Privacy Policy

1. Who We Are

B-Fit is a private 30-day group fitness challenge tracking platform operated by The Barrington Group. This Privacy Policy explains how we collect, use, and protect your personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

By using B-Fit, you consent to the collection and use of your information as described in this policy.

2. Information We Collect

We collect only the information necessary to operate the B-Fit platform:

• Account information: your name and email address, provided when you create an account
• Password: stored as a secure one-way hash — we cannot read your password
• Activity logs: the number of minutes of physical activity you log each day during the challenge
• Join date: the date your account was created
• Password reset requests: your email address and a temporary security token, if you request a password reset
• IP address and request timestamps: collected temporarily for security rate-limiting purposes and automatically deleted after 24 hours

We do not collect payment information, location data, or any sensitive personal information beyond what is listed above.

3. How We Use Your Information

Your information is used solely to operate the B-Fit platform:

• To create and manage your account
• To display your activity progress to you and to other members of your challenge group
• To generate group statistics and leaderboards visible to all members
• To process password reset requests
• To prevent abuse through rate limiting

We do not use your information for advertising, profiling, or any purpose unrelated to the fitness challenge.

4. Information Visible to Others

B-Fit is a group platform. The following information is visible to all members of your challenge group:

• Your name
• Your daily activity logs (minutes logged per day)
• Your challenge statistics (completion rate, streak, cumulative time)

Your email address is not visible to other members. It is visible only to the group administrator.

5. Cookies

B-Fit uses two types of cookies:

• Session cookie (PHPSESSID): This is a strictly necessary cookie used to keep you logged in. It stores a reference to your login session on our server. It does not track you across websites and is deleted when you log out or close your browser. No consent is required for this cookie as it is essential for the site to function.
• Google Analytics cookies: We use Google Analytics to understand how the site is used (for example, which pages are visited). Google sets its own cookies to collect this data. Google Analytics may transfer data to servers in the United States. You can opt out of Google Analytics tracking at any time using Google's opt-out browser add-on. Google's privacy policy is available at policies.google.com/privacy.

6. Data Sharing

We do not sell, rent, or share your personal information with third parties for commercial purposes.

The only third party that receives data about your use of B-Fit is Google, through Google Analytics, as described in Section 5. This data is anonymised usage data and does not include your name, email address, or activity logs.

We may disclose information if required to do so by law or in response to a valid legal request.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to operate the platform. Specifically:

• Account information (name, email, password hash) is retained until your account is deleted
• Activity logs are cleared at the start of each new 30-day challenge cycle
• Password reset tokens expire after 24 hours and are marked as used once processed
• Security rate-limit records (IP address and timestamps) are automatically deleted after 24 hours

8. Data Security

We take reasonable steps to protect your personal information:

• Passwords are stored using bcrypt hashing — your actual password is never stored or readable
• Sessions are protected with CSRF tokens to prevent cross-site request forgery
• Rate limiting is applied to login and password reset actions to prevent brute-force attacks
• The site is served over HTTPS where supported by the hosting environment

No system is completely secure. If you believe your account has been compromised, please contact us immediately.

9. Your Rights Under PIPEDA

Under Canada's PIPEDA, you have the right to:

• Know what personal information we hold about you
• Request access to your personal information
• Request corrections to inaccurate information
• Withdraw consent and request deletion of your account and associated data
• File a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated

To exercise any of these rights, please contact us using the information below.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of B-Fit after any changes constitutes acceptance of the updated policy.