Download the SuiteFit App

Effective Date: May 7, 2026 • Last Updated: May 7, 2026

This Privacy Policy describes how SuiteFit LLC (“SuiteFit,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information in connection with the SuiteFit website at suitefit.net (the “Site”), the SuiteFit mobile application (the “App”), our marketplace and booking platform, and any related services, programs, or communications (collectively, the “Services”). It applies to Residents, Trainers, prospective business partners, website visitors, and other individuals whose personal information we process in the United States.

This Policy works together with the SuiteFit Terms of Service available at https://suitefit.net/terms-of-service. Capitalized terms not defined here have the meaning given in the Terms of Service.

Quick Links

  • Section 1 — Information We Collect

  • Section 2 — How We Use Information

  • Section 3 — How We Share Information

  • Section 4 — Sensitive Personal Information

  • Section 5 — Cookies, Analytics, and Online Advertising

  • Section 6 — Global Privacy Control and Do Not Track

  • Section 7 — Data Retention

  • Section 8 — Data Security

  • Section 9 — Children and Minors

  • Section 10 — Consumer Health Data (Washington MHMDA and Similar Laws)

  • Section 11 — Biometric Information (BIPA, CUBI, Washington, NYC)

  • Section 12 — Your U.S. Privacy Rights (CCPA/CPRA and Other State Laws)

  • Section 13 — How to Submit a Privacy Request

  • Section 14 — Verification, Authorized Agents, and Appeals

  • Section 15 — Service Providers and Processors

  • Section 16 — Sale and Sharing of Personal Information

  • Section 17 — California Shine the Light

  • Section 18 — Nevada

  • Section 19 — International Data Transfers

  • Section 20 — Changes to this Policy

  • Section 21 — Contact Us

1. Information We Collect

We collect personal information that you provide to us, that we collect automatically when you use the Services, and that we receive from third-party sources. The categories below use the categories defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA/CPRA”).

CCPA/CPRA Category

A. Identifiers

Examples: Name, email address, phone number, postal address, account username, IP address, device identifier.

Sources: You; your device; service providers.

B. Customer records (Cal. Civ. Code § 1798.80(e))

Examples: Billing name and address, payment-card data (handled by our payment processors), Trainer credentialing info.

Sources: You; payment processors; Trainers.

C. Protected classifications

Examples: Age (we limit accounts to 18+); we do not knowingly collect race, religion, or other protected classes.

Sources: You.

D. Commercial information

Examples: Booking history, transaction history, refund history, communications with Trainers, ratings and reviews.

Sources: You; Trainers; payment processors.

E. Internet/network activity

Examples: Pages viewed, in-app actions, referring URLs, search terms, session duration, error logs.

Sources: Your device; analytics providers.

F. Geolocation data

Examples: Approximate location from IP; precise location from device GPS only with permission (e.g., to find nearby Trainers or buildings).

Sources: Your device (with permission).

G. Sensory information

Examples: Photographs and other media you upload (e.g., profile photos, before/after photos if you choose); voice notes if used.

Sources: You.

H. Professional/employment

Examples: Trainer professional credentials, certifications, business information, insurance status.

Sources: Trainers; verification services.

I. Education information

Examples: Trainer education and certification history (Trainers only).

Sources: Trainers; verification services.

J. Inferences

Examples: Booking preferences, fitness interests inferred from activity, in-app recommendations.

Sources: Sources: Generated by us from the data above.

K. Sensitive personal information

Examples: Account credentials; precise geolocation (with permission); financial-account information for payment; consumer health data and fitness information; potentially biometric identifiers if a biometric feature is enabled.

Sources: You; your device; payment processors.

We do not knowingly collect personal information from minors under 18, and we do not knowingly collect personal information from children under 13 covered by the federal Children’s Online Privacy Protection Act (“COPPA”).

2. How We Use Information

We use personal information for the following business and commercial purposes:

  • Provide and operate the Services, including creating accounts, processing bookings and payments, scheduling sessions, and enabling communications between Residents and Trainers.

  • Verify identity and Trainer credentials, prevent fraud, and protect the safety and integrity of users, the platform, and our personnel.

  • Personalize the Services, including showing relevant Trainers and content.

  • Communicate with you about your account, transactions, customer support, and changes to our terms.

  • Send marketing communications you have agreed to receive, and measure their effectiveness; you can opt out at any time.

  • Conduct analytics, research, product development, and quality assurance, including debugging and error correction.

  • Comply with legal obligations, respond to lawful requests, enforce our agreements, and exercise legal rights.

  • Aggregate or de-identify information for analytical and reporting purposes; once de-identified, we will not attempt to re-identify it except as permitted by law.

We do not use personal information for purposes that are materially different from those listed without first providing notice and, where required, obtaining your consent.

3. How We Share Information

We share personal information in the following circumstances:

  • With Trainers. When you book a session, we share with the selected Trainer your name, profile information, the location of the session, the verified phone number you have provided, and any messages you send through the Services. The Trainer is an independent business and processes your information for its own purposes; you should review the Trainer’s privacy practices.

  • With service providers and processors. We share information with vendors that perform services for us, such as cloud hosting, payment processing, identity verification, fraud prevention, customer support, analytics, email/SMS delivery, and security. These vendors are contractually limited to using personal information only as needed to perform services for us.

  • For legal and safety reasons. We may disclose information in response to subpoenas, court orders, or other lawful requests; to comply with applicable law; to enforce our Terms of Service or other agreements; to investigate fraud or threats to safety; or to protect the rights, property, or safety of SuiteFit, our users, or others.

  • In a business transaction. If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred as part of that transaction, subject to standard confidentiality obligations.

  • With your consent. We share information for any other purpose disclosed at the point of collection or with your consent.

No sale of personal information. We do not sell personal information for monetary consideration. We do not “share” personal information for cross-context behavioral advertising as that term is defined under the CCPA/CPRA, and we do not engage in “targeted advertising” under the Virginia, Colorado, Connecticut, Utah, Texas, or other state privacy laws. If our practices change, we will update this Policy and provide the opt-out mechanisms required by law before doing so.

4. Sensitive Personal Information

We collect the following categories of sensitive personal information (as defined under the CCPA/CPRA and similar state laws), and we use them only for the purposes described below or as otherwise permitted by law:

  • Account log-in credentials — to authenticate users and protect account security.

  • Precise geolocation data (only with device permission) — to find Trainers near you, to estimate session locations, and for fraud prevention.

  • Financial-account information (handled by payment processors) — to process payments and refunds.

  • Consumer health data and fitness information (e.g., fitness goals, body metrics if you choose to provide them) — to operate the marketplace, surface relevant Trainers, and at your request to share with the Trainer.

  • Biometric identifiers, if and when a biometric feature is enabled (e.g., facial-recognition login) — only with prior, separate written consent.

Where applicable state law permits you to limit our use or disclosure of sensitive personal information beyond the purposes listed above, you may exercise that right as described in Section 12.

5. Cookies, Analytics, and Online Advertising

We and our service providers use cookies, software development kits (SDKs), pixels, web beacons, and similar technologies to operate the Services and understand how they are used.

Categories of cookies and similar technologies

  • Strictly necessary. Required for the Services to function (e.g., authentication, load balancing, fraud prevention).

  • Performance/analytics. Help us understand site and app usage so we can improve the Services. We use providers such as Google Analytics. You may opt out of Google Analytics at https://tools.google.com/dlpage/gaoptout.

  • Functional. Remember your preferences (e.g., language, saved cities).

  • Advertising. If we use advertising cookies in the future, we will provide a cookie banner and an opt-out mechanism that complies with applicable state privacy laws.

You can manage cookies through your browser settings or our cookie-preferences tool. Disabling certain cookies may affect functionality. For mobile, you can use device-level controls (e.g., “Limit Ad Tracking,” “App Tracking Transparency,” or “Reset Advertising ID”).

6. Global Privacy Control and Do Not Track

We honor browser-based opt-out signals — including the Global Privacy Control (GPC) and other Universal Opt-Out Mechanisms recognized under California, Colorado, Connecticut, and other applicable state laws — as a valid request to opt out of any sale or sharing of personal information for cross-context behavioral advertising or targeted advertising. Because there is currently no industry-standard for “Do Not Track” (DNT) signals, we do not respond differently to DNT signals; however, we treat GPC as the controlling opt-out signal where applicable.

7. Data Retention

We retain personal information for as long as necessary to provide the Services and to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law (e.g., tax, accounting, or fraud-prevention requirements). General retention guidelines:

7.1 Account profile and contact information

For the life of your account, plus up to 24 months after deletion (for fraud prevention and legal compliance).

7.2 Booking and transaction records

Up to 7 years from the date of the transaction (tax, accounting, dispute resolution).

7.3 Payment-card data

Tokenized and stored by our payment processor in accordance with PCI DSS; SuiteFit retains only the last four digits and a transaction reference.

7.4 Consumer health data / fitness information

While your account is active and for up to 24 months thereafter; deleted earlier on request unless retention is required by law.

7.5 Precise geolocation

Up to 90 days for the booking purpose; aggregated/de-identified after that period.

7.6 Marketing preferences and opt-outs

Indefinitely, to honor your choices.

7.7 Server, security, and audit logs

Up to 24 months.

7.8 Records required for legal compliance

As required by applicable law.

8. Data Security

We maintain administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, alteration, or disclosure. These include encryption in transit and at rest for sensitive fields, role-based access controls, multi-factor authentication for administrative access, regular vulnerability scanning, and a written information-security program intended to satisfy applicable state requirements (including the New York SHIELD Act, the Massachusetts data-security regulation 201 CMR 17.00, and the Oregon Consumer Information Protection Act). No system is perfectly secure; we cannot guarantee the security of information transmitted to us over the Internet, and you transmit information at your own risk.

If a security incident affects your personal information, we will notify you and applicable regulators in accordance with all applicable state and federal breach-notification laws.

9. Children and Minors

The Services are intended for users who are at least 18 years old. We do not knowingly collect personal information from anyone under the age of 18. We also do not knowingly collect personal information from children under 13 covered by COPPA. If you are a parent or guardian and believe your child has provided us with personal information, please contact privacy@suitefit.info, and we will delete the information.

Where applicable, we honor the heightened protections required by the California Age-Appropriate Design Code (Cal. Civ. Code § 1798.99.28 et seq.), the Maryland Age-Appropriate Design Code, the New York Stop Addictive Feeds Exploitation (SAFE) for Kids Act, the minor-specific provisions of the Connecticut Data Privacy Act, and similar laws.

10. Consumer Health Data (Washington MHMDA and Similar Laws)

Because the Services involve fitness, certain information we collect (e.g., fitness goals, training data, body metrics if you choose to provide them) constitutes “consumer health data” under the Washington My Health My Data Act (RCW ch. 19.373) and similar provisions of Nevada SB 370 and the Connecticut Data Privacy Act.

Our consumer health data practices

  • We collect consumer health data only for the purposes of operating the Services as described in this Policy, and only with your affirmative authorization where required by applicable law.

  • We do not sell consumer health data, and we do not use consumer health data for targeted advertising.

  • We do not use a geofence around any in-person healthcare facility to identify, track, or send messages to consumers based on their visit to that facility.

  • Consumer health data is shared only with: (a) the Trainer you book a session with, at your direction; (b) service providers acting on our behalf under written contracts that restrict their use of the data; and (c) authorities or other parties as required by law or to protect safety.

  • Washington and Nevada residents (and Connecticut residents to the extent applicable) have the right to confirm whether we are processing their consumer health data, the right to access that data, the right to delete it, and the right to withdraw consent. Submit requests as described in Section 13.

11. Biometric Information

If we offer a feature that uses biometric identifiers or biometric information (e.g., facial geometry for login), we will:

  • provide a separate, conspicuous written disclosure and obtain your written consent before collecting any biometric identifier;

  • publish a publicly available retention schedule and destruction guideline for biometric identifiers, and destroy them when the initial purpose for collection has been satisfied or within 3 years of your last interaction with us, whichever is sooner;

  • not sell, lease, trade, or otherwise profit from biometric identifiers; and

  • comply with the Illinois Biometric Information Privacy Act (740 ILCS 14), the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code § 503.001), the Washington biometric statute (RCW 19.375), the New York City Biometric Identifier Information Law (NYC Admin. Code § 22-1201), and similar laws.

12. Your U.S. Privacy Rights

Subject to verification and any exceptions provided by law, residents of certain U.S. states have the rights described below. We will not discriminate or retaliate against you for exercising any of these rights.

12.1 California (CCPA/CPRA)

California residents have the right to:

  • Know — request the categories and specific pieces of personal information we have collected about you in the preceding 12 months (and, on request, since January 1, 2022).

  • Delete — request deletion of personal information we have collected from you, subject to statutory exceptions.

  • Correct — request correction of inaccurate personal information.

  • Opt out of sale or sharing — although we do not sell or share personal information, you may submit an opt-out request and we will treat it as a confirmation of our position.

  • Limit use of sensitive personal information — to the limited purposes described in Section 4, where applicable.

  • Non-discrimination — for exercising any CCPA/CPRA right.

California residents also have rights regarding automated decision-making technology and access to information about its logic, when and as the California Privacy Protection Agency’s rules take effect. We do not currently use automated decision-making that produces legal or similarly significant effects on California consumers.

12.2 Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, Tennessee, Iowa, Delaware, Nebraska, New Hampshire, New Jersey, Maryland, Minnesota, Rhode Island, Indiana, and Kentucky

Residents of these states have rights, subject to statutory thresholds and exceptions, that may include the right to:

  • confirm whether we process their personal data and access that data;

  • correct inaccurate personal data;

  • delete personal data;

  • obtain a portable copy of personal data;

  • opt out of the sale of personal data, targeted advertising, and certain types of profiling that produce legal or similarly significant effects; and

  • appeal a denied request (see Section 14).

Specific statutes include: the Virginia Consumer Data Protection Act (Va. Code § 59.1-575 et seq.); the Colorado Privacy Act (C.R.S. § 6-1-1301 et seq.); the Connecticut Data Privacy Act (Conn. Gen. Stat. § 42-515 et seq.); the Utah Consumer Privacy Act (Utah Code § 13-61-101 et seq.); the Oregon Consumer Privacy Act (ORS 646A.570 et seq.); the Texas Data Privacy and Security Act (Tex. Bus. & Com. Code § 541.001 et seq.); the Montana Consumer Data Privacy Act; the Tennessee Information Protection Act (Tenn. Code § 47-18-3201 et seq.); the Iowa Consumer Data Protection Act; the Delaware Personal Data Privacy Act; the Nebraska Data Privacy Act; the New Hampshire Data Privacy Act; the New Jersey Data Privacy Act; the Maryland Online Data Privacy Act; the Minnesota Consumer Data Privacy Act (Minn. Stat. § 325O.001 et seq.); the Rhode Island Data Transparency and Privacy Protection Act; the Indiana Consumer Data Protection Act; and the Kentucky Consumer Data Protection Act.

12.3 California Shine the Light

California Civil Code § 1798.83 entitles California customers who have provided personal information to us to request, once per year, information about our disclosure of certain personal information to third parties for those third parties’ direct-marketing purposes. We do not share personal information with third parties for their direct-marketing purposes. California residents may request a Shine the Light statement by emailing privacy@suitefit.info.

12.4 California Eraser Law (minors)

Cal. Bus. & Prof. Code § 22581 gives California residents under the age of 18 the right to request removal of content or information they posted on the Services. To make such a request, contact privacy@suitefit.info.

13. How to Submit a Privacy Request

You can submit a privacy request through any of the following methods:

  • Web form (preferred): https://suitefit.net/contact

  • Email: admin@suitefit.info

  • Toll-free / phone: 612-472-5724

  • Postal mail: SuiteFit LLC, Attn: Privacy Officer, 20 NE 2nd St., Unit 2803, Minneapolis, MN 55413

We will acknowledge receipt of your request within 10 business days and respond within 45 days (extendable by an additional 45 days where reasonably necessary, with notice to you), as required by the applicable state privacy law.

14. Verification, Authorized Agents, and Appeals

14.1 Verification

To protect your privacy, we will verify your identity before responding to a request. Verification typically requires you to confirm two or more pieces of information that match what we have on file (e.g., name, email, phone). For sensitive requests, we may require additional verification, such as a signed declaration under penalty of perjury.

14.2 Authorized agents

You may designate an authorized agent to submit a request on your behalf. The agent must provide written, signed authorization from you, and we may require you to verify your identity directly or to confirm to us that you provided the agent with permission. Businesses registered with the California Secretary of State may submit on behalf of California residents in accordance with CPRA regulations.

14.3 Appeals

If we deny your request in whole or in part, you may appeal by replying to our denial within 60 days, or by writing to privacy@suitefit.info with the subject line “PRIVACY REQUEST APPEAL.” We will respond to your appeal within 60 days. If we deny your appeal and you reside in a state whose privacy law provides a right to complain to the state attorney general or other regulator, the response will include the contact information for that regulator. California residents may also contact the California Privacy Protection Agency.

15. Service Providers and Processors

We engage service providers and processors to perform services on our behalf, including: cloud hosting (e.g., Amazon Web Services); payment processing (e.g., the providers that support PayPal, Discover, American Express, Mastercard, and Visa transactions); identity verification and fraud prevention; analytics; customer-support tools; email and SMS communications; and security monitoring. Each service provider is bound by a written contract that restricts its processing of personal information to the purposes for which we engaged it and that imposes confidentiality and security obligations.

16. Sale and Sharing of Personal Information

We do not sell personal information for monetary consideration, and we do not “share” personal information for cross-context behavioral advertising. We have not sold or shared personal information in the preceding 12 months. We do not engage in targeted advertising or profiling that has legal or similarly significant effects under any state privacy law.

If our practices change, we will provide a clear and conspicuous opt-out mechanism (including a “Do Not Sell or Share My Personal Information” link and a means to opt out of targeted advertising and profiling) in compliance with the applicable state privacy law.

17. California Shine the Light

See Section 12.3.

18. Nevada

Under Nev. Rev. Stat. § 603A.340 et seq., Nevada residents may submit a verified request directing us not to sell their covered information. Although we do not sell covered information as defined under Nevada law, you may submit such a request to admin@suitefit.info, and we will record and honor your preference.

19. International Data Transfers

SuiteFit operates in the United States. If you access the Services from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Services, you consent to that transfer. We do not currently market to or knowingly process personal data of individuals located in the European Economic Area, the United Kingdom, or Switzerland; if you are located there, please do not use the Services.

20. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will provide notice (e.g., by email, in-app notice, or by posting a revised Effective Date at the top of this Policy) and, where required by law, will obtain your consent. Continued use of the Services after the notice period constitutes acceptance of the updated Policy.

21. Contact Us

For questions about this Policy or to exercise a privacy right:

SuiteFit LLC

Attn: Privacy Officer

20 NE 2nd St., Unit 2803

Minneapolis, MN 55413

United States

Privacy email: admin@suitefit.info

Web form: https://suitefit.net/contact

Phone: 612-472-5724

General contact: admin@suitefit.info


SUITEFIT PRIVACY POLICY

Contact

Reach out for partnership or support

Email:

Phone:

admin@suitefit.info

1-612-472-5724

© 2026. All rights reserved.

Terms of Service

Privacy Policy

Cookie Policy

Trainer Terms of Service