Skip to main content
Build The Shelf Start Sculpting

Legal

Privacy Policy

Effective

This Privacy Policy explains how Build The Shelf ("we", "us", "our") collects, uses, shares, and safeguards your personal data when you use our website, training programs, coaching services, and any related content (collectively, the "Service"). It applies to visitors, members, and anyone who contacts us.

1. Who we are

Build The Shelf is the data controller for the personal data described in this policy. We're based at 42 Studio Lane, London EC2 7AB. You can reach us at hello@buildtheshelf.com.

2. The data we collect

We collect the following categories of personal data:

  • Account data: name, email, password (stored hashed), and any profile data you choose to provide.
  • Training data: training history, current goals, form videos you submit, check-in notes, and progress photos. You may submit this data voluntarily as part of coaching.
  • Payment data: we do not store full card numbers. Payments are processed by Stripe; we receive a transaction reference and the last 4 digits of your card for reconciliation only.
  • Communications: emails, support messages, and any other correspondence you send us.
  • Usage data: IP address, browser, device, pages visited, and similar analytics information collected when you use the Service.

3. How we use your data

We process personal data to:

  • Deliver the programs and coaching you've signed up for
  • Process payments and issue refunds
  • Respond to support requests
  • Send you transactional emails (receipts, account notices, program updates)
  • Send marketing emails — only where you have opted in, and you can unsubscribe at any time
  • Improve the Service via aggregated, non-identifying analytics
  • Comply with legal obligations and enforce our Terms of Service

4. Our legal bases (UK / EU residents)

If you are in the UK or EU, we rely on the following lawful bases under UK GDPR / GDPR:

  • Contract: processing necessary to deliver the Service you've purchased.
  • Legitimate interests: running our business, securing the Service, and improving our content.
  • Consent: marketing emails, optional analytics cookies, and use of your transformation photos for marketing material.
  • Legal obligation: tax, accounting, and dispute records.

5. Sharing your data

We do not sell personal data. We share data only with the following categories of recipients, and only as needed to operate the Service:

  • Stripe — payment processing
  • Our email service provider — transactional and (with consent) marketing email delivery
  • Hosting and analytics providers — site delivery and aggregated usage measurement
  • Professional advisors — accountants, legal counsel, where strictly necessary
  • Authorities — when legally required by valid court order or regulator request

6. International transfers

Some of our service providers are based outside the UK / EU. Where personal data is transferred internationally, we rely on the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or another approved transfer mechanism.

7. How long we keep your data

We retain personal data only as long as we need it for the purposes set out in this policy:

  • Account and training data: while your account is active, plus 12 months
  • Payment and tax records: 7 years (UK statutory requirement)
  • Marketing preferences: until you withdraw consent
  • Form videos and progress photos: 24 months from last coaching interaction, unless you ask us to delete sooner

8. Your rights

You have the following rights in relation to your personal data:

  • Access — request a copy of the data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete data we no longer need
  • Restriction — limit how we use your data while a query is resolved
  • Portability — receive your data in a machine-readable format
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — withdraw any consent you previously gave
  • Complain — lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk

To exercise any of these rights, email hello@buildtheshelf.com. We respond within one calendar month.

9. Security

We use industry-standard technical and organisational measures to protect personal data, including TLS in transit, encryption at rest where supported by our providers, role-based access controls, and regular review of our security posture. No system is perfectly secure; we cannot guarantee absolute security but we do our best.

10. Children's privacy

The Service is intended for users 18 and older. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Cookies

We use cookies and similar technologies as described in our Cookie Policy.

12. Changes to this policy

We may update this policy from time to time. If we make a material change we will notify active members by email and update the effective date at the top of this page.

13. Contact

Questions about this policy or our handling of your data should go to hello@buildtheshelf.com.