Privacy Policy
Last updated : June 16, 2026
Courtesy translation. The French version prevails in the event of any discrepancy.
1. Identity of the data controller
The LabsOFit application (hereinafter the “Application” or the “Service”) is published by LabsOFit, a sole proprietorship operated by Mr. Bousebaa Boubaker, whose registered office is located at 7 rue de Provence, 94800 Villejuif, France, registered under SIRET number 48106907800030 (hereinafter “we”, “our” or the “Publisher”). The publication director is Mr. Bousebaa Boubaker.
The controller of personal data within the meaning of Regulation (EU) 2016/679 (“GDPR”) is Mr. Bousebaa Boubaker. No data protection officer (DPO) has been appointed, as such appointment is not mandatory for our organization. For any question regarding your data, you may contact us at: contact@bylabscreations.com.
2. Scope
This policy describes how we collect, use, share and protect your data within the Application, including its social features (friend network, messaging/chat, posts, comments, groups, public profiles).
It applies to the web version and, where applicable, to the associated mobile applications sharing the same infrastructure. By using the Service, you acknowledge that you have read this policy.
3. Data we collect
We collect only the data necessary for the purposes described below:
- Account data: e-mail address and authentication data (managed by our authentication provider).
- Profile data: name/username, profile picture, sex, age/date of birth, height, fitness goals.
- Health and physical activity data: weight and its evolution, workout sessions and progress, calories burned/consumed, hydration. Some of this data may constitute health data, processed on the basis of your consent (see § 5).
- Social feature data: posts, shared images, comments, “likes”, relationships (follows/friends), groups, privacy settings, and the content of private messages (chat).
- Subscription and payment data: Premium status and billing data processed by our payment provider (we do not store your card numbers).
- Technical data: connection logs, IP address, device identifiers, browser type, and cookie/tracker data (see § 11).
4. Social features: messaging, network and posts
This section specifies the particular processing of the social and messaging features. Please read it carefully.
Content visibility: your posts, your profile and certain information (name, photo, status) may be visible to other users depending on the privacy settings you choose. Any content you make public may be viewed, and where applicable copied, by other users; you must not publish information there that you wish to keep confidential.
Private messaging (chat): the messages exchanged are stored on our servers to ensure their delivery and display between participants. Messages ARE NOT end-to-end encrypted. They are accessible to their recipients and may be accessed by our teams on a strictly limited basis for reasons of security, abuse prevention, compliance with our terms, or to comply with a legal obligation or a request from a competent authority.
Read receipts and typing indicators: to provide the messaging service, we process information such as the read timestamp of a message and the “typing” status. This information is shared with the person you are talking to as part of a normal conversation.
Data shared with third-party users: when you interact (message, friend request, comment, addition to a group), the information necessary for the interaction (e.g. your name and profile picture) is disclosed to the users concerned. We have no control over how other users use the information you send them.
Right to erasure and messages: if you delete your account or a message, the copies already received and retained by other users, or displayed in a conversation on the recipient’s side, may remain in accordance with the law and our retention obligations.
5. Legal bases for processing (Art. 6 and 9 GDPR)
We process your data on the following legal bases:
- Performance of the contract: provision of the account, the tracking features, the social network and the messaging.
- Consent: processing of health data (weight, activity), sending of optional communications, placement of non-essential cookies. You may withdraw your consent at any time.
- Legitimate interest: security of the Service, prevention of fraud and abuse, moderation, improvement of features, subject to your rights and interests.
- Legal obligation: retention of certain data and response to requests from the competent authorities.
6. Purposes of use
- Create and manage your account and profile.
- Provide the tracking features (workouts, weight, nutrition, hydration).
- Enable the social features: friend network, posts, comments, groups and messaging.
- Ensure security, prevent and detect abuse, moderate reported content.
- Manage Premium subscriptions and billing.
- Improve and personalize the Service.
- Comply with our legal and regulatory obligations.
7. User-published content, moderation and reporting
You are solely responsible for the content you publish or transmit through the Service (posts, images, comments, messages, group names, etc.). You undertake not to distribute unlawful content, in particular: hate speech, harassment, defamation, infringement of the privacy of others, content of a sexual nature involving minors, incitement to violence, counterfeiting, or any content contrary to the law or to public decency.
Host status: for content uploaded by users, the Publisher acts as a host within the meaning of Article 6 of French Law No. 2004-575 on confidence in the digital economy (LCEN). We have no general obligation to monitor content, but we promptly remove any manifestly unlawful content as soon as we become aware of it.
Reporting: any user can report abusive content or behavior, block a user, or decline/remove a connection. To report unlawful content, contact: contact@bylabscreations.com. We reserve the right to suspend or delete, without notice, any account or content that breaches the law or our terms.
8. Data sharing and processors
We do not sell your data. We use technical processors acting on our behalf and bound by confidentiality commitments:
- Website hosting: Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, United States.
- Database, authentication, file storage and transactional e-mails (e.g. password reset): Supabase.
- Payment and subscription management: Stripe.
We may also disclose data if required by law, upon request from a judicial or administrative authority, or to protect our rights, our security or those of others.
9. Transfers outside the European Union
Our database and file storage (Supabase) are hosted within the European Union (Paris region, France). However, some other processors may process data outside the European Economic Area, in particular our web host Vercel Inc., located in the United States, and our payment provider Stripe. These transfers are governed by appropriate safeguards within the meaning of the GDPR (standard contractual clauses of the European Commission and/or adherence to the EU–US Data Privacy Framework).
10. Retention periods
- Account and profile data: for the entire lifetime of the account, then deleted or anonymized within a reasonable period after account deletion.
- Messages and social content: retained until deleted by the user or until account removal, subject to legal retention obligations.
- Billing data: retained for 10 years from the close of the financial year, in accordance with accounting obligations (Article L123-22 of the French Commercial Code).
- Technical logs / connection logs: retained for 1 year in accordance with applicable legal obligations.
11. Cookies and trackers
The Service uses cookies and similar technologies necessary for its operation, as well as, subject to your consent, audience-measurement or third-party cookies. You can manage your preferences at any time via our consent banner and your browser settings.
12. Data security
We implement appropriate technical and organizational measures to protect your data against any unauthorized access, loss, alteration or disclosure (access control, encryption in transit, segregation via security rules at the database level). As no system is infallible, we cannot however guarantee absolute security.
13. Data breach
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the CNIL (the French data protection authority) within 72 hours where required, and will inform you without undue delay if the breach is likely to result in a high risk.
14. Minors
The Service is not intended for persons under 15 years of age (the age of digital consent in France). If you are under 15, you must obtain the consent of the holder of parental authority. We will delete any accounts that we become aware of as having been created by minors in breach of this rule.
15. Your rights
In accordance with the GDPR, you have the following rights:
- Right of access, rectification and erasure of your data.
- Right to restriction and right to object to processing.
- Right to data portability.
- Right to withdraw your consent at any time, without affecting the lawfulness of prior processing.
- Right to set guidelines regarding the fate of your data after your death.
To exercise these rights, contact us at contact@bylabscreations.com. We may ask you for proof of identity. You also have the right to lodge a complaint with the CNIL (www.cnil.fr) if you consider that your rights are not being respected.
16. Limitation of liability regarding interactions between users
The Service connects users. We are not responsible for the content published by users or for the interactions, communications or disputes between them. Users interact under their sole responsibility. We disclaim all liability for the use that third parties may make of the information you choose to share. These provisions supplement and operate together with our Terms of Use, which govern the use of the Service, the rules of conduct, moderation and applicable sanctions, and of which this policy forms an integral part.
17. Changes to the policy
We may amend this policy to reflect legal or functional changes to the Service. The date of the last update appears at the top of the document. In the event of a substantial change, we will inform you by an appropriate means.
18. Contact
For any question regarding this policy or your personal data: contact@bylabscreations.com.