Legal

Privacy Policy

Last updated: March 2026 · Controller: SteFit · stefitmethod.com

Plain English summary: We collect only what we need to process your purchase and deliver your product. We do not sell your data. We do not use advertising trackers. The only third party that receives your payment information is Stripe, which processes it securely. You have full rights over your data under GDPR.

1. Who We Are

This Privacy Policy applies to SteFit, operating under the brand and website stefitmethod.com. SteFit is the data controller responsible for your personal data collected through this website and in connection with purchases of our digital products.

Contact: [email protected]

2. What Data We Collect

We collect the minimum data necessary to operate the website and process purchases. We do not collect data beyond what is listed below.

Data type	Why we collect it	Legal basis (GDPR)
Email address	To deliver your purchased product and send your receipt	Contract performance (Art. 6(1)(b))
Name	To personalise your receipt and identify your order	Contract performance (Art. 6(1)(b))
Payment data	To process your payment securely via Stripe	Contract performance (Art. 6(1)(b))
Purchase history	To manage your order, resolve disputes, comply with tax obligations	Legal obligation (Art. 6(1)(c))
Cookie preferences	To record your consent decision on the cookie banner	Consent (Art. 6(1)(a))
Basic analytics (if accepted)	To understand how visitors use the site and improve it	Consent (Art. 6(1)(a))

We do not collect sensitive personal data (health, biometric, financial account data). We do not use advertising pixels, retargeting cookies, or social media tracking scripts.

3. Cookies

What cookies we use

Our website uses a minimal set of cookies:

cookie_consent — stores your accept/reject choice. Expires after 12 months. Strictly necessary to remember your preference.
Analytics cookies — only set if you click "Accept" on the cookie banner. Used to understand site traffic in aggregate. No personally identifiable data is shared with third parties via these cookies.

We do not use cookies for advertising, profiling, or cross-site tracking.

Managing your cookie preferences

You can withdraw your consent at any time by clearing your browser's local storage for this site, or by contacting us at [email protected] and we will reset your preference.

4. How We Use Your Data

Your data is used exclusively for the following purposes:

Processing and fulfilling your purchase
Sending your receipt and download links via email
Responding to support requests you initiate
Complying with our legal and tax obligations
Improving the website (only if you have consented to analytics)

We do not use your data for marketing emails unless you have separately and explicitly opted in. We do not build profiles, segment audiences, or sell your data to any third party.

5. Third Parties

We share your data only with the following third parties, strictly to the extent necessary:

Third party	Purpose	Data shared	Their privacy policy
Stripe	Payment processing	Name, email, payment card data	stripe.com/privacy
Netlify	Website hosting	IP address (standard server logs)	netlify.com/privacy
Cloudflare	DNS, email routing	Email metadata (sender, subject)	cloudflare.com/privacypolicy
Google Fonts	Typography	IP address (font loading request)	policies.google.com/privacy

No other third parties receive your personal data. We do not use Facebook Pixel, Google Ads, TikTok Pixel, or any other advertising or social media tracking technology.

6. International Data Transfers

Stripe and Netlify are US-based companies. Where data is transferred outside the European Economic Area, such transfers are covered by appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission. You can request details of these safeguards by contacting us.

7. Data Retention

We retain your personal data only for as long as necessary:

Purchase records and email: 7 years, to comply with Italian and EU tax and accounting obligations.
Support correspondence: 2 years from the date of last contact.
Cookie preference: 12 months, after which the banner will appear again.
Analytics data (if consented): retained in aggregated, anonymised form only.

After the applicable retention period, data is permanently deleted.

8. Your Rights Under GDPR

As a data subject in the European Economic Area, you have the following rights:

Right of access — request a copy of the personal data we hold about you
Right to rectification — request correction of inaccurate data
Right to erasure — request deletion of your data ("right to be forgotten"), subject to our legal retention obligations
Right to restriction — request that we limit how we use your data
Right to data portability — receive your data in a structured, machine-readable format
Right to object — object to processing based on legitimate interests
Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may ask you to verify your identity before actioning your request.

You also have the right to lodge a complaint with your national supervisory authority. In Italy, this is the Garante per la protezione dei dati personali (garanteprivacy.it).

9. Data Security

We take reasonable technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. Payment data is handled exclusively by Stripe, which is PCI DSS Level 1 certified — the highest level of payment security certification available. We do not store payment card details on our systems.

Email communications containing download links use time-limited, unique links where possible. If you believe your data has been compromised, contact us immediately at [email protected].

10. Children's Privacy

Our products and website are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the date at the top of this page and, where feasible, by email to affected customers. We encourage you to review this page periodically.

12. Contact

SteFit — Data Controller
Email: [email protected]
Website: stefitmethod.com

For GDPR-related requests, include "GDPR Request" in the subject line of your email.