the Service or the public.
  • To protect against legal liability.

6. Data Security

The security of your Personal Data is of paramount importance to us. We implement commercially reasonable cryptographic, administrative, and physical safeguards designed to protect your data. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

7. Your Data Protection Rights

Subject to applicable law, including the GDPR and the California Consumer Privacy Act (CCPA), you possess the following rights regarding your Personal Data:

  • The right to access, update or delete: You may request access to, correction of, or deletion of the Personal Data we hold about you.
  • The right of rectification: You have the right to have your information rectified if that information is inaccurate or incomplete.
  • The right to object and restrict: You have the right to object to our processing of your Personal Data or request that we restrict the processing of your Personal Data.
  • The right to data portability: You have the right to be provided with a copy of the information we have on you in a structured, machine-readable, and commonly used format.
  • The right to withdraw consent: You also have the right to withdraw your consent at any time where BuffBook relied on your consent to process your personal information.

To exercise any of these rights, please contact us. We may require you to verify your identity before responding to such requests.

8. Amendments to this Policy

We reserve the right to modify or replace this Privacy Policy at our sole discretion at any time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top of this document. You are advised to review this Privacy Policy periodically for any changes.