Privacy
policy.

Banzer Athletics is a Hyrox-focused performance gym based in Apollo Beach, FL 33572, run by Jhanine Banzer. The website (banzerathletics.com), the API (api.banzerathletics.com), and the mobile app are all part of the same service.

For any privacy questions, email hello@banzerathletics.com or use the contact form.

When you create an account or use the app, we store the following:

• Account info — your email, display name, and a hashed (never plain-text) password.
• Session metadata — a session token, the time you signed in, your IP address and user-agent. Used to keep you logged in and to spot suspicious access.
• Profile data you choose to add — date of birth, gender (or not specified), height, weight, primary goal, race calendar.
• Bookings — which classes you booked, attended, were waitlisted for, or cancelled.
• Coach-assigned data — training plans your coach assigns to you and any notes attached.

We do not collect device location, photos, contacts, or any third-party advertising/analytics identifiers. The marketing pages include no third-party trackers.

Strictly to provide the service:

• Authenticate you and remember you across sessions.
• Show you the right schedule and bookings.
• Let your coach assign and review training plans.
• Ensure capacity and waitlist rules are respected.
• Prevent abuse (e.g. throttling sign-ups from the same IP).

We do not sell your data. We do not share it with advertisers. We do not run analytics on it.

The website uses one cookie: __Secure-better-auth.session_token. It's HttpOnly, Secure, SameSite=Lax, scoped to .banzerathletics.com, and only used to keep you signed in. It expires after 30 days of inactivity.

The mobile app stores the same session token in your phone's secure keychain (iOS) or Keystore (Android). It never leaves the device except as the Authorization header sent to our API.

No analytics, advertising, or fingerprinting cookies are set.

We don't sell or share your data. The only third parties that touch any of it are infrastructure providers strictly needed to run the service:

• Novatrend (Switzerland) — hosts the website and database servers.
• GitHub — stores the application source code; not your personal data.
• Apple App Store / Google Play — required to distribute the mobile app. Their own privacy policies apply to anything they collect at install time.

We may disclose information if legally required (e.g. a court order), but we'll push back on overbroad requests and try to notify you when we can.

Passwords are hashed with industry-standard one-way functions — we cannot recover yours, only verify it. All traffic between your browser/app and our API runs over TLS. The auth cookie is HttpOnly so it can't be read by JavaScript.

If we ever discover a breach involving your data, we'll email you within 72 hours of confirming it, with what we know and what to do.

Account and booking data is retained while your account is active. If you delete your account, we delete the personal fields immediately and anonymise the historical bookings (we keep counts for capacity analytics, not your name on them). Backups roll off within 30 days.

Wherever you live, you can ask us to:

• Access a copy of the data we hold about you.
• Correct anything that's wrong or out-of-date.
• Delete your account and personal data.
• Export your data in a machine-readable format (JSON).

Email hello@banzerathletics.com from the address on your account and we'll act within 30 days. EU/UK residents have the same GDPR rights; California residents have the same CCPA rights — same email, same process, no friction.

The service is not directed at children under 16. We don't knowingly collect data from anyone under 16. If you're a parent and believe your child has signed up, email us and we'll delete the account.

If we materially change how we handle your data, we'll notify you via email and post the change here with a new "Effective" date. The previous policy will remain available on request.

Banzer Athletics
Apollo Beach, FL 33572
Email: hello@banzerathletics.com