Last updated on July 16, 2026
This privacy policy applies to the "B42 Nutrition for Footballers" app (iOS and Android). For the B42 training app, the separate B42 App privacy policy applies. For our websites, the privacy policy for B42 websites applies.
The following information provides a simple overview of what happens to your personal data when you use our app. Personal data is any data that can be used to personally identify you. For detailed information, please refer to our full privacy policy below.
Data processing is carried out by the app operator. You can find contact details in section 2.2.
Some of your data is collected when you provide it to us — for example, by entering information during registration or while using the app (body data, nutritional preferences). Other data is collected automatically by our IT systems when you use the app (e.g., device information, time of app launch).
When using the app, your usage behavior may be statistically analyzed. This only occurs after you have given your express consent upon first launching the app.
The operators of this app take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy. Communication between the app and our servers is exclusively encrypted via SSL/TLS.
The controller responsible for data processing in this app is:
SFY GmbH
IndustriestraĂźe 15
84149 Velden
Germany
Phone: +49 1590 4864277
Email: info@b-42.com
Represented by the Managing Director, Andreas Gschaider.
Many data processing operations are only possible with your express consent. You may revoke your consent at any time — either directly in the app settings or by sending an email to info@b-42.com. The legality of the data processing carried out prior to the revocation remains unaffected.
In the event of violations of data protection law, you have the right to lodge a complaint with the competent supervisory authority. A list of supervisory authorities can be found at: www.bfdi.bund.de.
You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format.
You have the right to receive information about your stored personal data, its origin and recipients, and the purpose of data processing at any time, free of charge, as well as the right to rectification or erasure. Please contact info@b-42.com at any time for this purpose.
Some of the services used in this app are based in the USA. Where we transfer data to the USA, this is done on the basis of the European Commission's adequacy decision for the EU-US Data Privacy Framework (DPF) of July 10, 2023, provided the respective provider is certified under the DPF. Otherwise, we base the transfer on standard contractual clauses in accordance with Art. 46(2)(c) GDPR.
We process the following categories of personal data:
First and last name, date of birth, email address, and information transmitted to us via your Meta, Google, or Apple account. We use this data to verify your identity and provide your account. Retention period: for the duration of the contractual relationship and for 3 years after its termination.
Height and weight. We use this data to better tailor calorie requirement calculations and recipe recommendations to your individual needs. Retention period: for the duration of the contractual relationship. You can update or delete this data at any time in the app settings. The legal basis is Art. 6(1)(b) GDPR (performance of a contract).
Recipes you have viewed, saved, or rated, as well as your specified dietary preferences. We use this data to generate personalized recipe recommendations. Retention period: for the duration of the contractual relationship, until account deletion. The legal basis is Art. 6(1)(b) GDPR (performance of a contract).
Payment service provider, subscription duration, price, currency, VAT, and the payment ID assigned by the payment service provider (Apple, Google). We do not store credit card information ourselves. Payment data is subject to statutory retention requirements and is stored for 10 years (§§ 146, 147 AO).
Your usage behavior within the app (e.g., recipes viewed, frequency of use). We use this data to improve our app and provide you with relevant content. Retention period: 12 months, after which it is anonymized. The legal basis is Art. 6(1)(a) GDPR (consent).
IP address, date and time of app usage, device identifiers, device type, operating system, and version. This data is required for network security and error diagnostics. Retention period: 30 days.
Full use of the app requires an account, which can be created via the registration function or by logging in with Meta, Google, or Apple. The email address required for this is stored on our server and used exclusively for login functionality and sending important transactional emails. The legal basis is Art. 6(1)(b) GDPR.
We send marketing-related emails and in-app communications exclusively to users aged 16 and over. The legal basis is Art. 6(1)(a) GDPR (consent). You can withdraw your consent at any time in the app settings or by sending an email to info@b-42.com.
This app uses PostHog, a product and analytics tool from PostHog Inc. We use the EU cloud version of PostHog; all data is processed and stored exclusively on servers within the European Union (Frankfurt, Germany). No personal data is transferred to third countries.
PostHog allows us to analyze how users interact with the app (e.g., screens viewed, click paths, session duration) and also serves as a tool for error analysis to identify issues in the user flow. Data is processed in a pseudonymized form.
Additionally, we use PostHog Workflows to trigger automated, context-aware in-app notifications based on user behavior. No automated decision-making within the meaning of Art. 22 GDPR takes place.
PostHog is only used after you have given your explicit consent upon the first launch of the app. The legal basis is Art. 6(1)(a) GDPR. You can withdraw your consent at any time in the app settings. The collected usage data is automatically deleted after 12 months.
We have entered into a data processing agreement with PostHog. Further information: posthog.com/privacy.
To detect and fix app errors and crashes, we use Firebase Crashlytics, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
In the event of an error, the following data is automatically transmitted: anonymized user ID, device type, operating system and app version, time of the error, error log and stack trace, and geographic location (country only).
The legal basis is Art. 6(1)(f) GDPR (legitimate interest in stable app operation). Data is transferred to the USA based on the EU-US Data Privacy Framework; Google LLC is DPF-certified. Crash data is automatically deleted after 90 days.
We have entered into a data processing agreement with Google. Further information: firebase.google.com/support/privacy.
Additionally, we use Sentry for error tracking and performance monitoring. The provider is Sentry, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA.
In the event of an error, Sentry collects: anonymized user ID, device type, operating system and app version, time and type of error, error log, stack trace, and performance metrics.
The legal basis is Art. 6(1)(f) GDPR. We use Sentry in the EU region; all data is processed exclusively on servers within the EU. No data is transferred to third countries. Error data is deleted after 90 days.
We have entered into a data processing agreement with Sentry. Further information: sentry.io/privacy.
We use Mailgun, provided by Mailgun Technologies, Inc., 112 E Pecan St #1135, San Antonio, TX 78205, USA, to send transactional emails (e.g., password resets, order confirmations). We use Mailgun in the EU region; all data is processed exclusively on servers within the EU. No data is transferred to third countries. The legal basis is Art. 6(1)(b) GDPR. Email log data is deleted after 30 days.
We have entered into a data processing agreement with Mailgun. Further information: mailgun.com/legal/privacy-policy.
With your consent, the app sends push notifications to your device. You will be prompted via the system permission dialog when you first launch the app.
The legal basis is Art. 6(1)(a) GDPR. You can disable push notifications at any time in your device's system settings.
We use RevenueCat to manage in-app subscriptions. The provider is RevenueCat, Inc., 633 Tasman Drive, San Jose, CA 95134, USA.
RevenueCat processes data regarding your subscription status, time of purchase, selected plan, and an anonymized user ID. Credit card or account details are not transmitted to RevenueCat; these remain with the respective payment provider (App Store or Google Play).
The legal basis is Art. 6(1)(b) GDPR (performance of a contract). Data transfers to the USA are based on standard contractual clauses in accordance with Art. 46(2)(c) GDPR. Subscription data is stored for the duration of the contractual relationship and for 3 years thereafter.
We have entered into a data processing agreement with RevenueCat. Further information: revenuecat.com/privacy.
The app offers the option to sign in using your Meta account. The provider is Meta Platforms, Inc., 1 Meta Way, Menlo Park, CA 94025, USA. When using the Meta login, your name and email address are retrieved from Meta with your explicit consent. The legal basis is Art. 6(1)(b) GDPR for account creation and Art. 6(1)(a) GDPR for data transmission to Meta. Data transfers to the USA are based on the EU-US Data Privacy Framework; Meta Platforms is DPF-certified.
Further information: facebook.com/privacy/policy.
The app offers the option to sign in using your Google account. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When using the Google login, your name and email address are retrieved from Google with your explicit consent. The legal basis is Art. 6(1)(b) GDPR and Art. 6(1)(a) GDPR. Data transfers to the USA are based on the EU-US Data Privacy Framework; Google LLC is DPF-certified.
Further information: policies.google.com/privacy.
The app offers the option to sign in using your Apple ID. The provider is Apple Inc., One Apple Park Way, Cupertino, CA 95014, USA. Apple optionally offers the ability to share an anonymized relay email address instead of your actual email address. The legal basis is Art. 6(1)(b) GDPR and Art. 6(1)(a) GDPR. Data transfers to the USA are based on the EU-US Data Privacy Framework; Apple Inc. is DPF-certified.
Further information: apple.com/legal/privacy.
You can delete your account and all associated personal data directly in the app: Profile → Settings → Delete account. Data subject to statutory retention requirements will only be deleted after the respective period has expired.
As a data subject, you have the following rights:
The restrictions under Sections 34 and 35 of the German Federal Data Protection Act (BDSG) apply to the right of access and the right to erasure.
You have the right to lodge a complaint with the competent data protection supervisory authority regarding our processing of your personal data.
You may withdraw your consent at any time with future effect, either directly in the app settings or by sending an email to info@b-42.com.
In accordance with Art. 21 (2) GDPR, you have the right to object at any time to the processing of your data for the purpose of direct marketing.
We reserve the right to amend this privacy policy at any time in compliance with applicable data protection regulations. The current version is available in the App Store and at b-42.com/datenschutz-ernaehrung-app.
SFY GmbH
IndustriestraĂźe 15
84149 Velden
Germany
Email: info@b-42.com
‍
This privacy policy applies to the B42 CoachZone at teams.b-42.com as well as the teams section within the B42 app. Both access points use the same platform and are subject to the same data protection regulations. For all other functions of the B42 app, the B42 App Privacy Policy applies, and for our other websites, the B42 Websites Privacy Policy applies.
The B42 CoachZone is a web-based platform that enables coaches and clubs to manage teams, create training plans, and monitor the performance development of their athletes. In doing so, personal data of both the coaches and club administrators as well as the athletes being coached are processed.
The data protection situation for CoachZone differs from a classic B2C application: coaches and clubs are responsible for their athletes' data themselves. SFY GmbH provides the technical platform and processes athlete data within this framework as a data processor. This division of roles is explained in detail in Section 2.
SFY GmbH is the data controller within the meaning of Art. 4 No. 7 GDPR for the processing of personal data of coaches, club administrators, and other account holders (e.g., during registration, account management, payment processing). This privacy policy informs you about these processing activities.
Coaches and clubs that use CoachZone to collect, manage, and analyze athlete data are themselves data controllers within the meaning of the GDPR for these processing activities. They decide which athlete data is collected in CoachZone and are accountable to their athletes regarding information and transparency.
In this context, SFY GmbH processes athlete data exclusively as a data processor in accordance with Art. 28 GDPR — under the instructions of the respective coaches and clubs and solely to provide the platform's functions. A data processing agreement is in place between SFY GmbH and the coaches/clubs.
Athletes who wish to request information about their data or request its deletion should first contact their respective coach or club. SFY GmbH supports the fulfillment of data subject rights upon request from the data controllers.
SFY GmbH
IndustriestraĂźe 15
84149 Velden
Germany
Email: info@b-42.com
Represented by Managing Director Andreas Gschaider.
Where data processing is based on your consent, you may withdraw it at any time with future effect by sending an email to info@b-42.com. The lawfulness of the data processing carried out prior to the withdrawal remains unaffected.
In the event of data protection violations, you have the right to lodge a complaint with the competent supervisory authority. The competent authority is the State Data Protection Commissioner of the federal state in which our company is based. A list of supervisory authorities can be found at: www.bfdi.bund.de.
CoachZone uses SSL/TLS encryption for security reasons. You can recognize an encrypted connection by the "https://" in your browser's address bar and the padlock icon.
Where we transfer data to the USA, this is done on the basis of the EU-US Data Privacy Framework (DPF) of July 10, 2023, provided the respective provider is certified under the DPF. The respective legal bases are specified for each individual service. For PostHog and Sentry, no third-country transfer takes place due to the use of the EU region.
An account is required to use CoachZone. When you register and use the platform, we process the following data as the data controller:
The legal basis is Art. 6(1)(b) GDPR (performance of a contract). Account data is stored for the duration of the contractual relationship and for 3 years after its termination.
As part of team management, coaches and clubs process their athletes' data via CoachZone. SFY GmbH processes this data exclusively as a data processor (see Section 2.2). This may include:
The respective coaches and clubs are responsible for this data. Storage duration and deletion periods are determined by the requirements of the controllers; SFY GmbH deletes athlete data no later than 30 days after the end of the contractual relationship with the respective coach/club.
When visiting the CoachZone, technical data is automatically saved in server log files (IP address, browser type, operating system, time, pages visited). The legal basis is Art. 6(1)(f) GDPR. This data is automatically deleted after 3 days (Vercel standard).
The CoachZone (teams.b-42.com) is hosted by Vercel. The provider is Vercel Inc., 340 Pine Street, Suite 603, San Francisco, CA 94104, USA.
Vercel automatically processes technical data (server log files as per section 4.3) when operating the platform. The data is processed on Vercel servers in the USA. The transfer to the USA is based on the EU-US Data Privacy Framework; Vercel is DPF-certified. Server log files are automatically deleted after 3 days.
The legal basis is Art. 6(1)(f) GDPR. We have entered into a data processing agreement with Vercel. Further information: vercel.com/legal/privacy-policy.
We use PostHog to analyze platform usage and improve the CoachZone. The provider is PostHog Inc. We use the EU cloud version of PostHog; all data is processed and stored exclusively on servers within the European Union (Frankfurt, Germany). No personal data is transferred to third countries.
PostHog pseudonymously records usage behavior on the platform (e.g., sections visited, click paths, session duration). This data helps us to develop the CoachZone in a targeted manner.
The legal basis is Art. 6(1)(f) GDPR (legitimate interest in improving our platform). Usage data is automatically deleted after 12 months. You can object to the processing at any time by sending an email to info@b-42.com.
We have entered into a data processing agreement with PostHog. Further information: posthog.com/privacy.
We use Sentry to detect and resolve errors and performance issues in the CoachZone. The provider is Sentry, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA. We use Sentry in the EU region; all data is processed and stored exclusively on servers within the European Union. No personal data is transferred to third countries.
In the event of errors, Sentry automatically transmits the following data:
The legal basis is Art. 6(1)(f) GDPR (legitimate interest in stable platform operation). Error data is automatically deleted after 90 days.
We have concluded a data processing agreement with Sentry. Further information: sentry.io/privacy.
We use Stripe to process team subscriptions and license payments. The provider is Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA.
Stripe processes the data required for payment processing, including name, email address, billing address, and payment details (e.g., credit card information). Payment data is encrypted and transmitted directly to Stripe and is not stored on our servers.
The legal basis is Art. 6(1)(b) GDPR (performance of a contract). Transfers to the USA are based on the EU-U.S. Data Privacy Framework; Stripe is DPF-certified. Payment data is subject to statutory retention requirements and is stored for 10 years (§§ 146, 147 AO).
We have concluded a data processing agreement with Stripe. Further information: stripe.com/privacy.
As a user of CoachZone (coach, club administrator), you have the following rights against SFY GmbH as the controller:
Athletes whose data is managed by coaches or clubs via the CoachZone may exercise their data subject rights (access, rectification, erasure, etc.) against the respective coach or club, as they are the data controller for this information under the GDPR.
SFY GmbH supports the fulfillment of these rights upon request by the data controller. Alternatively, athletes can contact info@b-42.com directly; we will then forward the request to the responsible party.
You have the right to lodge a complaint with the competent data protection supervisory authority regarding the processing of your personal data.
You may withdraw your consent at any time with future effect. To do so, please send an email to info@b-42.com.
We reserve the right to amend this privacy policy at any time in compliance with applicable data protection regulations. The current version is available on this page.
If you have any questions regarding data processing in the CoachZone, please contact:
SFY GmbH
IndustriestraĂźe 15
84149 Velden
Germany
Email: info@b-42.com
‍