🔥 12 Monate B42 Boost kostenlos – JETZT SICHERN
B42 Logo

Privacy Policy – B42 Nutrition for Footballers

Last updated on July 16, 2026

This privacy policy applies to the "B42 Nutrition for Footballers" app (iOS and Android). For the B42 training app, the separate B42 App privacy policy applies. For our websites, the privacy policy for B42 websites applies.

1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you use our app. Personal data is any data that can be used to personally identify you. For detailed information, please refer to our full privacy policy below.

Who is responsible for data collection in this app?

Data processing is carried out by the app operator. You can find contact details in section 2.2.

How do we collect your data?

Some of your data is collected when you provide it to us — for example, by entering information during registration or while using the app (body data, nutritional preferences). Other data is collected automatically by our IT systems when you use the app (e.g., device information, time of app launch).

Analysis tools and third-party tools

When using the app, your usage behavior may be statistically analyzed. This only occurs after you have given your express consent upon first launching the app.

2. General information and mandatory disclosures

2.1. Data protection

The operators of this app take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy. Communication between the app and our servers is exclusively encrypted via SSL/TLS.

2.2. Controller

The controller responsible for data processing in this app is:

SFY GmbH
IndustriestraĂźe 15
84149 Velden
Germany
Phone: +49 1590 4864277
Email: info@b-42.com

Represented by the Managing Director, Andreas Gschaider.

2.3. Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You may revoke your consent at any time — either directly in the app settings or by sending an email to info@b-42.com. The legality of the data processing carried out prior to the revocation remains unaffected.

2.4. Right to lodge a complaint with the competent supervisory authority

In the event of violations of data protection law, you have the right to lodge a complaint with the competent supervisory authority. A list of supervisory authorities can be found at: www.bfdi.bund.de.

2.5. Right to data portability

You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format.

2.6. Access, rectification, and erasure

You have the right to receive information about your stored personal data, its origin and recipients, and the purpose of data processing at any time, free of charge, as well as the right to rectification or erasure. Please contact info@b-42.com at any time for this purpose.

2.7. Third-country transfers

Some of the services used in this app are based in the USA. Where we transfer data to the USA, this is done on the basis of the European Commission's adequacy decision for the EU-US Data Privacy Framework (DPF) of July 10, 2023, provided the respective provider is certified under the DPF. Otherwise, we base the transfer on standard contractual clauses in accordance with Art. 46(2)(c) GDPR.

3. Data collection in the app

3.1. Data categories collected

We process the following categories of personal data:

Identity data

First and last name, date of birth, email address, and information transmitted to us via your Meta, Google, or Apple account. We use this data to verify your identity and provide your account. Retention period: for the duration of the contractual relationship and for 3 years after its termination.

Body data

Height and weight. We use this data to better tailor calorie requirement calculations and recipe recommendations to your individual needs. Retention period: for the duration of the contractual relationship. You can update or delete this data at any time in the app settings. The legal basis is Art. 6(1)(b) GDPR (performance of a contract).

Dietary and recipe data

Recipes you have viewed, saved, or rated, as well as your specified dietary preferences. We use this data to generate personalized recipe recommendations. Retention period: for the duration of the contractual relationship, until account deletion. The legal basis is Art. 6(1)(b) GDPR (performance of a contract).

Purchase information

Payment service provider, subscription duration, price, currency, VAT, and the payment ID assigned by the payment service provider (Apple, Google). We do not store credit card information ourselves. Payment data is subject to statutory retention requirements and is stored for 10 years (§§ 146, 147 AO).

Behavioral and profile information

Your usage behavior within the app (e.g., recipes viewed, frequency of use). We use this data to improve our app and provide you with relevant content. Retention period: 12 months, after which it is anonymized. The legal basis is Art. 6(1)(a) GDPR (consent).

Device Information

IP address, date and time of app usage, device identifiers, device type, operating system, and version. This data is required for network security and error diagnostics. Retention period: 30 days.

3.2. Account and Profile Data

Full use of the app requires an account, which can be created via the registration function or by logging in with Meta, Google, or Apple. The email address required for this is stored on our server and used exclusively for login functionality and sending important transactional emails. The legal basis is Art. 6(1)(b) GDPR.

3.3. Marketing Communications

We send marketing-related emails and in-app communications exclusively to users aged 16 and over. The legal basis is Art. 6(1)(a) GDPR (consent). You can withdraw your consent at any time in the app settings or by sending an email to info@b-42.com.

4. Analytics Tools

4.1. PostHog

This app uses PostHog, a product and analytics tool from PostHog Inc. We use the EU cloud version of PostHog; all data is processed and stored exclusively on servers within the European Union (Frankfurt, Germany). No personal data is transferred to third countries.

PostHog allows us to analyze how users interact with the app (e.g., screens viewed, click paths, session duration) and also serves as a tool for error analysis to identify issues in the user flow. Data is processed in a pseudonymized form.

Additionally, we use PostHog Workflows to trigger automated, context-aware in-app notifications based on user behavior. No automated decision-making within the meaning of Art. 22 GDPR takes place.

PostHog is only used after you have given your explicit consent upon the first launch of the app. The legal basis is Art. 6(1)(a) GDPR. You can withdraw your consent at any time in the app settings. The collected usage data is automatically deleted after 12 months.

We have entered into a data processing agreement with PostHog. Further information: posthog.com/privacy.

5. Stability and Troubleshooting

5.1. Firebase / Google Crashlytics

To detect and fix app errors and crashes, we use Firebase Crashlytics, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

In the event of an error, the following data is automatically transmitted: anonymized user ID, device type, operating system and app version, time of the error, error log and stack trace, and geographic location (country only).

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in stable app operation). Data is transferred to the USA based on the EU-US Data Privacy Framework; Google LLC is DPF-certified. Crash data is automatically deleted after 90 days.

We have entered into a data processing agreement with Google. Further information: firebase.google.com/support/privacy.

5.2. Sentry

Additionally, we use Sentry for error tracking and performance monitoring. The provider is Sentry, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA.

In the event of an error, Sentry collects: anonymized user ID, device type, operating system and app version, time and type of error, error log, stack trace, and performance metrics.

The legal basis is Art. 6(1)(f) GDPR. We use Sentry in the EU region; all data is processed exclusively on servers within the EU. No data is transferred to third countries. Error data is deleted after 90 days.

We have entered into a data processing agreement with Sentry. Further information: sentry.io/privacy.

6. Communication

6.1. Mailgun

We use Mailgun, provided by Mailgun Technologies, Inc., 112 E Pecan St #1135, San Antonio, TX 78205, USA, to send transactional emails (e.g., password resets, order confirmations). We use Mailgun in the EU region; all data is processed exclusively on servers within the EU. No data is transferred to third countries. The legal basis is Art. 6(1)(b) GDPR. Email log data is deleted after 30 days.

We have entered into a data processing agreement with Mailgun. Further information: mailgun.com/legal/privacy-policy.

6.2. Push Notifications

With your consent, the app sends push notifications to your device. You will be prompted via the system permission dialog when you first launch the app.

The legal basis is Art. 6(1)(a) GDPR. You can disable push notifications at any time in your device's system settings.

7. Payment

7.1. RevenueCat

We use RevenueCat to manage in-app subscriptions. The provider is RevenueCat, Inc., 633 Tasman Drive, San Jose, CA 95134, USA.

RevenueCat processes data regarding your subscription status, time of purchase, selected plan, and an anonymized user ID. Credit card or account details are not transmitted to RevenueCat; these remain with the respective payment provider (App Store or Google Play).

The legal basis is Art. 6(1)(b) GDPR (performance of a contract). Data transfers to the USA are based on standard contractual clauses in accordance with Art. 46(2)(c) GDPR. Subscription data is stored for the duration of the contractual relationship and for 3 years thereafter.

We have entered into a data processing agreement with RevenueCat. Further information: revenuecat.com/privacy.

8. Third-party login

8.1. Login with Meta (Facebook)

The app offers the option to sign in using your Meta account. The provider is Meta Platforms, Inc., 1 Meta Way, Menlo Park, CA 94025, USA. When using the Meta login, your name and email address are retrieved from Meta with your explicit consent. The legal basis is Art. 6(1)(b) GDPR for account creation and Art. 6(1)(a) GDPR for data transmission to Meta. Data transfers to the USA are based on the EU-US Data Privacy Framework; Meta Platforms is DPF-certified.

Further information: facebook.com/privacy/policy.

8.2. Login with Google

The app offers the option to sign in using your Google account. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When using the Google login, your name and email address are retrieved from Google with your explicit consent. The legal basis is Art. 6(1)(b) GDPR and Art. 6(1)(a) GDPR. Data transfers to the USA are based on the EU-US Data Privacy Framework; Google LLC is DPF-certified.

Further information: policies.google.com/privacy.

8.3. Sign in with Apple

The app offers the option to sign in using your Apple ID. The provider is Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA. Apple optionally offers the ability to share an anonymized relay email address instead of your actual email address. The legal basis is Art. 6(1)(b) GDPR and Art. 6(1)(a) GDPR. Data transfers to the USA are based on the EU-US Data Privacy Framework; Apple Inc. is DPF-certified.

Further information: apple.com/legal/privacy.

9. User rights

9.1. Account deletion

You can delete your account and all associated personal data directly in the app: Profile → Settings → Delete account. Data subject to statutory retention requirements will only be deleted after the respective period has expired.

9.2. Data subject rights

As a data subject, you have the following rights:

The restrictions under Sections 34 and 35 of the German Federal Data Protection Act (BDSG) apply to the right of access and the right to erasure.

9.3. Right to lodge a complaint

You have the right to lodge a complaint with the competent data protection supervisory authority regarding our processing of your personal data.

9.4. Withdrawal of consent

You may withdraw your consent at any time with future effect, either directly in the app settings or by sending an email to info@b-42.com.

9.5. Right to object to direct marketing

In accordance with Art. 21 (2) GDPR, you have the right to object at any time to the processing of your data for the purpose of direct marketing.

9.6. Changes to this privacy policy

We reserve the right to amend this privacy policy at any time in compliance with applicable data protection regulations. The current version is available in the App Store and at b-42.com/datenschutz-ernaehrung-app.

9.7. Contact

SFY GmbH
IndustriestraĂźe 15
84149 Velden
Germany
Email: info@b-42.com

‍

B42 CoachZone Privacy Policy

This privacy policy applies to the B42 CoachZone at teams.b-42.com as well as the teams section within the B42 app. Both access points use the same platform and are subject to the same data protection regulations. For all other functions of the B42 app, the B42 App Privacy Policy applies, and for our other websites, the B42 Websites Privacy Policy applies.

1. General Information

The B42 CoachZone is a web-based platform that enables coaches and clubs to manage teams, create training plans, and monitor the performance development of their athletes. In doing so, personal data of both the coaches and club administrators as well as the athletes being coached are processed.

The data protection situation for CoachZone differs from a classic B2C application: coaches and clubs are responsible for their athletes' data themselves. SFY GmbH provides the technical platform and processes athlete data within this framework as a data processor. This division of roles is explained in detail in Section 2.

2. Responsibilities and Roles

2.1. SFY GmbH as data controller for coach and account data

SFY GmbH is the data controller within the meaning of Art. 4 No. 7 GDPR for the processing of personal data of coaches, club administrators, and other account holders (e.g., during registration, account management, payment processing). This privacy policy informs you about these processing activities.

2.2. Coaches and clubs as data controllers for athlete data

Coaches and clubs that use CoachZone to collect, manage, and analyze athlete data are themselves data controllers within the meaning of the GDPR for these processing activities. They decide which athlete data is collected in CoachZone and are accountable to their athletes regarding information and transparency.

In this context, SFY GmbH processes athlete data exclusively as a data processor in accordance with Art. 28 GDPR — under the instructions of the respective coaches and clubs and solely to provide the platform's functions. A data processing agreement is in place between SFY GmbH and the coaches/clubs.

Athletes who wish to request information about their data or request its deletion should first contact their respective coach or club. SFY GmbH supports the fulfillment of data subject rights upon request from the data controllers.

2.3. Contact

SFY GmbH
IndustriestraĂźe 15
84149 Velden
Germany
Email: info@b-42.com

Represented by Managing Director Andreas Gschaider.

3. Mandatory Information

3.1. Withdrawal of your consent to data processing

Where data processing is based on your consent, you may withdraw it at any time with future effect by sending an email to info@b-42.com. The lawfulness of the data processing carried out prior to the withdrawal remains unaffected.

3.2. Right to lodge a complaint with the competent supervisory authority

In the event of data protection violations, you have the right to lodge a complaint with the competent supervisory authority. The competent authority is the State Data Protection Commissioner of the federal state in which our company is based. A list of supervisory authorities can be found at: www.bfdi.bund.de.

3.3. SSL/TLS encryption

CoachZone uses SSL/TLS encryption for security reasons. You can recognize an encrypted connection by the "https://" in your browser's address bar and the padlock icon.

3.4. Third-country transfers

Where we transfer data to the USA, this is done on the basis of the EU-US Data Privacy Framework (DPF) of July 10, 2023, provided the respective provider is certified under the DPF. The respective legal bases are specified for each individual service. For PostHog and Sentry, no third-country transfer takes place due to the use of the EU region.

4. Data processed

4.1. Account and coach data

An account is required to use CoachZone. When you register and use the platform, we process the following data as the data controller:

The legal basis is Art. 6(1)(b) GDPR (performance of a contract). Account data is stored for the duration of the contractual relationship and for 3 years after its termination.

4.2. Athlete data (processing on behalf of others)

As part of team management, coaches and clubs process their athletes' data via CoachZone. SFY GmbH processes this data exclusively as a data processor (see Section 2.2). This may include:

The respective coaches and clubs are responsible for this data. Storage duration and deletion periods are determined by the requirements of the controllers; SFY GmbH deletes athlete data no later than 30 days after the end of the contractual relationship with the respective coach/club.

4.3. Technical data

When visiting the CoachZone, technical data is automatically saved in server log files (IP address, browser type, operating system, time, pages visited). The legal basis is Art. 6(1)(f) GDPR. This data is automatically deleted after 3 days (Vercel standard).

5. Hosting

5.1. Vercel

The CoachZone (teams.b-42.com) is hosted by Vercel. The provider is Vercel Inc., 340 Pine Street, Suite 603, San Francisco, CA 94104, USA.

Vercel automatically processes technical data (server log files as per section 4.3) when operating the platform. The data is processed on Vercel servers in the USA. The transfer to the USA is based on the EU-US Data Privacy Framework; Vercel is DPF-certified. Server log files are automatically deleted after 3 days.

The legal basis is Art. 6(1)(f) GDPR. We have entered into a data processing agreement with Vercel. Further information: vercel.com/legal/privacy-policy.

6. Analysis and troubleshooting

6.1. PostHog

We use PostHog to analyze platform usage and improve the CoachZone. The provider is PostHog Inc. We use the EU cloud version of PostHog; all data is processed and stored exclusively on servers within the European Union (Frankfurt, Germany). No personal data is transferred to third countries.

PostHog pseudonymously records usage behavior on the platform (e.g., sections visited, click paths, session duration). This data helps us to develop the CoachZone in a targeted manner.

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in improving our platform). Usage data is automatically deleted after 12 months. You can object to the processing at any time by sending an email to info@b-42.com.

We have entered into a data processing agreement with PostHog. Further information: posthog.com/privacy.

6.2. Sentry

We use Sentry to detect and resolve errors and performance issues in the CoachZone. The provider is Sentry, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA. We use Sentry in the EU region; all data is processed and stored exclusively on servers within the European Union. No personal data is transferred to third countries.

In the event of errors, Sentry automatically transmits the following data:

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in stable platform operation). Error data is automatically deleted after 90 days.

We have concluded a data processing agreement with Sentry. Further information: sentry.io/privacy.

7. Payment

7.1. Stripe

We use Stripe to process team subscriptions and license payments. The provider is Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA.

Stripe processes the data required for payment processing, including name, email address, billing address, and payment details (e.g., credit card information). Payment data is encrypted and transmitted directly to Stripe and is not stored on our servers.

The legal basis is Art. 6(1)(b) GDPR (performance of a contract). Transfers to the USA are based on the EU-U.S. Data Privacy Framework; Stripe is DPF-certified. Payment data is subject to statutory retention requirements and is stored for 10 years (§§ 146, 147 AO).

We have concluded a data processing agreement with Stripe. Further information: stripe.com/privacy.

8. User rights

8.1. Rights of coaches and club administrators

As a user of CoachZone (coach, club administrator), you have the following rights against SFY GmbH as the controller:

8.2. Rights of athletes

Athletes whose data is managed by coaches or clubs via the CoachZone may exercise their data subject rights (access, rectification, erasure, etc.) against the respective coach or club, as they are the data controller for this information under the GDPR.

SFY GmbH supports the fulfillment of these rights upon request by the data controller. Alternatively, athletes can contact info@b-42.com directly; we will then forward the request to the responsible party.

8.3. Right to lodge a complaint

You have the right to lodge a complaint with the competent data protection supervisory authority regarding the processing of your personal data.

8.4. Withdrawal of consent

You may withdraw your consent at any time with future effect. To do so, please send an email to info@b-42.com.

8.5. Changes to this privacy policy

We reserve the right to amend this privacy policy at any time in compliance with applicable data protection regulations. The current version is available on this page.

8.6. Contact

If you have any questions regarding data processing in the CoachZone, please contact:

SFY GmbH
IndustriestraĂźe 15
84149 Velden
Germany
Email: info@b-42.com

‍

B42 Logo
© 2026 SFY GmbH
Google Play
App Store
Sprache
Google Play
App Store
Sprache