lock FitUni Privacy Policy

Effective Date: May 7, 2025

1. Introduction

FitUni, developed by Group 8 for TMA327 at Foreign Trade University (FTU), is committed to protecting your personal data in compliance with Decree 13/2023/ND-CP on personal data protection and FTU regulations (Quy chế FTU). This Privacy Policy explains how we collect, use, store, and protect your information when you use FitUni.

2. Data We Collect

We collect the following personal data, as defined under Decree 13/2023/ND-CP:

  • Basic Personal Data: FTU email address, name (optional during signup), gender, and profile description.
  • Sensitive Personal Data: Sports preferences, skill levels, time availability, and motivation level, which may reveal lifestyle or fitness habits.
  • Technical Data: Session data and IP addresses (for security, e.g., honeypot checks).

3. How We Collect Data

Data is collected when you:

  • Sign up or sign in using your FTU email and password.
  • Complete your profile (e.g., sports, time slots via calendar).
  • Interact with FitUni (e.g., find matches, accept/reject matches).
  • Receive verification codes or match notifications via email.

4. Purpose and Legal Basis

We process your data for the following purposes, with your consent as the legal basis (Article 9, Decree 13/2023/ND-CP):

  • Account creation and verification (FTU email, password).
  • Matching you with sports buddies based on preferences and availability.
  • Sending email notifications (e.g., verification codes, match updates).
  • Ensuring platform security (e.g., bcrypt hashing, honeypot fields).
  • Complying with FTU regulations and Vietnamese law.

By clicking “Go” or signing in/signing up, you consent to this processing.

5. Data Storage and Security

Your data is stored in a local SQLite database (fituni.db) on a secure server maintained by Group 8. We implement:

  • Password encryption using bcrypt.
  • Honeypot fields to detect bots, per local development security (May 7, 2025).
  • Temporary storage of verification codes (1-hour expiry).

Data is retained only as long as necessary for FitUni’s operation or as required by law (Article 11, Decree 13/2023/ND-CP).

6. Data Sharing

We do not share your data with third parties, except:

  • With matched users (e.g., name, sports preferences) to facilitate connections.
  • As required by FTU or Vietnamese authorities (e.g., for legal compliance).

FitUni does not use third-party advertising or analytics services.

7. Your Rights

Under Decree 13/2023/ND-CP (Articles 13–17), you have the right to:

  • Access, correct, or delete your personal data.
  • Withdraw consent for data processing.
  • Request data portability or restrict processing.
  • File complaints with the Vietnam Ministry of Public Security if your data is mishandled.

To exercise these rights, contact us at fituniftu@gmail.com.

8. Data Transfers

FitUni operates locally at FTU and does not transfer data internationally. All data processing occurs within Vietnam, in compliance with Decree 13/2023/ND-CP.

9. Changes to Privacy Policy

We may update this Privacy Policy to reflect legal or operational changes. Continued use after updates constitutes acceptance. Check this page regularly.

10. Contact Us

For privacy-related inquiries, contact us at fituniftu@gmail.com.