Privacy Policy

1. Who We Are

BFX ("we", "us", "our") operates the website bfx-nutrition.com and sells protein energy drinks and food products to customers in the European Union.

For questions about this policy or your personal data, contact us at: [privacy@bfx-nutrition.com]

2. What Data We Collect

We keep data collection to a minimum. Here is what we collect and why:

Email address

When you sign up for our product launch notification list, we collect your email address. You can also opt in to our newsletter to receive updates about future drops, offers, and news.

Cart and browsing data

We store your shopping cart ID in your browser's local storage so your cart persists between visits. This data stays on your device and is not sent to our servers.

Order and payment data

When you proceed to checkout, you are redirected to Shopify's hosted checkout. Shopify collects your name, shipping address, and payment details to process your order. We receive your order information (name, address, items purchased) but never see or store your full payment card details.

3. How We Use Your Data

• Notification list: To send you a one-time email when our products launch.
• Newsletter: If you opt in, to send you occasional emails about new products, offers, and company news. You can unsubscribe at any time.
• Order processing: To fulfill your order, arrange shipping, and handle any returns or customer service inquiries.
• Security: To protect our forms from automated spam using Cloudflare Turnstile bot detection.

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we rely on the following legal bases:

• Consent (Article 6(1)(a)) -- for collecting your email via the notification form, and separately for newsletter subscription. You can withdraw consent at any time.
• Contract (Article 6(1)(b)) -- for processing orders and delivering products you purchase.
• Legitimate interest (Article 6(1)(f)) -- for security measures such as bot protection (Cloudflare Turnstile).

5. Data Processors

We use the following third-party services to operate our website and process data:

• Shopify (Shopify International Ltd.) -- e-commerce platform, checkout, and payment processing.
• Supabase (Supabase Inc.) -- database hosting for our notification email list.
• Cloudflare (Cloudflare Inc.) -- bot protection (Turnstile) and content delivery.
• Vercel (Vercel Inc.) -- website hosting and serverless functions.

Each processor is bound by their own privacy policies and data processing agreements. We only share the minimum data necessary for each service to function.

6. Data Retention

• Notification emails: Retained until you request deletion.
• Newsletter subscribers: Retained until you unsubscribe or request deletion.
• Order data: Retained for as long as required by applicable tax and accounting laws (typically 7 years).
• Cart data: Stored in your browser's local storage. You can clear it at any time through your browser settings.

7. International Transfers

Some of our data processors (Shopify, Supabase, Cloudflare, Vercel) operate servers outside the European Economic Area (EEA). Where this occurs, data transfers are protected by:

• Standard Contractual Clauses (SCCs) approved by the European Commission, or
• Adequacy decisions for the recipient country, where applicable.

8. Your Rights

Under GDPR, you have the right to:

• Access -- request a copy of the personal data we hold about you.
• Rectification -- ask us to correct inaccurate data.
• Erasure -- ask us to delete your data ("right to be forgotten").
• Portability -- receive your data in a structured, machine-readable format.
• Objection -- object to processing based on legitimate interest.
• Restriction -- ask us to limit how we process your data.
• Withdraw consent -- at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at [privacy@bfx-nutrition.com]. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority if you believe your data has been mishandled.

9. Cookies & Local Storage

We use essential cookies and browser local storage to keep our site functional. We do not use analytics, advertising, or tracking cookies. For full details, see our Cookie Policy.

10. Children's Privacy

Our website and products are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has submitted data to us, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated "Last updated" date. If changes are material, we will make reasonable efforts to notify affected users.

This privacy policy was drafted based on BFX's actual data practices. We recommend having it reviewed by a qualified legal professional before relying on it as your sole compliance document.