BuzzersFitBuzzersFit
All competitionsMy box
BuzzersFitBuzzersFit

Connected buzzers for CrossFit competitions. Born in 2019 in Besançon, France.

Navigation

All competitionsMy boxOrganizersAboutFAQ

Contact

Contact@buzzers.fit

Legal

Legal noticeTerms of useTerms of salePrivacy policy
© 2026 Buzzers.fit. All rights reserved.

Privacy Policy

Last updated: 5 July 2026 · The French version prevails.

Introduction

This Privacy Policy describes how BuzzersFit (published by Joris Gounand, sole proprietor) collects, uses and protects your personal data, in accordance with the General Data Protection Regulation (GDPR — Regulation EU 2016/679) and the French Data Protection Act. It covers the buzzers.fit website and its subdomains, the BuzzersFit mobile app and the associated services (competitions, partner gyms, workout log).

Data controller

Joris Gounand, sole proprietor (entrepreneur individuel) SIREN: 903 135 671 — SIRET: 903 135 671 00019 Address: 3 Impasse des Champs Genoux, 25410 Roset-Fluans, France Personal data contact: team@buzzers.fit Given the size and nature of the business, the appointment of a Data Protection Officer (DPO) is not required; the contact above centralises all personal data requests.

Data collected

Depending on the services you use, we process the following categories of data:

• Identity and contact: last name, first name, email address, username, password (hashed) • Optional profile: date of birth, phone number, profile photo, weight, gender, home box • Competition data: team, division, results and rankings (competition leaderboards are public) • Signatures and acceptances: text of the signed waiver, accepted version, date, IP address and browser (user-agent) at the time of signing — kept as proof; the same mechanism applies to the acceptance of the Terms of Use/Terms of Sale and membership contracts • One-off geolocation: during an access-control scan (gate), the position of the phone performing the scan is recorded with the scan, as proof of the check — this is the event staff's device, not tracking of athletes' location • Media: profile photo (public), scoreboard photos submitted for analysis, uploaded qualifier videos • Social posts: posts and comments you publish on the activity feed • Payments: processed by Stripe — BuzzersFit does not store any card data; only the history and status of transactions are kept • Bank details: IBAN (encrypted), BIC, last 4 digits and debtor name, for SEPA direct debit mandates set up with a gym — together with the IP address and browser at the time the mandate is signed • Notifications: web and mobile push notification tokens, if you enable them • AI assistant: the content of your conversations with the assistant is recorded and may be viewed by the platform team (service improvement, abuse prevention) • Technical data: IP address, user-agent and timestamps of logins and errors (security logs) • Preferences: language, theme, cookie choice, notification and communication preferences

BuzzersFit does not ask for health data. Waivers written by organisers and gyms must not request medical data; if an organiser collects such data through their waiver text, they are the data controller for it.

Accounts created by a gym

Your gym may create an account in your name (last name, first name, email and/or phone) to manage its memberships and bookings: in that case, the source of the data is the gym, not you (art. 14 GDPR). You are informed of this, and your consents (Terms of Use, Privacy Policy, communications) are collected when you first access the account. You may request the deletion of this account at any time at team@buzzers.fit.

Purposes and legal bases

Each processing operation relies on one of the legal bases provided for in article 6 of the GDPR:

• Account management, competition registrations, bookings and memberships, display of results and rankings, payments, notifications related to your activities — performance of the contract • Proof of signatures and acceptances (waivers, Terms of Use/Sale, contracts), geolocation of access scans, technical and security logs, fraud prevention — legitimate interest (security and proof) • Audience measurement (PostHog) and marketing emails — consent, withdrawable at any time • Professional prospecting of organisers and gyms — legitimate interest (see the Prospecting section) • Retention of accounting and payment records — legal obligation

Recipients and processors

Your data is processed by the following providers, each for the purpose indicated. For providers established outside the European Union, transfers are governed by an adequacy decision (EU-US Data Privacy Framework — DPF) or by the European Commission's standard contractual clauses (SCC).

RecipientPurposeCountrySafeguard
ScalewayHosting, file storage, email sendingFranceData in the EU
StripePaymentsUnited StatesDPF
AnthropicSports image analysis, AI assistantUnited StatesDPF / SCC
TwilioWhatsApp messages (verification codes)United StatesDPF / SCC
CloudflareBot protection (Turnstile)United StatesDPF
PostHogAudience measurement (after consent)European UnionData in the EU
YousignElectronic signature of contractsFranceData in the EU
EMQXReal-time messaging (scores, timers)European Union (Frankfurt)Data in the EU
ExpoMobile push notificationsUnited StatesSCC
Apple / GoogleIn-app purchases, push notificationsUnited StatesDPF (Google) / SCC (Apple)

The administrators of the competitions and gyms you take part in access the data needed for their organisation (registrations, waiver signatures, attendance). AI assistant logs and technical logs are only accessible to the platform team.

Cookies

This site uses cookies necessary for the operation of the service and, only with your consent, audience measurement:

CookiePurposeLifetimeType
bf_tokenAuthentication (session token, HttpOnly)7 daysEssential
bf_token_expToken expiry date (session renewal)7 daysEssential
bf_refreshSession renewal (HttpOnly)30 daysEssential
bf_langLanguage preference1 yearPreference
bf_themeTheme preference (light / dark)1 yearPreference
ph_*PostHog audience measurement — set only after your consent1 yearAudience measurement

You can change your choice at any time via the "Manage my cookies" link at the bottom of the page. A refusal is remembered for 6 months. If you withdraw your consent, the audience-measurement trackers already set are deleted.

Local storage

In addition to cookies, your browser stores the following information locally (localStorage / sessionStorage):

• Your cookie consent choice and its date (a refusal is remembered for 6 months) • Your display preferences (theme, followed competitions) • The local history of your conversations with the assistant, kept in your browser • A possible referral reference (sessionStorage): read only when the account is created to attribute the referral, then cleared when the tab is closed • PostHog audience-measurement trackers, only after your consent

Retention periods

We keep your data only for as long as necessary for the purposes described above:

• User account: deleted or anonymised after 3 years of inactivity • Qualifier videos: 12 months after the end of the competition • Geolocation of access scans: 12 months • Technical logs (logins, errors): 12 months • Proof of signatures and acceptances (waivers, Terms of Use/Sale, contracts): for the duration of the contractual relationship, then for the applicable statutory limitation period • Accounting records and payment data: 10 years (legal obligation) • Professional prospects: 3 years after the last contact • Competition results and rankings: kept with the competition's sports archive

The corresponding purges are carried out periodically by the platform team.

Your rights

In accordance with the GDPR, you have the following rights:

• Right of access: obtain a copy of your personal data • Right to rectification: correct your inaccurate or incomplete data • Right to erasure: request the deletion of your data • Right to portability: receive your data in a structured format • Right to object: object to processing based on legitimate interest • Right to restriction: restrict the processing of your data • Right to withdraw your consent at any time (cookies, marketing)

To exercise your rights, write to team@buzzers.fit. We reply within one month.

You also have the right to lodge a complaint with the CNIL (the French data protection authority): www.cnil.fr

Prospecting and communications

Marketing emails (athletes and members): they are only sent if you ticked the corresponding box when creating your account (opt-in) or enabled the option in your settings. Every marketing email contains an unsubscribe link, and you can change this choice at any time in your profile settings. Professional prospecting (B2B): we may contact competition organisers and gyms on the basis of our legitimate interest in offering our services to professionals. These contact details come from publicly accessible professional sources (websites, public professional profiles). You can object to this prospecting at any time via the unsubscribe link in our messages or by writing to team@buzzers.fit. Communications related to your activities (registration confirmations, booking reminders, competition notifications) are sent for the performance of the contract and do not constitute prospecting.

Data security

We implement appropriate technical and organisational measures: encrypted communications (HTTPS/TLS), hashed passwords (bcrypt), two-factor authentication (TOTP) available on accounts, session token revocation, audit log of authentication events, role-based access control and application locks on sensitive operations (payments, credit wallets).

Changes to this policy

This policy may change, in particular to reflect new services or new obligations. The date of the last update is shown at the top of this page. In the event of a substantial change, you will be informed by email or by a banner on the site before it takes effect.