Privacy & Cookies Policy

Last updated: 15 September 2025
Effective as of: 22 September 2025

This Privacy & Cookies Policy explains how EffortlessCoach (“we”, “us”, “our”) collects, uses, discloses, and protects your personal data when you use our websites, apps, and services (collectively, the “Services”). We are committed to complying with applicable data protection laws, including the UK GDPR and Data Protection Act 2018, and—where applicable—the EU GDPR and other international privacy regulations.

1. Who we are (Data Controller)

The Services are operated by:

Digital Blue Solutions Ltd
Company number: 15686184
Company type: Private limited company
Registered office: 14 Wharfedale Street, Wednesbury, England, WS10 9AG
Incorporated on: 27 April 2024

Contact for privacy matters: compliance@effortlesscoach.fit

2. Eligibility (18+)

The Services are intended for individuals aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal information, please contact us and we will delete it.

3. What data we collect

Account Information: name, email address, login credentials.
Profile Data: age, gender, preferences, fitness or dietary goals.
Health & Fitness Data: information you enter about weight, height, nutrition, exercise, or other data you choose to provide.
Usage Data: how you interact with our website or app, including IP address, browser/device type, log data, and analytics.
Payment Data: billing details, payment method, subscription records (processed securely by third-party providers).
Communications: support requests, in-app messages, and email interactions.

4. How we use your data

To create and manage your account.
To deliver personalised fitness and coaching services.
To process payments and manage subscriptions.
To provide customer support.
To send notifications, reminders, and updates (you may opt out of non-essential communications).
To analyse and improve our services.
To comply with our legal obligations and enforce our terms.

5. Legal basis for processing

Consent – where you actively provide health/fitness data or opt in to marketing.
Contract – to deliver the services you sign up for.
Legitimate Interests – such as improving services, maintaining security, and preventing fraud.
Legal Obligations – when required by law.

6. Where your data is stored

All personal data is stored on secure servers located in the United Kingdom. If you access our services from outside the UK, your data will be transferred internationally to our UK servers. Where applicable, we use safeguards such as Standard Contractual Clauses or equivalent mechanisms to ensure your data is protected.

7. Sharing your data

We may share your data with:

Service providers (e.g. cloud hosting, analytics, payment processors such as Stripe, which securely processes all subscription payments on our behalf).
Professional advisers (legal, accounting, or compliance, when required).
Authorities (when legally required).
Business partners or buyers in the event of a merger, acquisition, or sale.

We do not sell your data to third parties.

8. Data retention

We keep your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to:

Provide and improve our services.
Comply with legal, tax, and regulatory obligations.
Resolve disputes and enforce agreements.

Typical retention periods include:

Account information: kept while your account is active, and for up to 6 years after closure to comply with legal obligations.
Health and fitness data: kept while your account is active, or until you delete it within your account settings.
Payment and billing data: kept for up to 6 years, in line with UK financial record-keeping requirements.
Communications and support requests: kept for up to 3 years after resolution.
Analytics and usage data: retained in aggregated/anonymised form, not linked back to individuals, for as long as needed to improve our services.

When data is no longer required, it will be securely deleted or anonymised.

9. Data security

We implement appropriate technical and organisational measures to safeguard your personal data, including:

Encryption of data in transit.
Secure access controls.
Regular security monitoring.

No system is 100% secure, but we work continuously to protect your data.

10. Your rights

Depending on your location, you may have rights over your data, including:

Access – request a copy of the data we hold about you.
Correction – ask us to fix inaccurate information.
Deletion – request erasure of your data.
Restriction – limit how your data is processed.
Portability – request your data in a portable format.
Objection – object to processing (e.g. marketing).
Withdraw Consent – where processing is based on consent.

You can exercise your rights by contacting us at: compliance@effortlesscoach.fit

If you are based in the UK or EU and are not satisfied with our response, you may lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner’s Office (ICO): www.ico.org.uk.

11. Marketing and communications

We may use your contact details to send you:

Service-related updates (e.g. account notices, changes to terms, technical messages).
Marketing communications (e.g. newsletters, promotions, offers, and product updates).

Consent

Where required by law, we will only send you marketing communications if you have opted in. You may withdraw your consent and opt out of marketing at any time by clicking the “unsubscribe” link in any marketing email, visiting our Marketing preferences center, or contacting us at compliance@effortlesscoach.fit.

Third-party marketing

We do not sell or share your data with third parties for their own marketing purposes.

Service communications

Some essential service communications (such as password resets, security alerts, or account notifications) cannot be opted out of, as they are necessary to provide the service.

12. Cookies and similar technologies (UK GDPR & PECR)

Our website and app use cookies and similar technologies (such as pixels, SDKs, and local storage) to operate the site, remember your preferences, and—subject to your consent—measure usage and personalise content. We do not set non-essential cookies unless and until you give us permission via our cookie banner.

12.1 What are cookies?

Cookies are small text files placed on your device when you visit a website or use an app. They are widely used to make digital services work, or work more efficiently, and to provide information to the service owner.

12.2 Lawful basis and PECR

Under the UK Privacy and Electronic Communications Regulations (PECR), we require your consent to store or access information on your device using cookies, except where the cookie is strictly necessary to provide a service you have requested (e.g., security, load balancing, cookie preferences). Analytics and marketing cookies are non-essential and require your consent.

12.3 Categories of cookies we use

Strictly necessary (always active): required to operate the site or provide a service you requested.
Preferences (optional): remember choices such as language or region.
Analytics (optional): help us understand how our site/app is used so we can improve it.
Marketing (optional): used to deliver or measure advertising and social media features.

12.4 Your choices & how to manage cookies

You can set your preferences on first visit via our cookie banner, and you can change them at any time:

You can also control cookies through your browser settings (e.g., to block or delete cookies). For more information, see your browser’s help pages.

12.5 Third-party cookies

Some cookies are set by third parties that provide services to us (for example, analytics providers or embedded content). Their privacy policies will apply in addition to this policy.

12.6 Cookie duration

Cookies may be session cookies (deleted when you close your browser) or persistent cookies (which remain for a specified period unless you delete them).

12.7 Consent records

We record your consent choices to demonstrate compliance. You can update your cookie preferences at any time. Show Cookie Preferences

12.8 Cookies we use

Name	Provider	Purpose	Duration
_ECSession	EffortlessCoach	Internal tracking cookie used to measure conversions when users visit and join.	Session (expires when browser is closed)
_ECAuth	EffortlessCoach	Essential cookie set after login to keep users authenticated and maintain account session data.	Session / until logout
_ECConsent	EffortlessCoach	Stores the user’s cookie preferences and consent status. Required to remember settings.	12 months (or until preferences are updated)
_hjSessionUser_*	Hotjar	Persists a unique user ID so returning visitors can be recognized across sessions.	365 days
_hjFirstSeen	Hotjar	Identifies the first session of a new user for session recording purposes.	Session
_hjSession_*	Hotjar	Holds current session data (pages viewed, interactions).	30 minutes (extended on activity)
_hjSessionTooLarge	Hotjar	Ensures Hotjar does not collect data if the session becomes too large.	Session
_hjSessionResumed	Hotjar	Set when a session is reconnected after a recording is interrupted.	Session
_hjIncludedInPageviewSample	Hotjar	Determines if a user is included in pageview-based data sampling.	30 minutes
_hjIncludedInSessionSample	Hotjar	Determines if a user is included in session-based data sampling.	30 minutes
_hjAbsoluteSessionInProgress	Hotjar	Used to detect the first pageview of a user’s first session.	30 minutes
_hjTLDTest	Hotjar	Used to determine the most generic cookie path so cookies can be shared across subdomains.	Session (deleted after test)
_hjRecordingEnabled	Hotjar	Set when a recording starts, to let Hotjar know if the user is already being recorded.	Session
_hjRecordingLastActivity	Hotjar	Updated when a user recording session is active.	Session

13. International users

EffortlessCoach is operated from the UK but available worldwide. By using our services from outside the UK, you agree that your data will be transferred to and stored on UK servers.

14. U.S. State Privacy Rights (CCPA/CPRA and similar laws)

If you are a resident of California or another U.S. state with privacy legislation, you may have additional rights under state law, including the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

Do Not Sell or Share My Personal Information

We do not sell your personal information to third parties, and we do not share your personal information for cross-context behavioural advertising. If this changes in the future, we will update this policy and provide you with the right to opt out.

Your U.S. State Privacy Rights may include:

The right to know what categories of personal information we collect, use, disclose, or share.
The right to request access to the personal information we hold about you.
The right to request deletion of your personal information.
The right to correct inaccurate information.
The right to limit the use and disclosure of sensitive personal information.
The right to opt out of the sale or sharing of your personal information (not applicable as we do not sell or share).
The right not to be discriminated against for exercising your privacy rights.

To exercise your rights, please contact us at: compliance@effortlesscoach.fit. We may need to verify your identity before fulfilling your request.

15. Changes to this policy

We may update this Privacy & Cookies Policy from time to time. Updated versions will be posted on our website with a revised “Last updated” date. If we make material changes, we may notify you by email or in-app notice.

16. Contact us

If you have questions or concerns about this Privacy & Cookies Policy, please contact us at:

Digital Blue Solutions Ltd
Email: compliance@effortlesscoach.fit
Registered office: 14 Wharfedale Street, Wednesbury, England, WS10 9AG
Company number: 15686184