Last updated: May 2026
Fitness Drum (“we”, “us”, “our”) is committed to protecting your privacy. We are the data controller for the purposes of UK GDPR and the Data Protection Act 2018. This policy explains what personal data we collect, why we collect it, how we use it, and your rights in relation to it. Please read it carefully.
1. What Data We Collect
Website visitors
When you visit fitnessdrum.com, we automatically collect basic technical information including your IP address, browser type and version, pages visited, and the date and time of your visit. This is collected via Google Analytics (see Section 5).
Newsletter subscribers
If you subscribe to our newsletter, we collect your email address and, if provided, your name. This is managed via Beehiiv.
Platform account holders
If you register for and use our paid platform, we collect:
- Your name and email address (at registration)
- A hashed password (we never store your password in plain text)
- Subscription and billing status
- Platform usage data — specifically, topics or items you have saved as favourites
- Login timestamps and session data
Our platform does not collect any health, fitness, or other special category personal data. It is a business intelligence tool for industry professionals.
Payment information
When you purchase a subscription, payment is processed by Stripe. We do not collect, see, or store your card details. See Section 4 for more.
Enquiries and correspondence
If you contact us by email, we will collect your name, email address, and the content of your message.
2. Legal Bases for Processing
Under UK GDPR, we must have a lawful basis for processing your personal data. The table below sets out the bases we rely on:
| Processing activity | Legal basis |
|---|---|
| Creating and managing your account | Performance of a contract |
| Processing your subscription payment | Performance of a contract |
| Providing access to the platform | Performance of a contract |
| Sending transactional emails (e.g. receipts, account notices) | Performance of a contract |
| Sending the newsletter | Consent |
| Website analytics (Google Analytics) | Consent (via cookie banner) / Legitimate interests |
| Site security and fraud prevention | Legitimate interests |
| Responding to enquiries | Legitimate interests |
| Complying with legal obligations | Legal obligation |
3. How We Use Your Data
We use the personal data we collect for the following purposes:
- To create and manage your platform account
- To provide you with access to the platform and its features
- To process subscription payments and manage billing
- To send you transactional emails such as purchase confirmations, subscription reminders, and account notices
- To send our newsletter, where you have subscribed and consented
- To respond to enquiries or support requests
- To monitor and improve our website and platform
- To ensure the security of our systems and prevent fraud or misuse
- To comply with our legal and regulatory obligations
We do not use your data for automated decision-making or profiling. We do not sell your personal data to third parties.
4. Payment Processing
All subscription payments are handled by Stripe, a PCI-DSS compliant payment processor. When you make a payment, your card details are entered directly into Stripe’s secure environment.
We never see, handle, or store your card number, CVV, or other sensitive payment details. Stripe may retain payment data in accordance with their own privacy policy, available at stripe.com/gb/privacy.
We do retain records of your subscription status, payment dates, and amounts for billing and legal compliance purposes.
5. Cookies and Analytics
Our website uses cookies — small text files stored on your device. We do not use advertising cookies, tracking pixels, or any third-party marketing technologies.
Essential cookies
These are necessary for the website and platform to function. They cannot be disabled. They include:
- Session cookies that keep you logged in to your account
- Security cookies that help protect against cross-site request forgery
Analytics cookies (Google Analytics)
We use Google Analytics to understand how visitors use our site — for example, which pages are most popular, how long people spend on the site, and how they arrived. This data is aggregated and does not identify you personally.
Google Analytics sets cookies on your device to track sessions and page views. Data is processed by Google and may be transferred outside the UK. Google is certified under the UK-US Data Bridge. You can opt out of Google Analytics tracking using Google’s opt-out browser add-on.
We ask for your consent before placing analytics cookies, via our cookie banner when you first visit the site.
Affiliate Referrals
Where you click an affiliate link on our site, affiliate network cookies (such as those set by Awin, Impact, or Amazon Associates) may be placed on your device to record the referral for commission tracking purposes. These cookies do not collect personal data beyond what is necessary to attribute the referral, and are governed by the respective network’s privacy policy.
Managing cookies
You can control and delete cookies through your browser settings. Note that disabling essential cookies may affect your ability to use the platform. Disabling analytics cookies will not affect your experience of the site.
6. Data Processors and Third Parties
We use a small number of carefully selected third-party services to operate our website and platform. These act as data processors on our behalf and are only permitted to use your data for the specific purposes we instruct:
- Stripe
Payment processing and subscription billing
- Supabase
User account and platform data storage
- Beehiiv
Newsletter delivery and subscriber management
- Google Analytics
Anonymous website usage analytics
We do not share your personal data with any other third parties, except where required by law or as part of a business sale or transfer (in which case you would be notified in advance where required).
We do not share your data with advertisers. We have no advertising relationships that involve your personal data.
7. Where Your Data Is Stored
Our platform and account data is hosted on servers located in the United Kingdom. No international transfer of this data occurs.
Our data processors (Stripe, Supabase, Beehiiv, Google Analytics) may store or process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place — such as adequacy decisions or standard contractual clauses — as required by UK GDPR.
Specifically: Google Analytics data may be transferred to the United States under the UK-US Data Bridge adequacy framework.
8. How Long We Keep Your Data
| Data type | Retention period |
|---|---|
| Platform account data (name, email, saved favourites) | For the duration of your subscription, plus 2 years after account closure |
| Billing records and transaction data | 7 years (required for UK tax and accounting compliance) |
| Newsletter subscriber data | Until you unsubscribe, plus 30 days for deletion processing |
| Enquiry / email correspondence | 2 years from the date of correspondence |
| Analytics data (Google Analytics) | 26 months (Google’s default retention, which we have configured) |
At the end of the applicable retention period, data is securely deleted or anonymised.
9. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data. You can exercise any of these rights by contacting us at info[at]fitnessdrum.com. We will respond within one month.
- Access You have the right to request a copy of the personal data we hold about you. This is provided free of charge.
- Rectification You can ask us to correct any inaccurate or incomplete personal data we hold about you.
- Erasure You can request that we delete your personal data, where we no longer have a lawful basis to retain it. Note that some data (e.g. billing records) must be kept for legal reasons.
- Restriction You can ask us to restrict processing of your data in certain circumstances, for example while a dispute is being resolved.
- Portability Where processing is based on consent or contract and carried out by automated means, you have the right to receive your data in a structured, commonly used format.
- Objection You can object to processing based on legitimate interests. You have an absolute right to object to processing for direct marketing purposes.
- Withdraw consent Where processing is based on your consent (e.g. the newsletter or analytics cookies), you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
Complaints: If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office (ICO), at ico.org.uk or by calling 0303 123 1113.
10. Affiliate Links
Some articles on our blog contain affiliate links. If you click one and make a purchase, we may earn a commission. Clicking these links does not result in any additional personal data being shared with us, though the third-party website you visit will have its own data collection practices and privacy policy.
Full details of our affiliate relationships are set out on our Affiliate Disclosure page.
11. Third-Party Websites
Our site contains links to external websites. Once you leave fitnessdrum.com, this Privacy Policy no longer applies. We are not responsible for the privacy practices of other sites and encourage you to review their privacy policies before providing any personal data.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The date at the top of this page reflects when it was last revised. Where changes are material, we will notify registered users by email. We encourage you to review this page periodically.
13. Contact and Complaints
If you have any questions about this Privacy Policy, wish to exercise your rights, or have a concern about how we handle your data, please contact us:
- Email: info[at]fitnessdrum.com
- Website: fitnessdrum.com
We aim to respond to all requests within one calendar month. If you are not satisfied with our response, you may escalate your complaint to the ICO (see Section 9).