Legal
Privacy Policy
Last updated: May 5, 2026 • Site: fightersblueprint.com • Governed by Norwegian law & EU GDPR
1. Who We Are
FightersBlueprint is an AI-powered combat sports training plan service operating from Norway. We are the data controller for all personal data collected through this website.
2. What Data We Collect
We collect only what is necessary to deliver your training plan:
- Email address — to send you your completed blueprint
- Training profile data — sport, level, experience, fight record, training schedule, equipment, goals, injuries. This is required to generate a meaningful, personalised plan
- Payment data — handled entirely by Vipps MobilePay. We never see or store your card details
- Technical data — IP address and browser type, processed by Netlify for hosting and security purposes only
We do not collect sensitive health data beyond what you voluntarily enter (e.g. injuries), and we do not collect ID numbers or biometric data.
3. Why We Collect It & Legal Basis
- Delivering your training plan — Legal basis: Performance of a contract (GDPR Article 6(1)(b))
- Processing payment via Vipps — Legal basis: Performance of a contract (GDPR Article 6(1)(b))
- Operating and securing the website — Legal basis: Legitimate interest (GDPR Article 6(1)(f))
- Compliance with Norwegian accounting law — Legal basis: Legal obligation (GDPR Article 6(1)(c))
4. Who We Share Your Data With
We only share data with third parties where strictly necessary:
- Vipps MobilePay AS — payment processing. Governed by Vipps' own privacy policy
- Netlify Inc. (USA) — web hosting. Covered by EU-US Data Privacy Framework
- Anthropic PBC (USA) — AI generation of your training plan. Covered by Standard Contractual Clauses (SCCs)
We never sell your data to third parties.
5. How Long We Keep Your Data
- Email & training data: Deleted within 30 days of your blueprint being delivered, unless you hold an active monthly subscription
- Subscription data: Kept while your subscription is active, deleted within 30 days of cancellation
- Accounting records: Kept for 5 years as required by Norwegian bookkeeping law
6. Your Rights Under GDPR
As a data subject you have the right to:
- Access — request a copy of the data we hold about you
- Rectification — have inaccurate data corrected
- Erasure — request deletion of your data ("right to be forgotten")
- Restriction — limit how we process your data in certain circumstances
- Data portability — receive your data in a machine-readable format
- Object — object to processing based on legitimate interest
To exercise any of these rights, email fightersblueprintbusinuess@gmail.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no if you believe we are handling your data unlawfully.
7. Cookies
We use a minimal number of cookies:
- Technically necessary: Netlify sets one session cookie for load balancing. No consent required.
- Local storage: If you enter an API key it is stored locally in your browser only — never transmitted to our servers.
We do not use tracking, analytics, or advertising cookies.
8. International Data Transfers
Some of our service providers (Netlify, Anthropic) are based in the USA. Transfers are safeguarded through the EU-US Data Privacy Framework (Netlify) and Standard Contractual Clauses approved by the European Commission (Anthropic).
9. Security
All data is transmitted over HTTPS/TLS encryption. Access to personal data is limited to what is strictly necessary for service delivery. We conduct regular security reviews of the platform.
10. Changes to This Policy
We may update this policy when the service changes materially. The current version is always available at fightersblueprint.com/privacy. The date at the top of this page reflects the most recent update.