FixAxis logo (header)
FixAxis

Privacy Policy

How we handle your personal data — KVKK & GDPR compliant.

Effective: May 8, 2026

[ŞİRKET ADI / COMPANY NAME] (“FixAxis”, “we”) is the data controller (veri sorumlusu) for personal data processed via https://fixaxis.fit. This Privacy Policy explains what data we collect, why, and your rights under the Turkish Personal Data Protection Law No. 6698 (“KVKK”) and the EU General Data Protection Regulation (“GDPR”).

1. Data We Collect

  • Account data: name, email, password (hashed), profile picture.
  • Physical profile: birth year, height, weight, fitness level, training goals (provided during onboarding).
  • Usage data: workouts viewed, completion progress, AI Coach interactions, device & browser info, IP address.
  • Payment data: processed by our payment provider (Stripe). We do not store full card numbers.
  • Communications: emails, support tickets, contact form submissions.

2. Purposes & Legal Basis

  • Provide and operate the Service — contractual necessity.
  • Personalize workouts, calculate BMI, and deliver AI coaching — consent / contract.
  • Process payments — contractual necessity.
  • Send service notifications and product updates — legitimate interest / consent.
  • Comply with legal obligations (tax, accounting, consumer law) — legal obligation.
  • Detect fraud and secure the platform — legitimate interest.

3. Data Sharing

We share data only with:

  • Hosting & infrastructure providers (Abacus.AI, AWS).
  • Payment processors (Stripe).
  • Email/notification services for transactional messages.
  • Analytics providers (anonymized).
  • Legal authorities when required by law.

We never sell your personal data.

4. International Transfers

Some providers operate outside Türkiye/EU. Transfers are protected by Standard Contractual Clauses or your explicit consent under KVKK Art. 9.

5. Retention

We retain account data while your account is active and for up to 10 years after closure for legal/tax purposes. Workout data is deleted within 90 days of account deletion.

6. Your Rights (KVKK Art. 11 / GDPR Art. 15–22)

  • Access your data and request a copy.
  • Correct inaccurate data.
  • Request deletion (“right to be forgotten”).
  • Object to processing or withdraw consent.
  • Request data portability.
  • Lodge a complaint with the Turkish Data Protection Authority (KVKK) or your local EU supervisory authority.

To exercise these rights, email [email protected]. We respond within 30 days.

7. Security

We use TLS encryption, hashed passwords (bcrypt), access controls, and regular security audits. Despite our efforts, no online service is 100% secure.

8. Children

The Service is not intended for users under 16. We do not knowingly collect data from children under 16.

9. Cookies

See our Cookie Policy.

10. Data Controller Contact

[ŞİRKET ADI / COMPANY NAME]
Address: [AÇIK ADRES / FULL ADDRESS]
MERSİS: [MERSİS NO]
Tax Office / No: [VERGİ DAİRESİ] / [VERGİ NO]
Email: [email protected]
KEP: [KEP ADRESİ]