Legal

Privacy & Data Protection

Last updated: 2026-05-10

Who we are

RDX Fitness (sole proprietor: Dixit Panchal) operates this website and the newsletter sent from hello@rdxfitness.in. Under the Digital Personal Data Protection Act, 2023 ("DPDPA") we are the Data Fiduciary for your personal data.

Grievance officer

For any data-related request — access, correction, deletion, withdrawal of consent, or grievance — contact:

Dixit Panchal · fitnessbyrdx@gmail.com

We respond within 30 days as required by DPDPA s.13.

What we collect

  • Newsletter signup: email address, optional first name, source page (e.g. page-pcos), country (derived from IP at signup), consent timestamp.
  • Lead form (free assessment): name, age, weight, height, category, goals, contact number — only the fields you fill in.
  • Free tools (diet / workout plan): the inputs you provide and the email you ask the plan to be sent to.
  • Payments: we do not store your card / UPI / banking credentials. Razorpay processes payments and we receive a payment status + transaction ID.
  • Analytics: aggregated, non-personal usage via Google Analytics 4 (IP truncated; no advertising features enabled).

Why we collect it (purposes)

By signing up to the newsletter you consent to processing for these purposes only:

  1. Education — sending fitness, nutrition, and wellness educational content.
  2. Offers — sending offers for paid coaching programs operated by RDX Fitness.
  3. Segmentation — using your self-declared category (PCOS / Postpartum / Knee Pain / Strength / Professional) to send relevant content.

We do not share your data with third-party advertisers, sell it, or use it to profile you beyond category and basic engagement (opens / clicks).

Where the data lives

  • Email list: self-hosted Listmonk on AWS EC2, Mumbai region (ap-south-1).
  • Email sending: AWS Simple Email Service, Mumbai region (ap-south-1).
  • Lead / payment / blog database: Supabase (Postgres).
  • Static website: AWS S3 + CloudFront (CDN).

All processing happens within India. If this changes, we will update this page before the change takes effect.

Your rights under DPDPA

  • Withdraw consent — click "Unsubscribe" in any email, or email the grievance officer.
  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to correct inaccurate data.
  • Erasure — ask us to delete your data (we keep an unsubscribe suppression list for 12 months to honor your opt-out).
  • Grievance redressal — write to the grievance officer; if unresolved you may approach the Data Protection Board of India.
  • Nominate — designate a person to exercise your rights in case of incapacity (on request).

How long we keep it

  • Active subscribers: until you unsubscribe.
  • Unsubscribed addresses: 12 months on a suppression list (so we don't accidentally email you again).
  • Hard-bounced or complained addresses: 12 months on a blocklist.
  • Server logs: 90 days.
  • Records of data-subject requests: 5 years.

Security

We use HTTPS everywhere, scoped IAM credentials, double-opt-in for newsletter confirmations, and automated suppression of bounced or complained addresses. We do not store payment credentials. If a breach occurs that is likely to cause harm, we notify the Data Protection Board within 72 hours and notify affected subscribers via the email channel they signed up with (DPDPA s.8(6)).

Educational content disclaimer

Everything we publish is educational. It is not medical advice, diagnosis, or treatment. PCOS, postpartum recovery, joint pain, and other conditions require consultation with a qualified healthcare professional. Individual results vary. RDX Fitness does not diagnose, treat, or cure any condition.

Updates

We update this page when our practices change. The "Last updated" date at the top tells you when. Material changes are notified by email to active subscribers.