Privacy Policy

Your privacy matters to us. Learn how we collect, use, and protect your information.

Who We Are

Bahafit (“Bahafit,” “we,” “our,” or “us”) is a Caribbean fitness community platform operated by Bahafit, located in Nassau, Commonwealth of the Bahamas.

Bahafit connects fitness enthusiasts, event organizers, gym owners, coaches, and wellness businesses across the Caribbean. Our platform allows users to post fitness events and listings either for free or for a cost, and users can also purchase access to those events or listings through our platform.

For questions about this Privacy Policy or our data practices, please contact us:

1. Information We Collect

We collect the following categories of personal information when you use Bahafit:

1.1 Information You Provide Directly

  • Account Registration: When you create an account, we collect your full name and email address. If you register with a password, that password is stored in a securely hashed format (we never store plaintext passwords).
  • User Profile: Your account role (e.g., regular user, event organizer, business owner) and any profile details you choose to add.
  • Event Registrations: When you register for a fitness event through Bahafit, we collect your name, email address, and event selection. This information is stored as part of your registration record.
  • Business & Event Listings: If you are a business owner or event organizer, we collect information you submit about your business, events, or services (including descriptions, locations, schedules, and contact details).
  • Communications: If you contact us for support or inquiries, we retain records of your communications.

1.2 Information Collected Automatically

  • Log Data: When you visit our website, our servers automatically record information including your IP address, browser type, operating system, referring URLs, pages visited, and time of visit.
  • Session Data: We use session tokens (JWTs) to keep you logged in. These are stored in your browser and expire at the end of your session or after a defined period of inactivity.
  • Cookies: We use essential cookies necessary for the platform to function (e.g., session cookies for authentication). See Section 5 for details.

1.3 Information Received from Third Parties

If you choose to sign in using a third-party OAuth provider, we receive certain profile information from that provider:

  • Google Sign-In: We receive your name, email address, and Google profile photo (if provided).
  • Facebook Login: We receive your name and email address as authorized by your Facebook privacy settings.

We do not receive or store your social media passwords. The scope of data received is limited to what you authorize during the OAuth consent flow.

2. How We Use Your Information

We use the personal information we collect for the following purposes:

  • Account Management: To create and manage your account, authenticate your identity, and maintain your session.
  • Event Registrations: To process your event registration, associate it with your account, and provide confirmation of your registration.
  • Platform Operations: To display listings, events, and community content relevant to you.
  • Customer Support: To respond to your questions, resolve disputes, and provide assistance.
  • Communications: To send you transactional emails related to your account (e.g., registration confirmations, password resets). We will only send marketing communications if you have opted in.
  • Administration: To manage platform content, approve or reject submitted events and listings, and maintain platform integrity.
  • Compliance and Legal Obligations: To comply with applicable laws, regulations, and lawful requests from authorities.
  • Security: To detect, investigate, and prevent fraudulent or unauthorized activity on the platform.

3. Payment Processing

Bahafit does not collect, process, or store payment card information directly.

When you register for a paid event, you will be redirected to a secure, hosted payment page operated by Fygaro, our payment processing partner. All payment card data is collected, transmitted, and processed exclusively by Fygaro in accordance with their own privacy policy and PCI DSS compliance standards. Bahafit receives only a confirmation of your payment status — we do not receive or store your card number, CVV, or banking details.

You are encouraged to review Fygaro's privacy policy before completing your payment. A link to Fygaro's privacy policy is available at their website.

4. Sharing Your Information

We do not sell your personal information. We may share your information with the following categories of third parties, only as necessary to operate the platform:

4.1 Legal Requirements

We may disclose your information if required to do so by law, regulation, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of Bahafit, our users, or the public.

4.2 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on the platform in advance of any such transfer.

4.3 With Your Consent

We may share your information with other parties where you have given us your explicit consent to do so.

5. Cookies and Tracking Technologies

Bahafit uses the following types of cookies and similar technologies:

Cookie TypePurposeCan You Opt Out?
Essential / Session CookiesRequired for authentication and platform functionality (e.g., keeping you logged in, securing your session via JWT)No — required for platform use
Preference CookiesRemember your settings and preferences on the platformYes — via browser settings

We do not currently use third-party advertising cookies or behavioral tracking cookies.

Google Fonts: Our platform uses Google Fonts for typography. When you visit the platform, your browser may make requests to Google's servers to download font files. This is a standard web practice; Google may log these requests in accordance with its own privacy policy. No personally identifiable information from Bahafit is transmitted in these font requests.

You may control cookie preferences through your browser settings. Disabling essential cookies will impair your ability to log in and use the platform.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services to you. Specifically:

  • Account Data: Retained for the duration of your account and for up to [X years] after account closure, unless a longer retention period is required by law.
  • Event Registration Records: Retained for a minimum of 120 days following the event date, and available to you on request during that period in accordance with RBC e-commerce requirements.
  • Transaction Records: Retained for a minimum of 5 years for financial record-keeping and compliance purposes.
  • Log Data: Retained for up to 90 days unless required for security investigations.

7. Data Security

We take the security of your personal information seriously and implement the following measures:

  • HTTPS Encryption: All data transmitted between your browser and our platform is encrypted using TLS (HTTPS). Our secure site certificate is visible in your browser's address bar.
  • Password Hashing: Passwords are hashed using bcrypt and are never stored in plaintext.
  • Access Controls: Access to administrative portals and user data is restricted to authorized personnel only, with role-based access controls enforced across the platform.
  • Hosting Security: Our platform is hosted on Vercel, which provides enterprise-grade infrastructure security. Data is stored in MongoDB Atlas with encryption at rest.
  • Session Security: User sessions are managed via secure JWT tokens that expire after a defined period.
  • Two-Factor Authentication: Administrators are encouraged to enable two-factor authentication on all administrative accounts.

While we implement industry-standard security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data, but we are committed to protecting it using reasonable measures.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete personal data.
  • Deletion: Request that we delete your personal data, subject to our legal retention obligations.
  • Portability: Request your data in a structured, machine-readable format.
  • Opt-Out of Marketing: Unsubscribe from marketing emails at any time using the unsubscribe link in the email or by contacting us.
  • Withdraw Consent: Where processing is based on consent, withdraw your consent at any time.

To exercise any of these rights, please contact us at support@bahafit.com. We will respond to your request within 30 days. We may require you to verify your identity before processing your request.

9. Children's Privacy

Bahafit is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected information from a child under 13, we will promptly delete it. If you believe we have collected information from a child under 13, please contact us at support@bahafit.com.

10. International Data Transfers

Bahafit operates primarily in the Caribbean region. However, some of our third-party service providers (including Vercel, MongoDB Atlas, Sanity, Google, and Meta) may process and store your data on servers located outside the Bahamas or the Caribbean region, including in the United States and the European Union. By using Bahafit, you acknowledge that your information may be transferred to and processed in these jurisdictions, which may have different data protection laws than your home country. We take steps to ensure our service providers maintain appropriate data protection standards.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

  • Post the updated policy on this page with a new “Last Updated” date.
  • Notify you by email (to the address associated with your account) at least 14 days before the changes take effect.
  • Where required by law, seek your consent to material changes.

Your continued use of Bahafit after the effective date of any updates constitutes your acceptance of the revised Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Bahafit

Nassau, Bahamas

Email: support@bahafit.com

Phone: (242) 815-8001

Hours: Monday–Friday, 9:00 AM – 5:00 PM

Bahafit — Connecting the Caribbean Fitness Community